diff --git a/.travis.yml b/.travis.yml index 725db8b..55c921e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,6 +1,9 @@ language: python python: - - "3.7" - - "3.8" + - "3.10" + - "3.11" + - "3.12" + - "3.13" + - "3.14" install: make setup script: make test \ No newline at end of file diff --git a/parliament/__init__.py b/parliament/__init__.py index ea32a6f..38fa3ab 100644 --- a/parliament/__init__.py +++ b/parliament/__init__.py @@ -10,16 +10,18 @@ import jsoncfg import re -import pkg_resources +from importlib.resources import files import yaml # On initialization, load the IAM data -iam_definition_path = pkg_resources.resource_filename(__name__, "iam_definition.json") -iam_definition = json.load(open(iam_definition_path, "r")) +iam_definition_file = files(__package__).joinpath("iam_definition.json") +with iam_definition_file.open("r") as f: + iam_definition = json.load(f) # And the config data -config_path = pkg_resources.resource_filename(__name__, "config.yaml") -config = yaml.safe_load(open(config_path, "r")) +config_file = files(__package__).joinpath("config.yaml") +with config_file.open("r") as f: + config = yaml.safe_load(f) def override_config(override_config_path): @@ -279,7 +281,16 @@ def expand_action(action, raise_exceptions=True): "Unknown action {}:{}".format(prefix, unexpanded_action) ) - return actions + # Deduplicate actions since some services appear multiple times in iam_definition + seen = set() + deduplicated_actions = [] + for action in actions: + key = (action["service"], action["action"]) + if key not in seen: + seen.add(key) + deduplicated_actions.append(action) + + return deduplicated_actions def get_resource_type_matches_from_arn(arn): diff --git a/parliament/community_auditors/tests/test_advanced_policy_elements.py b/parliament/community_auditors/tests/test_advanced_policy_elements.py index 5072f18..41da834 100644 --- a/parliament/community_auditors/tests/test_advanced_policy_elements.py +++ b/parliament/community_auditors/tests/test_advanced_policy_elements.py @@ -21,7 +21,7 @@ def test_notresource_allow(self): }""" policy = analyze_policy_string(policystr, include_community_auditors=True) - assert_equal(policy.finding_ids, set()) + assert policy.finding_ids == set() # According to AWS documentation, "This statement is very dangerous, # because it allows all actions in AWS on all resources except the @@ -41,7 +41,7 @@ def test_notresource_allow(self): policy = analyze_policy_string(policystr, include_community_auditors=True) - assert_equal(policy.finding_ids, S3_STAR_FINDINGS | {"NOTRESOURCE_WITH_ALLOW"}) + assert policy.finding_ids == S3_STAR_FINDINGS | {"NOTRESOURCE_WITH_ALLOW"} def test_notprincipal_allow(self): # NotPrincipal is OK with Effect: Deny. This explcitly omits these @@ -65,7 +65,7 @@ def test_notprincipal_allow(self): policy = analyze_policy_string(policystr, include_community_auditors=True) - assert_equal(policy.finding_ids, set()) + assert policy.finding_ids == set() # This implicitly allows everyone _except_ Bob to access BUCKETNAME! policystr = """{ @@ -85,4 +85,4 @@ def test_notprincipal_allow(self): policy = analyze_policy_string(policystr, include_community_auditors=True) - assert_equal(policy.finding_ids, S3_STAR_FINDINGS | {"NOTPRINCIPAL_WITH_ALLOW"}) + assert policy.finding_ids == S3_STAR_FINDINGS | {"NOTPRINCIPAL_WITH_ALLOW"} diff --git a/parliament/community_auditors/tests/test_credentials_exposure.py b/parliament/community_auditors/tests/test_credentials_exposure.py index 80a84e8..2d99ad7 100644 --- a/parliament/community_auditors/tests/test_credentials_exposure.py +++ b/parliament/community_auditors/tests/test_credentials_exposure.py @@ -24,13 +24,10 @@ def test_credentials_management(self): example_policy_string, include_community_auditors=True ) - assert_equal( - policy.finding_ids, - set( - [ - "CREDENTIALS_EXPOSURE", - "PERMISSIONS_MANAGEMENT_ACTIONS", - "RESOURCE_STAR", - ] - ), + assert policy.finding_ids == set( + [ + "CREDENTIALS_EXPOSURE", + "PERMISSIONS_MANAGEMENT_ACTIONS", + "RESOURCE_STAR", + ] ) diff --git a/parliament/community_auditors/tests/test_permissions_management.py b/parliament/community_auditors/tests/test_permissions_management.py index 7d34132..5e6c1b7 100644 --- a/parliament/community_auditors/tests/test_permissions_management.py +++ b/parliament/community_auditors/tests/test_permissions_management.py @@ -25,13 +25,10 @@ def test_permissions_management(self): example_policy_string, include_community_auditors=True ) - assert_equal( - policy.finding_ids, - set( - [ - "PERMISSIONS_MANAGEMENT_ACTIONS", - "RESOURCE_POLICY_PRIVILEGE_ESCALATION", - "RESOURCE_STAR", - ] - ), + assert policy.finding_ids == set( + [ + "PERMISSIONS_MANAGEMENT_ACTIONS", + "RESOURCE_POLICY_PRIVILEGE_ESCALATION", + "RESOURCE_STAR", + ] ) diff --git a/parliament/community_auditors/tests/test_privilege_escalation.py b/parliament/community_auditors/tests/test_privilege_escalation.py index cb57ac7..a6eaf70 100644 --- a/parliament/community_auditors/tests/test_privilege_escalation.py +++ b/parliament/community_auditors/tests/test_privilege_escalation.py @@ -23,4 +23,4 @@ def test_privilege_escalation(self): policy = analyze_policy_string( example_policy_string, include_community_auditors=True ) - assert_equal(policy.finding_ids, set(["PRIVILEGE_ESCALATION", "RESOURCE_STAR"])) + assert policy.finding_ids == set(["PRIVILEGE_ESCALATION", "RESOURCE_STAR"]) diff --git a/parliament/community_auditors/tests/test_sensitive_access.py b/parliament/community_auditors/tests/test_sensitive_access.py index 163f53b..362275b 100644 --- a/parliament/community_auditors/tests/test_sensitive_access.py +++ b/parliament/community_auditors/tests/test_sensitive_access.py @@ -34,7 +34,7 @@ def test_sensitive_access(self): policy = analyze_policy_string( example_policy_string, include_community_auditors=True, config=config ) - assert_equal(policy.finding_ids, set(["SENSITIVE_ACCESS"])) + assert policy.finding_ids == set(["SENSITIVE_ACCESS"]) # Ensure nothing triggers when we change the bucket location config = { @@ -45,7 +45,7 @@ def test_sensitive_access(self): policy = analyze_policy_string( example_policy_string, include_community_auditors=True, config=config ) - assert_equal(policy.finding_ids, set([])) + assert policy.finding_ids == set([]) # Ensure we can test multiple actions config = { @@ -65,7 +65,7 @@ def test_sensitive_access(self): policy = analyze_policy_string( example_policy_string, include_community_auditors=True, config=config ) - assert_equal(policy.finding_ids, set(["SENSITIVE_ACCESS"])) + assert policy.finding_ids == set(["SENSITIVE_ACCESS"]) # Ensure multiple actions with none matching works config = { @@ -79,4 +79,4 @@ def test_sensitive_access(self): policy = analyze_policy_string( example_policy_string, include_community_auditors=True, config=config ) - assert_equal(policy.finding_ids, set([])) + assert policy.finding_ids == set([]) diff --git a/parliament/community_auditors/tests/test_single_value_condition_too_permissive.py b/parliament/community_auditors/tests/test_single_value_condition_too_permissive.py index c71d67a..e394c0c 100644 --- a/parliament/community_auditors/tests/test_single_value_condition_too_permissive.py +++ b/parliament/community_auditors/tests/test_single_value_condition_too_permissive.py @@ -4,7 +4,8 @@ class TestSensitiveAccess: """Test class for single value condition too permissive auditor""" - example_policy_string = """ + def test_single_value_condition_too_permissive(self): + example_policy_string = """ { "Version": "2012-10-17", "Statement": [ @@ -25,8 +26,8 @@ class TestSensitiveAccess: } ] } - """ - policy = analyze_policy_string( - example_policy_string, include_community_auditors=True - ) - assert_equal(policy.finding_ids, set(["SINGLE_VALUE_CONDITION_TOO_PERMISSIVE"])) + """ + policy = analyze_policy_string( + example_policy_string, include_community_auditors=True + ) + assert policy.finding_ids == set(["SINGLE_VALUE_CONDITION_TOO_PERMISSIVE"]) diff --git a/parliament/iam_definition.json b/parliament/iam_definition.json index 219409f..022df6e 100644 --- a/parliament/iam_definition.json +++ b/parliament/iam_definition.json @@ -1554,6 +1554,14 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "Analyzer*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -2053,6 +2061,11 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "account" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accountInOrganization" } ] }, @@ -2080,18 +2093,6 @@ } ] }, - { - "access_level": "Read", - "description": "Grants permission to retrieve the challenge questions for an account", - "privilege": "GetChallengeQuestions", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "account" - } - ] - }, { "access_level": "Read", "description": "Grants permission to retrieve the primary contact information for an account", @@ -2164,8 +2165,8 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the alternate contacts for an account", - "privilege": "PutAlternateContact", + "description": "Grants permission to update the name for an account", + "privilege": "PutAccountName", "resource_types": [ { "condition_keys": [], @@ -2176,25 +2177,30 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "accountInOrganization" - }, - { - "condition_keys": [ - "account:AlternateContactTypes" - ], - "dependent_actions": [], - "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to modify the challenge questions for an account", - "privilege": "PutChallengeQuestions", + "description": "Grants permission to modify the alternate contacts for an account", + "privilege": "PutAlternateContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], "resource_type": "account" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accountInOrganization" + }, + { + "condition_keys": [ + "account:AlternateContactTypes" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -2266,6 +2272,11 @@ "description": "Filters access by domainNames in the request. This key can be used to restrict which domains can be in certificate requests", "type": "ArrayOfString" }, + { + "condition": "acm:Export", + "description": "Filters access by the export option in the request. Can be used to restrict creation of certificates that can be exported", + "type": "String" + }, { "condition": "acm:KeyAlgorithm", "description": "Filters access by keyAlgorithm in the request", @@ -2340,13 +2351,20 @@ }, { "access_level": "Read", - "description": "Grants permission to export a private certificate issued by a private certificate authority (CA) for use anywhere", + "description": "Grants permission to export an exportable certificate for use anywhere", "privilege": "ExportCertificate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], "resource_type": "certificate*" + }, + { + "condition_keys": [ + "acm:DomainNames" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -2475,7 +2493,8 @@ "acm:CertificateTransparencyLogging", "acm:ValidationMethod", "acm:KeyAlgorithm", - "acm:CertificateAuthority" + "acm:CertificateAuthority", + "acm:Export" ], "dependent_actions": [], "resource_type": "" @@ -2494,6 +2513,25 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to revoke an exportable certificate", + "privilege": "RevokeCertificate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "certificate*" + }, + { + "condition_keys": [ + "acm:DomainNames" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update a certificate configuration. Use this to specify whether to opt in to or out of certificate transparency logging", @@ -2551,6 +2589,7 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -2819,7 +2858,9 @@ "privilege": "UntagCertificateAuthority", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "certificate-authority*" }, @@ -2856,6 +2897,26 @@ ], "service_name": "AWS Private Certificate Authority" }, + { + "conditions": [], + "prefix": "action-recommendations", + "privileges": [ + { + "access_level": "List", + "description": "Grants permission to list recommended actions in the AWS Management Console", + "privilege": "ListRecommendedActions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + } + ], + "resources": [], + "service_name": "AWS Action Recommendations" + }, { "conditions": [], "prefix": "activate", @@ -3004,8 +3065,13 @@ { "condition_keys": [], "dependent_actions": [ + "cloudwatch:DescribeAlarmHistory", + "cloudwatch:DescribeAlarms", + "cloudwatch:GetInsightRuleReport", + "cloudwatch:GetMetricData", "kms:Decrypt", "kms:GenerateDataKey", + "logs:GetQueryResults", "sts:SetContext" ], "resource_type": "investigation-group*" @@ -3020,7 +3086,8 @@ { "condition_keys": [ "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [ "aiops:TagResource", @@ -3060,6 +3127,22 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a new report in the specified investigation", + "privilege": "CreateReport", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "kms:Decrypt", + "kms:GenerateDataKey", + "sts:SetContext" + ], + "resource_type": "investigation-group*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete an investigation in the specified investigation group", @@ -3100,6 +3183,62 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to generate a report in the specified investigation report", + "privilege": "GenerateReport", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "kms:Decrypt", + "kms:GenerateDataKey", + "sts:SetContext" + ], + "resource_type": "investigation-group*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to run and retrieve ephemeral investigation results", + "privilege": "GetEphemeralInvestigationResults", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a fact in the specified investigation report", + "privilege": "GetFact", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "kms:Decrypt" + ], + "resource_type": "investigation-group*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve all versions of a fact token in the specified investigation report", + "privilege": "GetFactVersions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "kms:Decrypt" + ], + "resource_type": "investigation-group*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve an investigation in the specified investigation group", @@ -3164,6 +3303,34 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a report in the specified investigation", + "privilege": "GetReport", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "kms:Decrypt" + ], + "resource_type": "investigation-group*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all facts in the specified investigation report", + "privilege": "ListFacts", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "kms:Decrypt" + ], + "resource_type": "investigation-group*" + } + ] + }, { "access_level": "List", "description": "Grants permission to list all investigation events in the specified investigation group", @@ -3200,6 +3367,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list all reports in the specified investigation", + "privilege": "ListReports", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "investigation-group*" + } + ] + }, { "access_level": "List", "description": "Grants permission to list the tags for the specified resource", @@ -3212,6 +3391,22 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create or update a new fact in the specified investigation report", + "privilege": "PutFact", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "kms:Decrypt", + "kms:GenerateDataKey", + "sts:SetContext" + ], + "resource_type": "investigation-group*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create/update the investigation group policy attached to an investigation group", @@ -3319,6 +3514,34 @@ "resource_type": "investigation-group*" } ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a report in the specified investigation", + "privilege": "UpdateReport", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "kms:Decrypt", + "kms:GenerateDataKey", + "sts:SetContext" + ], + "resource_type": "investigation-group*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to validate the specified investigation group", + "privilege": "ValidateInvestigationGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "investigation-group*" + } + ] } ], "resources": [ @@ -3602,11 +3825,6 @@ "description": "Grants permission to create a new Amplify App", "privilege": "CreateApp", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "apps*" - }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -3670,14 +3888,6 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "domains*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" } ] }, @@ -5488,7 +5698,9 @@ "privilege": "BatchGetCollection", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aoss:collection" + ], "dependent_actions": [], "resource_type": "" } @@ -5553,6 +5765,7 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -5560,6 +5773,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create an opensearch index", + "privilege": "CreateIndex", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a lifecycle policy", @@ -5567,7 +5792,6 @@ "resource_types": [ { "condition_keys": [ - "aoss:collection", "aoss:index" ], "dependent_actions": [], @@ -5660,6 +5884,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete an opensearch index", + "privilege": "DeleteIndex", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a lifecycle policy", @@ -5667,7 +5903,6 @@ "resource_types": [ { "condition_keys": [ - "aoss:collection", "aoss:index" ], "dependent_actions": [], @@ -5740,6 +5975,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get an opensearch index", + "privilege": "GetIndex", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get statistis about the security policies in your account", @@ -5931,6 +6178,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update an opensearch index", + "privilege": "UpdateIndex", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update a lifecycle policy", @@ -5938,7 +6197,6 @@ "resource_types": [ { "condition_keys": [ - "aoss:collection", "aoss:index" ], "dependent_actions": [], @@ -6033,6 +6291,11 @@ "description": "Filters access by URI of a Lambda authorizer function. Available during CreateAuthorizer and UpdateAuthorizer. Also available during import and reimport as an ArrayOfString", "type": "ArrayOfString" }, + { + "condition": "apigateway:Request/ConditionBasePaths", + "description": "Filters access by base paths defined on the condition of a routing rule. Available during the CreateRoutingRule and UpdateRoutingRule operations", + "type": "ArrayOfString" + }, { "condition": "apigateway:Request/DisableExecuteApiEndpoint", "description": "Filters access by status of the default execute-api endpoint. Available during the CreateApi and UpdateApi operations", @@ -6053,11 +6316,21 @@ "description": "Filters access by version of the truststore used for mutual TLS authentication. Available during the CreateDomainName and UpdateDomainName operations", "type": "String" }, + { + "condition": "apigateway:Request/Priority", + "description": "Filters access by priority of the routing rule. Available during the CreateRoutingRule and UpdateRoutingRule operations", + "type": "Numeric" + }, { "condition": "apigateway:Request/RouteAuthorizationType", "description": "Filters access by authorization type, for example NONE, AWS_IAM, CUSTOM, JWT. Available during the CreateRoute and UpdateRoute operations. Also available as a collection during import", "type": "ArrayOfString" }, + { + "condition": "apigateway:Request/RoutingMode", + "description": "Filters access by routing mode of the domain name. Available during the CreateDomainName and UpdateDomainName operations", + "type": "String" + }, { "condition": "apigateway:Request/SecurityPolicy", "description": "Filters access by TLS version. Available during the CreateDomain and UpdateDomain operations", @@ -6098,6 +6371,11 @@ "description": "Filters access by the URI of the current Lambda authorizer associated with the current API. Available during UpdateAuthorizer and DeleteAuthorizer. Also available as a collection during reimport", "type": "ArrayOfString" }, + { + "condition": "apigateway:Resource/ConditionBasePaths", + "description": "Filters access by base paths defined on the condition of the existing routing rule. Available during the UpdateRoutingRule and DeleteRoutingRule operations", + "type": "ArrayOfString" + }, { "condition": "apigateway:Resource/DisableExecuteApiEndpoint", "description": "Filters access by status of the default execute-api endpoint. Available during the UpdateApi and DeleteApi operations", @@ -6118,11 +6396,21 @@ "description": "Filters access by version of the truststore used for mutual TLS authentication. Available during the UpdateDomainName and DeleteDomainName operations", "type": "String" }, + { + "condition": "apigateway:Resource/Priority", + "description": "Filters access by priority of the existing routing rule. Available during the UpdateRoutingRule and DeleteRoutingRule operations", + "type": "Numeric" + }, { "condition": "apigateway:Resource/RouteAuthorizationType", "description": "Filters access by authorization type of the existing Route resource, for example NONE, AWS_IAM, CUSTOM. Available during the UpdateRoute and DeleteRoute operations. Also available as a collection during reimport", "type": "ArrayOfString" }, + { + "condition": "apigateway:Resource/RoutingMode", + "description": "Filters access by routing mode of the existing domain name. Available during the UpdateDomainName and DeleteDomainName operations", + "type": "String" + }, { "condition": "apigateway:Resource/SecurityPolicy", "description": "Filters access by TLS version. Available during the UpdateDomainName and DeleteDomainName operations", @@ -6146,6 +6434,30 @@ ], "prefix": "apigateway", "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create a routing rule", + "privilege": "CreateRoutingRule", + "resource_types": [ + { + "condition_keys": [ + "apigateway:Request/Priority", + "apigateway:Request/ConditionBasePaths" + ], + "dependent_actions": [], + "resource_type": "RoutingRule*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "apigateway:Request/Priority", + "apigateway:Request/ConditionBasePaths" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a particular resource", @@ -6241,6 +6553,30 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a routing rule", + "privilege": "DeleteRoutingRule", + "resource_types": [ + { + "condition_keys": [ + "apigateway:Resource/Priority", + "apigateway:Resource/ConditionBasePaths" + ], + "dependent_actions": [], + "resource_type": "RoutingRule*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "apigateway:Resource/Priority", + "apigateway:Resource/ConditionBasePaths" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to read a particular resource", @@ -6393,6 +6729,44 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to read a routing rule", + "privilege": "GetRoutingRule", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "RoutingRule*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list routing rules under a domain name", + "privilege": "ListRoutingRules", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "RoutingRule*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update a particular resource", @@ -6562,6 +6936,34 @@ "resource_type": "" } ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a routing rule using the PutRoutingRule API", + "privilege": "UpdateRoutingRule", + "resource_types": [ + { + "condition_keys": [ + "apigateway:Request/Priority", + "apigateway:Request/ConditionBasePaths", + "apigateway:Resource/Priority", + "apigateway:Resource/ConditionBasePaths" + ], + "dependent_actions": [], + "resource_type": "RoutingRule*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "apigateway:Request/Priority", + "apigateway:Request/ConditionBasePaths", + "apigateway:Resource/Priority", + "apigateway:Resource/ConditionBasePaths" + ], + "dependent_actions": [], + "resource_type": "" + } + ] } ], "resources": [ @@ -6774,6 +7176,15 @@ ], "resource": "RouteSettings" }, + { + "arn": "arn:${Partition}:apigateway:${Region}:${Account}:/domainnames/${DomainName}/routingrules/${RoutingRuleId}", + "condition_keys": [ + "apigateway:Resource/ConditionBasePaths", + "apigateway:Resource/Priority", + "aws:ResourceTag/${TagKey}" + ], + "resource": "RoutingRule" + }, { "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/stages/${StageName}", "condition_keys": [ @@ -6848,6 +7259,11 @@ "description": "Filters access by URI of a Lambda authorizer function. Available during CreateAuthorizer and UpdateAuthorizer. Also available during import and reimport as an ArrayOfString", "type": "ArrayOfString" }, + { + "condition": "apigateway:Request/CognitoUserPoolProviderArn", + "description": "Filters access by Cognito user pool provider ARN. Available during CreateAuthorizer and UpdateAuthorizer", + "type": "ARN" + }, { "condition": "apigateway:Request/DisableExecuteApiEndpoint", "description": "Filters access by status of the default execute-api endpoint. Available during the CreateRestApi and DeleteRestApi operations", @@ -6878,6 +7294,11 @@ "description": "Filters access by authorization type, for example NONE, AWS_IAM, CUSTOM, JWT, COGNITO_USER_POOLS. Available during the CreateMethod and PutMethod operations Also available as a collection during import", "type": "ArrayOfString" }, + { + "condition": "apigateway:Request/RoutingMode", + "description": "Filters access by routing mode of the domain name. Available during the CreateDomainName and UpdateDomainName operations", + "type": "String" + }, { "condition": "apigateway:Request/SecurityPolicy", "description": "Filters access by TLS version. Available during the CreateDomain and UpdateDomain operations", @@ -6918,6 +7339,11 @@ "description": "Filters access by URI of a Lambda authorizer function. Available during UpdateAuthorizer and DeleteAuthorizer operations. Also available during reimport as an ArrayOfString", "type": "ArrayOfString" }, + { + "condition": "apigateway:Resource/CognitoUserPoolProviderArn", + "description": "Filters access by Cognito user pool provider ARN. Available during CreateAuthorizer and UpdateAuthorizer", + "type": "ARN" + }, { "condition": "apigateway:Resource/DisableExecuteApiEndpoint", "description": "Filters access by status of the default execute-api endpoint of the current RestApi resource. Available during UpdateRestApi and DeleteRestApi operations", @@ -6943,6 +7369,11 @@ "description": "Filters access by authorization type of the existing Method resource, for example NONE, AWS_IAM, CUSTOM, JWT, COGNITO_USER_POOLS. Available during the PutMethod and DeleteMethod operations. Also available as a collection during reimport", "type": "ArrayOfString" }, + { + "condition": "apigateway:Resource/RoutingMode", + "description": "Filters access by routing mode of the domain name. Available during the UpdateDomainName and DeleteDomainName operations", + "type": "String" + }, { "condition": "apigateway:Resource/SecurityPolicy", "description": "Filters access by TLS version. Available during UpdateDomain and DeleteDomain operations", @@ -7795,8 +8226,10 @@ "condition_keys": [ "apigateway:Request/AuthorizerType", "apigateway:Request/AuthorizerUri", + "apigateway:Request/CognitoUserPoolProviderArn", "apigateway:Resource/AuthorizerType", "apigateway:Resource/AuthorizerUri", + "apigateway:Resource/CognitoUserPoolProviderArn", "aws:ResourceTag/${TagKey}" ], "resource": "Authorizer" @@ -7806,6 +8239,7 @@ "condition_keys": [ "apigateway:Request/AuthorizerType", "apigateway:Request/AuthorizerUri", + "apigateway:Request/CognitoUserPoolProviderArn", "aws:ResourceTag/${TagKey}" ], "resource": "Authorizers" @@ -7891,6 +8325,7 @@ "apigateway:Resource/EndpointType", "apigateway:Resource/MtlsTrustStoreUri", "apigateway:Resource/MtlsTrustStoreVersion", + "apigateway:Resource/RoutingMode", "apigateway:Resource/SecurityPolicy", "aws:ResourceTag/${TagKey}" ], @@ -7903,6 +8338,7 @@ "apigateway:Request/MtlsTrustStoreUri", "apigateway:Request/MtlsTrustStoreVersion", "apigateway:Request/SecurityPolicy", + "apigateway:Resource/RoutingMode", "aws:ResourceTag/${TagKey}" ], "resource": "DomainNames" @@ -8000,6 +8436,7 @@ "condition_keys": [ "apigateway:Request/EndpointType", "apigateway:Resource/EndpointType", + "apigateway:Resource/RoutingMode", "aws:ResourceTag/${TagKey}" ], "resource": "PrivateDomainName" @@ -8276,6 +8713,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a data integration schedule", + "privilege": "CreateDataIntegrationSchedule", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "data-integration*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a new EventIntegration", @@ -8466,6 +8915,30 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get details about a data integration execution", + "privilege": "GetDataIntegrationExecution", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "data-integration*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get details about a data integration schedule", + "privilege": "GetDataIntegrationSchedule", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "data-integration*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to view details about EventIntegrations", @@ -8521,6 +8994,30 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list data integration executions", + "privilege": "ListDataIntegrationExecutions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "data-integration*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list data integration schedules", + "privilege": "ListDataIntegrationSchedules", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "data-integration*" + } + ] + }, { "access_level": "List", "description": "Grants permission to list DataIntegrations", @@ -8596,6 +9093,21 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to start a data integration execution", + "privilege": "StartDataIntegrationExecution", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "profile:CreateSegmentSnapshot", + "profile:CreateSnapshot" + ], + "resource_type": "data-integration*" + } + ] + }, { "access_level": "Tagging", "description": "Grants permission to tag an Amazon AppIntegration resource", @@ -8747,6 +9259,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update a data integration schedule", + "privilege": "UpdateDataIntegrationSchedule", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "data-integration*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to modify an EventIntegration", @@ -11164,86 +11688,6 @@ ], "service_name": "AWS Application Auto Scaling" }, - { - "conditions": [], - "prefix": "application-cost-profiler", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to delete the configuration with specific Application Cost Profiler Report thereby effectively disabling report generation", - "privilege": "DeleteReportDefinition", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to fetch the configuration with specific Application Cost Profiler Report request", - "privilege": "GetReportDefinition", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to import the application usage from S3", - "privilege": "ImportApplicationUsage", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get a list of the different Application Cost Profiler Report configurations they have created", - "privilege": "ListReportDefinitions", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create Application Cost Profiler Report configurations", - "privilege": "PutReportDefinition", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update an existing Application Cost Profiler Report configuration", - "privilege": "UpdateReportDefinition", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - } - ], - "resources": [], - "service_name": "AWS Application Cost Profiler Service" - }, { "conditions": [ { @@ -11276,6 +11720,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to add or remove exclusion windows from Amazon CloudWatch SLOs", + "privilege": "BatchUpdateExclusionWindows", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "slo*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a service level objective", @@ -11291,6 +11747,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a grouping configuration", + "privilege": "DeleteGroupingConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a service level objective", @@ -11327,6 +11795,42 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to share Application Signals resources with a monitoring account", + "privilege": "Link", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list service auditing results", + "privilege": "ListAuditFindings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list grouping attribute configurations", + "privilege": "ListGroupingAttributeDefinitions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list entities associated with other entities", @@ -11363,6 +11867,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list exclusion windows for an Amazon CloudWatch SLO", + "privilege": "ListServiceLevelObjectiveExclusionWindows", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "slo*" + } + ] + }, { "access_level": "List", "description": "Grants permission to list service level objectives", @@ -11387,6 +11903,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list service states", + "privilege": "ListServiceStates", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list services", @@ -11411,6 +11939,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create or update a grouping configuration", + "privilege": "PutGroupingConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to enable CloudWatch discovery", @@ -14893,7 +15433,7 @@ ] }, { - "access_level": "Read", + "access_level": "List", "description": "Grants permission to retrieve the associations that are associated with the specified app block builder or app block", "privilege": "DescribeAppBlockBuilderAppBlockAssociations", "resource_types": [ @@ -14910,31 +15450,31 @@ ] }, { - "access_level": "Read", + "access_level": "List", "description": "Grants permission to retrieve a list that describes one or more specified app block builders, if the app block builder names are provided. Otherwise, all app block builders in the account are described", "privilege": "DescribeAppBlockBuilders", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-block-builder" + "resource_type": "" } ] }, { - "access_level": "Read", + "access_level": "List", "description": "Grants permission to retrieve a list that describes one or more specified app blocks, if the app block arns are provided. Otherwise, all app blocks in the account are described", "privilege": "DescribeAppBlocks", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-block" + "resource_type": "" } ] }, { - "access_level": "Read", + "access_level": "List", "description": "Grants permission to retrieve the associations that are associated with the specified application or fleet", "privilege": "DescribeApplicationFleetAssociations", "resource_types": [ @@ -14951,19 +15491,19 @@ ] }, { - "access_level": "Read", + "access_level": "List", "description": "Grants permission to retrieve a list that describes one or more specified applications, if the application arns are provided. Otherwise, all applications in the account are described", "privilege": "DescribeApplications", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application" + "resource_type": "" } ] }, { - "access_level": "Read", + "access_level": "List", "description": "Grants permission to retrieve a list that describes one or more specified Directory Config objects for AppStream 2.0, if the names for these objects are provided. Otherwise, all Directory Config objects in the account are described. This object includes the configuration information required to join fleets and image builders to Microsoft Active Directory domains", "privilege": "DescribeDirectoryConfigs", "resource_types": [ @@ -14975,7 +15515,7 @@ ] }, { - "access_level": "Read", + "access_level": "List", "description": "Grants permission to retrieve one or all entitlements for the specified stack", "privilege": "DescribeEntitlements", "resource_types": [ @@ -14987,26 +15527,26 @@ ] }, { - "access_level": "Read", + "access_level": "List", "description": "Grants permission to retrieve a list that describes one or more specified fleets, if the fleet names are provided. Otherwise, all fleets in the account are described", "privilege": "DescribeFleets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet" + "resource_type": "" } ] }, { - "access_level": "Read", + "access_level": "List", "description": "Grants permission to retrieve a list that describes one or more specified image builders, if the image builder names are provided. Otherwise, all image builders in the account are described", "privilege": "DescribeImageBuilders", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "image-builder" + "resource_type": "" } ] }, @@ -15023,19 +15563,19 @@ ] }, { - "access_level": "Read", + "access_level": "List", "description": "Grants permission to retrieve a list that describes one or more specified images, if the image names or image ARNs are provided. Otherwise, all images in the account are described", "privilege": "DescribeImages", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "image" + "resource_type": "" } ] }, { - "access_level": "Read", + "access_level": "List", "description": "Grants permission to retrieve a list that describes the streaming sessions for the specified stack and fleet. If a user ID is provided for the stack and fleet, only the streaming sessions for that user are described", "privilege": "DescribeSessions", "resource_types": [ @@ -15052,14 +15592,14 @@ ] }, { - "access_level": "Read", + "access_level": "List", "description": "Grants permission to retrieve a list that describes one or more specified stacks, if the stack names are provided. Otherwise, all stacks in the account are described", "privilege": "DescribeStacks", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "" } ] }, @@ -15076,7 +15616,7 @@ ] }, { - "access_level": "Read", + "access_level": "List", "description": "Grants permission to retrieve a list that describes one or more usage report subscriptions", "privilege": "DescribeUsageReportSubscriptions", "resource_types": [ @@ -15088,7 +15628,7 @@ ] }, { - "access_level": "Read", + "access_level": "List", "description": "Grants permission to retrieve a list that describes the UserStackAssociation objects", "privilege": "DescribeUserStackAssociations", "resource_types": [ @@ -15100,7 +15640,7 @@ ] }, { - "access_level": "Read", + "access_level": "List", "description": "Grants permission to retrieve a list that describes users in the user pool", "privilege": "DescribeUsers", "resource_types": [ @@ -15772,7 +16312,23 @@ ] } ], - "resources": [], + "resources": [ + { + "arn": "arn:${Partition}:appstudio:${Region}:${Account}:instance/${InstanceId}", + "condition_keys": [], + "resource": "instance" + }, + { + "arn": "arn:${Partition}:appstudio:${Region}:${Account}:application/${ApplicationId}", + "condition_keys": [], + "resource": "application" + }, + { + "arn": "arn:${Partition}:appstudio:${Region}:${Account}:connector/${ConnectionId}", + "condition_keys": [], + "resource": "connector" + } + ], "service_name": "AWS App Studio" }, { @@ -15917,7 +16473,11 @@ "privilege": "CreateDomainName", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -16060,6 +16620,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "domain*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -16333,6 +16900,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "domain*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -16531,7 +17105,9 @@ "privilege": "ListDomainNames", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } @@ -16612,6 +17188,11 @@ "dependent_actions": [], "resource_type": "channelNamespace" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain" + }, { "condition_keys": [], "dependent_actions": [], @@ -16675,7 +17256,7 @@ ] }, { - "access_level": "Write", + "access_level": "Permissions management", "description": "Grants permission to set a web ACL", "privilege": "SetWebACL", "resource_types": [ @@ -16754,6 +17335,11 @@ "dependent_actions": [], "resource_type": "channelNamespace" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain" + }, { "condition_keys": [], "dependent_actions": [], @@ -16785,6 +17371,11 @@ "dependent_actions": [], "resource_type": "channelNamespace" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain" + }, { "condition_keys": [], "dependent_actions": [], @@ -16885,6 +17476,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "domain*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -16966,7 +17564,9 @@ }, { "arn": "arn:${Partition}:appsync:${Region}:${Account}:domainnames/${DomainName}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "domain" }, { @@ -17501,6 +18101,26 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create an anomaly detector", + "privilege": "CreateAnomalyDetector", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a logging configuration", @@ -17520,6 +18140,25 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a query logging configuration", + "privilege": "CreateQueryLoggingConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a rule groups namespace", @@ -17625,6 +18264,30 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete an anomaly detector", + "privilege": "DeleteAnomalyDetector", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "anomalydetector*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a logging configuration", @@ -17644,6 +18307,44 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a query logging configuration", + "privilege": "DeleteQueryLoggingConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete workspace resource policy", + "privilege": "DeleteResourcePolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a rule groups namespace", @@ -17682,6 +18383,25 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a scraper logging configuration", + "privilege": "DeleteScraperLoggingConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "scraper*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a workspace", @@ -17720,6 +18440,30 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to describe an anomaly detector", + "privilege": "DescribeAnomalyDetector", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "anomalydetector*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe a logging configuration", @@ -17739,6 +18483,44 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to describe a query logging configuration", + "privilege": "DescribeQueryLoggingConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe workspace resource policy", + "privilege": "DescribeResourcePolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe a rule groups namespace", @@ -17777,6 +18559,25 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to describe a scraper logging configuration", + "privilege": "DescribeScraperLoggingConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "scraper*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe a workspace", @@ -17796,6 +18597,25 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to describe workspace configuration", + "privilege": "DescribeWorkspaceConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get a silence", @@ -17998,6 +18818,25 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list anomaly detectors", + "privilege": "ListAnomalyDetectors", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list rule groups namespaces", @@ -18053,6 +18892,11 @@ "description": "Grants permission to list tags on an AMP resource", "privilege": "ListTagsForResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "anomalydetector" + }, { "condition_keys": [], "dependent_actions": [], @@ -18090,6 +18934,25 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to preview anomaly detection on AMP workspace metrics", + "privilege": "PreviewAnomalyDetector", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update an alert manager definition", @@ -18128,6 +18991,49 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update an anomaly detector", + "privilege": "PutAnomalyDetector", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "anomalydetector*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create and update workspace resource policy", + "privilege": "PutResourcePolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update a rule groups namespace", @@ -18190,6 +19096,11 @@ "description": "Grants permission to tag an AMP resource", "privilege": "TagResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "anomalydetector" + }, { "condition_keys": [], "dependent_actions": [], @@ -18220,6 +19131,11 @@ "description": "Grants permission to untag an AMP resource", "privilege": "UntagResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "anomalydetector" + }, { "condition_keys": [], "dependent_actions": [], @@ -18263,6 +19179,25 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update a query logging configuration", + "privilege": "UpdateQueryLoggingConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update a scraper", @@ -18290,6 +19225,25 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to put a scraper logging configuration", + "privilege": "UpdateScraperLoggingConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "scraper*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to modify the alias of existing AMP workspace", @@ -18308,6 +19262,25 @@ "resource_type": "" } ] + }, + { + "access_level": "Write", + "description": "Grants permission to update workspace configuration", + "privilege": "UpdateWorkspaceConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] } ], "resources": [ @@ -18329,6 +19302,15 @@ ], "resource": "rulegroupsnamespace" }, + { + "arn": "arn:${Partition}:aps:${Region}:${Account}:anomalydetector/${WorkspaceId}/${AnomalyDetectorId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "resource": "anomalydetector" + }, { "arn": "arn:${Partition}:aps:${Region}:${Account}:scraper/${ScraperId}", "condition_keys": [ @@ -18351,43 +19333,61 @@ { "conditions": [ { - "condition": "arc-zonal-shift:ResourceIdentifier", - "description": "Filters access by the resource identifier of the managed resource", + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by tag key-value pairs attached to the resource", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the managed resource", + "description": "Filters access by a tag's key and value in a request", "type": "String" }, { - "condition": "elasticloadbalancing:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the managed resource", - "type": "String" + "condition": "aws:TagKeys", + "description": "Filters access by the presence of tag keys in the request", + "type": "ArrayOfString" } ], - "prefix": "arc-zonal-shift", + "prefix": "arc-region-switch", "privileges": [ { "access_level": "Write", - "description": "Grants permission to cancel an active zonal shift", - "privilege": "CancelZonalShift", + "description": "Grants permission to approve a plan execution step", + "privilege": "ApprovePlanExecutionStep", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ALB*" - }, + "resource_type": "plan*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to cancel a plan execution", + "privilege": "CancelPlanExecution", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "NLB*" + "resource_type": "plan*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a plan", + "privilege": "CreatePlan", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "plan*" }, { "condition_keys": [ - "arc-zonal-shift:ResourceIdentifier", - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -18396,53 +19396,161 @@ }, { "access_level": "Write", - "description": "Grants permission to create a practice run configuration", - "privilege": "CreatePracticeRunConfiguration", + "description": "Grants permission to delete a plan", + "privilege": "DeletePlan", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "cloudwatch:DescribeAlarms", - "iam:CreateServiceLinkedRole" - ], - "resource_type": "ALB*" - }, + "dependent_actions": [], + "resource_type": "plan*" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to delete the RAM access control policy for a plan", + "privilege": "DeleteResourcePolicy", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "NLB*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get information about plans in all AWS Regions using a control plane", + "privilege": "GetPlan", + "resource_types": [ { - "condition_keys": [ - "arc-zonal-shift:ResourceIdentifier", - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], + "condition_keys": [], + "dependent_actions": [], + "resource_type": "plan*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a plan's evaluation status", + "privilege": "GetPlanEvaluationStatus", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "plan*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get plan execution details and setup information", + "privilege": "GetPlanExecution", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "plan*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get information about a plan in a specific AWS Region using the Region switch Regional data plane", + "privilege": "GetPlanInRegion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "plan*" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to get the resource policy of a plan", + "privilege": "GetResourcePolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "plan*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list plan execution events", + "privilege": "ListPlanExecutionEvents", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "plan*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list plan executions", + "privilege": "ListPlanExecutions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "plan*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list plans in all AWS Regions using a control plane", + "privilege": "ListPlans", + "resource_types": [ + { + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a practice run configuration", - "privilege": "DeletePracticeRunConfiguration", + "access_level": "List", + "description": "Grants permission to list plans in a specific AWS Region using the Region switch Regional data plane", + "privilege": "ListPlansInRegion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ALB*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list Route 53 health checks", + "privilege": "ListRoute53HealthChecks", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "NLB*" + "resource_type": "plan*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list tags for a resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "plan*" }, { "condition_keys": [ - "arc-zonal-shift:ResourceIdentifier", - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -18450,9 +19558,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get autoshift observer notification status", - "privilege": "GetAutoshiftObserverNotificationStatus", + "access_level": "Permissions management", + "description": "Grants permission to define the RAM access control policy for a plan", + "privilege": "PutResourcePolicy", "resource_types": [ { "condition_keys": [], @@ -18462,25 +19570,32 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get information about a managed resource", - "privilege": "GetManagedResource", + "access_level": "Write", + "description": "Grants permission to start a plan execution", + "privilege": "StartPlanExecution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ALB*" - }, + "resource_type": "plan*" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to tag a resource", + "privilege": "TagResource", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "NLB*" + "resource_type": "plan*" }, { "condition_keys": [ - "arc-zonal-shift:ResourceIdentifier", + "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -18488,45 +19603,97 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list active and completed autoshifts", - "privilege": "ListAutoshifts", + "access_level": "Tagging", + "description": "Grants permission to remove tags from a resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "plan*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list managed resources", - "privilege": "ListManagedResources", + "access_level": "Write", + "description": "Grants permission to update a plan", + "privilege": "UpdatePlan", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "plan*" } ] }, { - "access_level": "List", - "description": "Grants permission to list zonal shifts", - "privilege": "ListZonalShifts", + "access_level": "Write", + "description": "Grants permission to update a plan execution", + "privilege": "UpdatePlanExecution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "plan*" } ] }, { "access_level": "Write", - "description": "Grants permission to start a zonal shift", - "privilege": "StartZonalShift", + "description": "Grants permission to update a plan execution step", + "privilege": "UpdatePlanExecutionStep", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "plan*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:arc-region-switch:${Region}:${Account}:plan/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "plan" + } + ], + "service_name": "Amazon ARC Region switch" + }, + { + "conditions": [ + { + "condition": "arc-zonal-shift:ResourceIdentifier", + "description": "Filters access by the resource identifier of the managed resource", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the managed resource", + "type": "String" + }, + { + "condition": "elasticloadbalancing:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the managed resource", + "type": "String" + } + ], + "prefix": "arc-zonal-shift", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to cancel an active practice run", + "privilege": "CancelPracticeRun", "resource_types": [ { "condition_keys": [], @@ -18551,20 +19718,34 @@ }, { "access_level": "Write", - "description": "Grants permission to update autoshift observer notification status", - "privilege": "UpdateAutoshiftObserverNotificationStatus", + "description": "Grants permission to cancel an active zonal shift", + "privilege": "CancelZonalShift", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "ALB*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "NLB*" + }, + { + "condition_keys": [ + "arc-zonal-shift:ResourceIdentifier", + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a practice run configuration", - "privilege": "UpdatePracticeRunConfiguration", + "description": "Grants permission to create a practice run configuration", + "privilege": "CreatePracticeRunConfiguration", "resource_types": [ { "condition_keys": [], @@ -18592,8 +19773,8 @@ }, { "access_level": "Write", - "description": "Grants permission to update a zonal autoshift status", - "privilege": "UpdateZonalAutoshiftConfiguration", + "description": "Grants permission to delete a practice run configuration", + "privilege": "DeletePracticeRunConfiguration", "resource_types": [ { "condition_keys": [], @@ -18617,9 +19798,21 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update an existing zonal shift", - "privilege": "UpdateZonalShift", + "access_level": "Read", + "description": "Grants permission to get autoshift observer notification status", + "privilege": "GetAutoshiftObserverNotificationStatus", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get information about a managed resource", + "privilege": "GetManagedResource", "resource_types": [ { "condition_keys": [], @@ -18641,49 +19834,47 @@ "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:elasticloadbalancing:${Region}:${Account}:loadbalancer/app/${LoadBalancerName}/${LoadBalancerId}", - "condition_keys": [ - "arc-zonal-shift:ResourceIdentifier", - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "resource": "ALB" }, { - "arn": "arn:${Partition}:elasticloadbalancing:${Region}:${Account}:loadbalancer/net/${LoadBalancerName}/${LoadBalancerId}", - "condition_keys": [ - "arc-zonal-shift:ResourceIdentifier", - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "resource": "NLB" - } - ], - "service_name": "Amazon Application Recovery Controller - Zonal Shift" - }, - { - "conditions": [ + "access_level": "List", + "description": "Grants permission to list active and completed autoshifts", + "privilege": "ListAutoshifts", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the managed resource", - "type": "String" + "access_level": "List", + "description": "Grants permission to list managed resources", + "privilege": "ListManagedResources", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "elasticloadbalancing:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the managed resource", - "type": "String" - } - ], - "prefix": "arc-zonal-shift", - "privileges": [ + "access_level": "List", + "description": "Grants permission to list zonal shifts", + "privilege": "ListZonalShifts", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", - "description": "Grants permission to cancel an active zonal shift", - "privilege": "CancelZonalShift", + "description": "Grants permission to start a practice run", + "privilege": "StartPracticeRun", "resource_types": [ { "condition_keys": [], @@ -18697,6 +19888,7 @@ }, { "condition_keys": [ + "arc-zonal-shift:ResourceIdentifier", "aws:ResourceTag/${TagKey}", "elasticloadbalancing:ResourceTag/${TagKey}" ], @@ -18706,9 +19898,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get information about a managed resource", - "privilege": "GetManagedResource", + "access_level": "Write", + "description": "Grants permission to start a zonal shift", + "privilege": "StartZonalShift", "resource_types": [ { "condition_keys": [], @@ -18722,6 +19914,7 @@ }, { "condition_keys": [ + "arc-zonal-shift:ResourceIdentifier", "aws:ResourceTag/${TagKey}", "elasticloadbalancing:ResourceTag/${TagKey}" ], @@ -18731,9 +19924,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list managed resources", - "privilege": "ListManagedResources", + "access_level": "Write", + "description": "Grants permission to update autoshift observer notification status", + "privilege": "UpdateAutoshiftObserverNotificationStatus", "resource_types": [ { "condition_keys": [], @@ -18743,25 +19936,44 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list zonal shifts", - "privilege": "ListZonalShifts", + "access_level": "Write", + "description": "Grants permission to update a practice run configuration", + "privilege": "UpdatePracticeRunConfiguration", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "cloudwatch:DescribeAlarms", + "iam:CreateServiceLinkedRole" + ], + "resource_type": "ALB*" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "NLB*" + }, + { + "condition_keys": [ + "arc-zonal-shift:ResourceIdentifier", + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start a zonal shift", - "privilege": "StartZonalShift", + "description": "Grants permission to update a zonal autoshift status", + "privilege": "UpdateZonalAutoshiftConfiguration", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "iam:CreateServiceLinkedRole" + ], "resource_type": "ALB*" }, { @@ -18771,6 +19983,7 @@ }, { "condition_keys": [ + "arc-zonal-shift:ResourceIdentifier", "aws:ResourceTag/${TagKey}", "elasticloadbalancing:ResourceTag/${TagKey}" ], @@ -18796,6 +20009,7 @@ }, { "condition_keys": [ + "arc-zonal-shift:ResourceIdentifier", "aws:ResourceTag/${TagKey}", "elasticloadbalancing:ResourceTag/${TagKey}" ], @@ -18809,6 +20023,7 @@ { "arn": "arn:${Partition}:elasticloadbalancing:${Region}:${Account}:loadbalancer/app/${LoadBalancerName}/${LoadBalancerId}", "condition_keys": [ + "arc-zonal-shift:ResourceIdentifier", "aws:ResourceTag/${TagKey}", "elasticloadbalancing:ResourceTag/${TagKey}" ], @@ -18817,13 +20032,14 @@ { "arn": "arn:${Partition}:elasticloadbalancing:${Region}:${Account}:loadbalancer/net/${LoadBalancerName}/${LoadBalancerId}", "condition_keys": [ + "arc-zonal-shift:ResourceIdentifier", "aws:ResourceTag/${TagKey}", "elasticloadbalancing:ResourceTag/${TagKey}" ], "resource": "NLB" } ], - "service_name": "Amazon Route 53 Application Recovery Controller - Zonal Shift" + "service_name": "Amazon Application Recovery Controller - Zonal Shift" }, { "conditions": [], @@ -18884,35 +20100,6 @@ } ] }, - { - "access_level": "Read", - "description": "Grants permission to download an AWS agreement that has not yet been accepted or a customer agreement that has been accepted by the customer account", - "privilege": "DownloadAgreement", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "agreement" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "customer-agreement" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to download an AWS compliance report package", - "privilege": "Get", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "report-package*" - } - ] - }, { "access_level": "Read", "description": "Grants permission to get the account settings for Artifact", @@ -19059,11 +20246,6 @@ } ], "resources": [ - { - "arn": "arn:${Partition}:artifact:::report-package/*", - "condition_keys": [], - "resource": "report-package" - }, { "arn": "arn:${Partition}:artifact::${Account}:customer-agreement/*", "condition_keys": [], @@ -19076,7 +20258,10 @@ }, { "arn": "arn:${Partition}:artifact:${Region}::report/${ReportId}:${Version}", - "condition_keys": [], + "condition_keys": [ + "artifact:ReportCategory", + "artifact:ReportSeries" + ], "resource": "report" } ], @@ -20203,6 +21388,11 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "assessment*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "assessmentControlSet*" } ] }, @@ -20215,6 +21405,11 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "assessment*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "assessmentControlSet*" } ] }, @@ -20250,7 +21445,8 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -20262,10 +21458,16 @@ "description": "Grants permission to create a framework for use in AWS Audit Manager", "privilege": "CreateAssessmentFramework", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "control*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -20292,7 +21494,8 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -20830,6 +22033,11 @@ "dependent_actions": [], "resource_type": "assessment" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "assessmentFramework" + }, { "condition_keys": [], "dependent_actions": [], @@ -20851,12 +22059,23 @@ "privilege": "UntagResource", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "assessment" }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "assessmentFramework" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "control" }, @@ -20914,6 +22133,11 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "assessmentFramework*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "control*" } ] }, @@ -20925,7 +22149,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "assessmentFramework*" } ] }, @@ -20981,12 +22205,16 @@ "resources": [ { "arn": "arn:${Partition}:auditmanager:${Region}:${Account}:assessment/${AssessmentId}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "assessment" }, { "arn": "arn:${Partition}:auditmanager:${Region}:${Account}:assessmentFramework/${AssessmentFrameworkId}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "assessmentFramework" }, { @@ -21016,6 +22244,11 @@ "description": "Filters access based on the ARN of a Capacity Reservation resource group", "type": "ArrayOfString" }, + { + "condition": "autoscaling:ForceDelete", + "description": "Filters access based on whether the force delete option is specified when deleting an Auto Scaling group", + "type": "Bool" + }, { "condition": "autoscaling:ImageId", "description": "Filters access based on the AMI ID for the launch configuration", @@ -21273,6 +22506,7 @@ }, { "condition_keys": [ + "autoscaling:ImageId", "autoscaling:CapacityReservationIds", "autoscaling:CapacityReservationResourceGroupArns", "autoscaling:InstanceTypes", @@ -21346,6 +22580,7 @@ "resource_types": [ { "condition_keys": [ + "autoscaling:ForceDelete", "autoscaling:ResourceTag/${TagKey}", "aws:ResourceTag/${TagKey}" ], @@ -21884,6 +23119,21 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to launch one or more EC2 instances in the specified Auto Scaling group", + "privilege": "LaunchInstances", + "resource_types": [ + { + "condition_keys": [ + "autoscaling:ResourceTag/${TagKey}", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "autoScalingGroup*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create or update a lifecycle hook for the specified Auto Scaling Group", @@ -22069,6 +23319,13 @@ ], "dependent_actions": [], "resource_type": "autoScalingGroup*" + }, + { + "condition_keys": [ + "autoscaling:ImageId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -22119,6 +23376,7 @@ }, { "condition_keys": [ + "autoscaling:ImageId", "autoscaling:CapacityReservationIds", "autoscaling:CapacityReservationResourceGroupArns", "autoscaling:InstanceTypes", @@ -22300,30 +23558,263 @@ "service_name": "AWS Marketplace Private Marketplace" }, { - "conditions": [], + "conditions": [ + { + "condition": "aws-marketplace:Intent", + "description": "Filters access by the Intent parameter in the StartChangeSet request", + "type": "String" + }, + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + }, + { + "condition": "catalog:ChangeType", + "description": "Filters access by the change type in the StartChangeSet request", + "type": "String" + } + ], "prefix": "aws-marketplace", "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to cancel a running change set", + "privilege": "CancelChangeSet", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ChangeSet*" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to delete the resource policy of an existing entity", + "privilege": "DeleteResourcePolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Entity*" + } + ] + }, { "access_level": "Read", - "description": "Grants permission to view a seller dashboard", - "privilege": "GetSellerDashboard", + "description": "Grants permission to return the details of an existing assessment", + "privilege": "DescribeAssessment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SellerDashboard*" + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return the details of an existing change set", + "privilege": "DescribeChangeSet", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ChangeSet*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return the details of an existing entity", + "privilege": "DescribeEntity", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Entity*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the resource policy of an existing entity", + "privilege": "GetResourcePolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Entity*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list existing assessments", + "privilege": "ListAssessments", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list existing change sets", + "privilege": "ListChangeSets", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list existing entities", + "privilege": "ListEntities", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list tags on an existing entity or a change set", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ChangeSet" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Entity" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to attach a resource policy to an existing entity", + "privilege": "PutResourcePolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Entity*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to request a new change set (Note: resource-level permissions for this action and condition context keys for this action are only supported when used with Catalog API and are not supported when used with AWS Marketplace Management Portal)", + "privilege": "StartChangeSet", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Entity*" + }, + { + "condition_keys": [ + "catalog:ChangeType", + "aws-marketplace:Intent", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to tag an existing entity or a change set", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ChangeSet" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Entity" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to untag an existing entity or a change set", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ChangeSet" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Entity" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] } ], "resources": [ { - "arn": "arn:${Partition}:aws-marketplace::${Account}:${Catalog}/ReportingData/${FactTable}/Dashboard/${DashboardName}", - "condition_keys": [], - "resource": "SellerDashboard" + "arn": "arn:${Partition}:aws-marketplace:${Region}:${Account}:${Catalog}/${EntityType}/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "catalog:ChangeType" + ], + "resource": "Entity" + }, + { + "arn": "arn:${Partition}:aws-marketplace:${Region}:${Account}:${Catalog}/ChangeSet/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "catalog:ChangeType" + ], + "resource": "ChangeSet" } ], - "service_name": "AWS Marketplace Seller Reporting" + "service_name": "AWS Marketplace Catalog" }, { "conditions": [ @@ -22429,6 +23920,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to users to view the entitlements associated with an agreement", + "privilege": "GetAgreementEntitlements", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to users to view the details of their subscription requests for data products that require subscription verification", @@ -22590,179 +24093,39 @@ "service_name": "AWS Marketplace" }, { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by tags that are passed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tags associated with the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by tag keys that are passed in the request", - "type": "ArrayOfString" - } - ], + "conditions": [], "prefix": "aws-marketplace", "privileges": [ { "access_level": "Read", - "description": "Grants permission to list tags for a deployment parameter resource", - "privilege": "ListTagsForResource", + "description": "Grants permission to view a seller dashboard", + "privilege": "GetSellerDashboard", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "DeploymentParameter" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create or update a deployment parameter resource", - "privilege": "PutDeploymentParameter", - "resource_types": [ - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "aws-marketplace:TagResource" - ], - "resource_type": "DeploymentParameter*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to tag a deployment parameter resource", - "privilege": "TagResource", - "resource_types": [ - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "DeploymentParameter*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to untag a deployment parameter resource", - "privilege": "UntagResource", - "resource_types": [ - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "DeploymentParameter*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "SellerDashboard*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:aws-marketplace:${Region}:${Account}:DeploymentParameter:catalogs/${CatalogName}/products/${ProductId}/${ResourceId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" - ], - "resource": "DeploymentParameter" + "arn": "arn:${Partition}:aws-marketplace::${Account}:${Catalog}/ReportingData/${FactTable}/Dashboard/${DashboardName}", + "condition_keys": [], + "resource": "SellerDashboard" } ], - "service_name": "AWS Marketplace Deployment Service" + "service_name": "AWS Marketplace Seller Reporting" }, { - "conditions": [ - { - "condition": "aws-marketplace:Intent", - "description": "Filters access by the Intent parameter in the StartChangeSet request", - "type": "String" - }, - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", - "type": "ArrayOfString" - }, - { - "condition": "catalog:ChangeType", - "description": "Filters access by the change type in the StartChangeSet request", - "type": "String" - } - ], + "conditions": [], "prefix": "aws-marketplace", "privileges": [ { - "access_level": "Write", - "description": "Grants permission to cancel a running change set", - "privilege": "CancelChangeSet", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ChangeSet*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to complete an existing task and submit the content to the associated change", - "privilege": "CompleteTask", + "access_level": "List", + "description": "Grants permission to users to list their private offers", + "privilege": "ListPrivateListings", "resource_types": [ { "condition_keys": [], @@ -22770,23 +24133,19 @@ "resource_type": "" } ] - }, - { - "access_level": "Permissions management", - "description": "Grants permission to delete the resource policy of an existing entity", - "privilege": "DeleteResourcePolicy", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Entity*" - } - ] - }, + } + ], + "resources": [], + "service_name": "AWS Marketplace Discovery" + }, + { + "conditions": [], + "prefix": "aws-marketplace", + "privileges": [ { "access_level": "Read", - "description": "Grants permission to return the details of an existing assessment", - "privilege": "DescribeAssessment", + "description": "Grants permission to describe the Procurement System integration configuration (e.g. Coupa) for the individual account, or for the entire AWS Organization if one exists. This action can only be performed by the master account if using an AWS Organization", + "privilege": "DescribeProcurementSystemConfiguration", "resource_types": [ { "condition_keys": [], @@ -22796,33 +24155,55 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to return the details of an existing change set", - "privilege": "DescribeChangeSet", + "access_level": "Write", + "description": "Grants permission to create or update the Procurement System integration configuration (e.g. Coupa) for the individual account, or for the entire AWS Organization if one exists. This action can only be performed by the master account if using an AWS Organization", + "privilege": "PutProcurementSystemConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ChangeSet*" + "resource_type": "" } ] - }, + } + ], + "resources": [], + "service_name": "AWS Marketplace Procurement Systems Integration" + }, + { + "conditions": [], + "prefix": "aws-marketplace", + "privileges": [ { "access_level": "Read", - "description": "Grants permission to return the details of an existing entity", - "privilege": "DescribeEntity", + "description": "Grants permission to view a dashboard that shows a buyer's AWS Marketplace purchase data", + "privilege": "GetBuyerDashboard", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Entity*" + "resource_type": "Dashboard*" } ] - }, + } + ], + "resources": [ + { + "arn": "arn:${Partition}:aws-marketplace::${Account}:${Catalog}/ReportingData/${FactTable}/Dashboard/${DashboardName}", + "condition_keys": [], + "resource": "Dashboard" + } + ], + "service_name": "AWS Marketplace Reporting" + }, + { + "conditions": [], + "prefix": "aws-marketplace", + "privileges": [ { "access_level": "Read", - "description": "Grants permission to return the details of an existing task", - "privilege": "DescribeTask", + "description": "Describes Image Builds identified by a build Id", + "privilege": "DescribeBuilds", "resource_types": [ { "condition_keys": [], @@ -22833,20 +24214,20 @@ }, { "access_level": "Read", - "description": "Grants permission to get the resource policy of an existing entity", - "privilege": "GetResourcePolicy", + "description": "Lists Image Builds.", + "privilege": "ListBuilds", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Entity*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list existing assessments", - "privilege": "ListAssessments", + "access_level": "Write", + "description": "Starts an Image Build", + "privilege": "StartBuild", "resource_types": [ { "condition_keys": [], @@ -22854,11 +24235,19 @@ "resource_type": "" } ] - }, + } + ], + "resources": [], + "service_name": "AWS Marketplace Image Building Service" + }, + { + "conditions": [], + "prefix": "aws-marketplace", + "privileges": [ { - "access_level": "List", - "description": "Grants permission to list existing change sets", - "privilege": "ListChangeSets", + "access_level": "Read", + "description": "Grants permission to retrieve entitlement values for a given product. The results can be filtered based on customer identifier or product dimensions", + "privilege": "GetEntitlements", "resource_types": [ { "condition_keys": [], @@ -22866,74 +24255,69 @@ "resource_type": "" } ] + } + ], + "resources": [], + "service_name": "AWS Marketplace Entitlement Service" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by tags that are passed in the request", + "type": "String" }, { - "access_level": "List", - "description": "Grants permission to list existing entities", - "privilege": "ListEntities", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tags associated with the resource", + "type": "String" }, + { + "condition": "aws:TagKeys", + "description": "Filters access by tag keys that are passed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "aws-marketplace", + "privileges": [ { "access_level": "Read", - "description": "Grants permission to list tags on an existing entity or a change set", + "description": "Grants permission to list tags for a deployment parameter resource", "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ChangeSet" + "resource_type": "DeploymentParameter" }, { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Entity" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list existing tasks", - "privilege": "ListTasks", - "resource_types": [ - { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } ] }, - { - "access_level": "Permissions management", - "description": "Grants permission to attach a resource policy to an existing entity", - "privilege": "PutResourcePolicy", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Entity*" - } - ] - }, { "access_level": "Write", - "description": "Grants permission to request a new change set (Note: resource-level permissions for this action and condition context keys for this action are only supported when used with Catalog API and are not supported when used with AWS Marketplace Management Portal)", - "privilege": "StartChangeSet", + "description": "Grants permission to create or update a deployment parameter resource", + "privilege": "PutDeploymentParameter", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Entity*" + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "aws-marketplace:TagResource" + ], + "resource_type": "DeploymentParameter*" }, { "condition_keys": [ - "catalog:ChangeType", - "aws-marketplace:Intent", + "aws:ResourceTag/${TagKey}", "aws:RequestTag/${TagKey}", "aws:TagKeys" ], @@ -22944,23 +24328,23 @@ }, { "access_level": "Tagging", - "description": "Grants permission to tag an existing entity or a change set", + "description": "Grants permission to tag a deployment parameter resource", "privilege": "TagResource", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ChangeSet" - }, - { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "Entity" + "resource_type": "DeploymentParameter*" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -22969,86 +24353,40 @@ }, { "access_level": "Tagging", - "description": "Grants permission to untag an existing entity or a change set", + "description": "Grants permission to untag a deployment parameter resource", "privilege": "UntagResource", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ChangeSet" - }, - { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "Entity" + "resource_type": "DeploymentParameter*" }, { "condition_keys": [ + "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" } ] - }, - { - "access_level": "Write", - "description": "Grants permission to update the contents of an existing task", - "privilege": "UpdateTask", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] } ], "resources": [ { - "arn": "arn:${Partition}:aws-marketplace:${Region}:${Account}:${Catalog}/${EntityType}/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "catalog:ChangeType" - ], - "resource": "Entity" - }, - { - "arn": "arn:${Partition}:aws-marketplace:${Region}:${Account}:${Catalog}/ChangeSet/${ResourceId}", + "arn": "arn:${Partition}:aws-marketplace:${Region}:${Account}:DeploymentParameter:catalogs/${CatalogName}/products/${ProductId}/${ResourceId}", "condition_keys": [ + "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", - "catalog:ChangeType" + "aws:TagKeys" ], - "resource": "ChangeSet" - } - ], - "service_name": "AWS Marketplace Catalog" - }, - { - "conditions": [], - "prefix": "aws-marketplace", - "privileges": [ - { - "access_level": "Read", - "description": "Grants permission to view a dashboard that shows a buyer's AWS Marketplace purchase data", - "privilege": "GetBuyerDashboard", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Dashboard*" - } - ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:aws-marketplace::${Account}:${Catalog}/ReportingData/${FactTable}/Dashboard/${DashboardName}", - "condition_keys": [], - "resource": "Dashboard" + "resource": "DeploymentParameter" } ], - "service_name": "AWS Marketplace Reporting" + "service_name": "AWS Marketplace Deployment Service" }, { "conditions": [], @@ -23106,122 +24444,6 @@ "resources": [], "service_name": "AWS Marketplace Metering Service" }, - { - "conditions": [], - "prefix": "aws-marketplace", - "privileges": [ - { - "access_level": "Read", - "description": "Grants permission to describe the Procurement System integration configuration (e.g. Coupa) for the individual account, or for the entire AWS Organization if one exists. This action can only be performed by the master account if using an AWS Organization", - "privilege": "DescribeProcurementSystemConfiguration", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create or update the Procurement System integration configuration (e.g. Coupa) for the individual account, or for the entire AWS Organization if one exists. This action can only be performed by the master account if using an AWS Organization", - "privilege": "PutProcurementSystemConfiguration", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - } - ], - "resources": [], - "service_name": "AWS Marketplace Procurement Systems Integration" - }, - { - "conditions": [], - "prefix": "aws-marketplace", - "privileges": [ - { - "access_level": "Read", - "description": "Describes Image Builds identified by a build Id", - "privilege": "DescribeBuilds", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Lists Image Builds.", - "privilege": "ListBuilds", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Starts an Image Build", - "privilege": "StartBuild", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - } - ], - "resources": [], - "service_name": "AWS Marketplace Image Building Service" - }, - { - "conditions": [], - "prefix": "aws-marketplace", - "privileges": [ - { - "access_level": "List", - "description": "Grants permission to users to list their private offers", - "privilege": "ListPrivateListings", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - } - ], - "resources": [], - "service_name": "AWS Marketplace Discovery" - }, - { - "conditions": [], - "prefix": "aws-marketplace", - "privileges": [ - { - "access_level": "Read", - "description": "Grants permission to retrieve entitlement values for a given product. The results can be filtered based on customer identifier or product dimensions", - "privilege": "GetEntitlements", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - } - ], - "resources": [], - "service_name": "AWS Marketplace Entitlement Service" - }, { "conditions": [], "prefix": "aws-marketplace-management", @@ -24085,7 +25307,7 @@ }, { "condition": "backup:CopyTargets", - "description": "Filters access by the ARN of an backup vault", + "description": "Filters access by the ARN of a backup vault", "type": "ArrayOfARN" }, { @@ -24107,10 +25329,34 @@ "condition": "backup:MinRetentionDays", "description": "Filters access by the value of the MinRetentionDays parameter", "type": "Numeric" + }, + { + "condition": "backup:MpaApprovalTeamArn", + "description": "Filters access by the MPA Approval Team ARN of a backup vault", + "type": "ARN" } ], "prefix": "backup", "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to associate an MPA approval team with a backup vault", + "privilege": "AssociateBackupVaultMpaApprovalTeam", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "backupVault*" + }, + { + "condition_keys": [ + "backup:MpaApprovalTeamArn" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to cancel a legal hold", @@ -24299,6 +25545,26 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a restore access backup vault", + "privilege": "CreateRestoreAccessBackupVault", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "backupVault*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a new restore testing plan", @@ -24609,6 +25875,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to disassociate an MPA approval team from a backup vault", + "privilege": "DisassociateBackupVaultMpaApprovalTeam", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "backupVault*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to disassociate a recovery point from a backup vault", @@ -25065,6 +26343,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list a restore access backup vaults associated with a backup vault", + "privilege": "ListRestoreAccessBackupVaults", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "backupVault*" + } + ] + }, { "access_level": "List", "description": "Grants permission to list restore job summaries", @@ -25236,6 +26526,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to revoke a restore access backup vault", + "privilege": "RevokeRestoreAccessBackupVault", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "backupVault*" + } + ] + }, { "access_level": "Permissions management", "description": "Grants permission to search a recovery point", @@ -25998,21 +27300,21 @@ ], "resources": [ { - "arn": "arn:${Partition}:backup-gateway::${Account}:gateway/${GatewayId}", + "arn": "arn:${Partition}:backup-gateway:${Region}:${Account}:gateway/${GatewayId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], "resource": "gateway" }, { - "arn": "arn:${Partition}:backup-gateway::${Account}:hypervisor/${HypervisorId}", + "arn": "arn:${Partition}:backup-gateway:${Region}:${Account}:hypervisor/${HypervisorId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], "resource": "hypervisor" }, { - "arn": "arn:${Partition}:backup-gateway::${Account}:vm/${VirtualmachineId}", + "arn": "arn:${Partition}:backup-gateway:${Region}:${Account}:vm/${VirtualmachineId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], @@ -26138,6 +27440,7 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -26564,13 +27867,13 @@ }, { "access_level": "Write", - "description": "Grants permission to create an AWS Batch job queue in your account", - "privilege": "CreateJobQueue", + "description": "Grants permission to create an AWS Batch consumable resource in your account", + "privilege": "CreateConsumableResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "compute-environment*" + "resource_type": "consumable-resource*" }, { "condition_keys": [ @@ -26578,12 +27881,42 @@ "aws:TagKeys" ], "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an AWS Batch job queue in your account", + "privilege": "CreateJobQueue", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], "resource_type": "job-queue*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "compute-environment" + }, { "condition_keys": [], "dependent_actions": [], "resource_type": "scheduling-policy" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service-environment" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -26607,6 +27940,28 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create an AWS Batch service environment in your account", + "privilege": "CreateServiceEnvironment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iam:CreateServiceLinkedRole" + ], + "resource_type": "service-environment*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete an AWS Batch compute environment in your account", @@ -26619,6 +27974,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete an AWS Batch consumable resource in your account", + "privilege": "DeleteConsumableResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "consumable-resource*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete an AWS Batch job queue in your account", @@ -26643,6 +28010,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete an AWS Batch service environment in your account", + "privilege": "DeleteServiceEnvironment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service-environment*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to deregister an AWS Batch job definition in your account", @@ -26667,6 +28046,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to describe one or more AWS Batch consumable resource in your account", + "privilege": "DescribeConsumableResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "consumable-resource*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe one or more AWS Batch job definitions in your account", @@ -26715,6 +28106,30 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to describe one or more AWS Batch service environments in your account", + "privilege": "DescribeServiceEnvironments", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe a AWS Batch service job in your account", + "privilege": "DescribeServiceJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get a snapshot of an AWS Batch job queue in your account", @@ -26727,6 +28142,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list AWS Batch consumable resources in your account", + "privilege": "ListConsumableResources", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list jobs for a specified AWS Batch job queue in your account", @@ -26739,6 +28166,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list AWS Batch jobs that require a specific consumable resource in your account", + "privilege": "ListJobsByConsumableResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "consumable-resource*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to list AWS Batch scheduling policies in your account", @@ -26751,6 +28190,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list service jobs for a specified AWS Batch job queue in your account", + "privilege": "ListServiceJobs", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to list tags for an AWS Batch resource in your account", @@ -26761,6 +28212,11 @@ "dependent_actions": [], "resource_type": "compute-environment" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "consumable-resource" + }, { "condition_keys": [], "dependent_actions": [], @@ -26780,6 +28236,16 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "scheduling-policy" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service-environment" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service-job" } ] }, @@ -26789,10 +28255,17 @@ "privilege": "RegisterJobDefinition", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "job-definition*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "consumable-resource" + }, { "condition_keys": [ "batch:User", @@ -26826,9 +28299,7 @@ "condition_keys": [ "batch:ShareIdentifier", "batch:EKSImage", - "batch:EKSNamespace", - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "batch:EKSNamespace" ], "dependent_actions": [], "resource_type": "job*" @@ -26836,12 +28307,57 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job-definition*" + "resource_type": "job-queue*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "consumable-resource" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "job-definition" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "job-definition-revision" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to submit an AWS Batch service job", + "privilege": "SubmitServiceJob", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], "resource_type": "job-queue*" + }, + { + "condition_keys": [ + "batch:ShareIdentifier" + ], + "dependent_actions": [], + "resource_type": "service-job*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -26855,6 +28371,11 @@ "dependent_actions": [], "resource_type": "compute-environment" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "consumable-resource" + }, { "condition_keys": [], "dependent_actions": [], @@ -26875,6 +28396,16 @@ "dependent_actions": [], "resource_type": "scheduling-policy" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service-environment" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service-job" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -26897,6 +28428,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to terminate a service job in an AWS Batch job queue in your account", + "privilege": "TerminateServiceJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service-job*" + } + ] + }, { "access_level": "Tagging", "description": "Grants permission to untag an AWS Batch resource in your account", @@ -26907,6 +28450,11 @@ "dependent_actions": [], "resource_type": "compute-environment" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "consumable-resource" + }, { "condition_keys": [], "dependent_actions": [], @@ -26927,6 +28475,16 @@ "dependent_actions": [], "resource_type": "scheduling-policy" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service-environment" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service-job" + }, { "condition_keys": [ "aws:TagKeys" @@ -26948,6 +28506,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update an AWS Batch consumable resource in your account", + "privilege": "UpdateConsumableResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "consumable-resource*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update an AWS Batch job queue in your account", @@ -26981,6 +28551,18 @@ "resource_type": "scheduling-policy*" } ] + }, + { + "access_level": "Write", + "description": "Grants permission to update an AWS Batch service environment in your account", + "privilege": "UpdateServiceEnvironment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service-environment*" + } + ] } ], "resources": [ @@ -27023,10 +28605,163 @@ "aws:ResourceTag/${TagKey}" ], "resource": "scheduling-policy" + }, + { + "arn": "arn:${Partition}:batch:${Region}:${Account}:service-environment/${ServiceEnvironmentName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "service-environment" + }, + { + "arn": "arn:${Partition}:batch:${Region}:${Account}:service-job/${JobId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "service-job" + }, + { + "arn": "arn:${Partition}:batch:${Region}:${Account}:consumable-resource/${ConsumableResourceName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "consumable-resource" } ], "service_name": "AWS Batch" }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "bcm-dashboards", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create a dashboard", + "privilege": "CreateDashboard", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a dashboard", + "privilege": "DeleteDashboard", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get dashboard information", + "privilege": "GetDashboard", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the resource policy for a dashboard", + "privilege": "GetResourcePolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list information about all of the dashboards for a user", + "privilege": "ListDashboards", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list all of the tags for a resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to create a tag for a resource", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to remove a tag for a resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update an existing dashboard", + "privilege": "UpdateDashboard", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + } + ], + "resources": [], + "service_name": "AWS Billing and Cost Management Dashboards" + }, { "conditions": [ { @@ -27757,6 +29492,26 @@ ], "service_name": "AWS Billing And Cost Management Pricing Calculator" }, + { + "conditions": [], + "prefix": "bcm-recommended-actions", + "privileges": [ + { + "access_level": "List", + "description": "Grants permission to list all recommended actions", + "privilege": "ListRecommendedActions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + } + ], + "resources": [], + "service_name": "AWS Billing And Cost Management Recommended Actions" + }, { "conditions": [ { @@ -27774,11 +29529,26 @@ "description": "Filters access by creating requests based on the presence of mandatory tags in the request", "type": "ArrayOfString" }, + { + "condition": "bedrock:BearerTokenType", + "description": "Filters access by the Short-term or Long-term bearer tokens", + "type": "String" + }, + { + "condition": "bedrock:GuardrailIdentifier", + "description": "Filters access by the GuardrailIdentifier containing the GuardrailArn or the GuardrailArn:NumericVersion", + "type": "ARN" + }, { "condition": "bedrock:InferenceProfileArn", "description": "Filters access by the specified inference profile", "type": "ARN" }, + { + "condition": "bedrock:InlineAgentName", + "description": "Filters access by the Inline Agent Names, this will be used in InvokeInlineAgent API names", + "type": "String" + }, { "condition": "bedrock:PromptRouterArn", "description": "Filters access by the specified prompt router", @@ -27813,6 +29583,11 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "guardrail*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "guardrail-profile" } ] }, @@ -27871,6 +29646,42 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to use bearer token", + "privilege": "CallWithBearerToken", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to cancel a build workflow for an automated reasoning policy", + "privilege": "CancelAutomatedReasoningPolicyBuildWorkflow", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "automated-reasoning-policy*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to count the number of tokens in an input prompt", + "privilege": "CountTokens", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "foundation-model*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a new agent and a test agent alias pointing to the DRAFT agent version", @@ -27926,13 +29737,65 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a new automated reasoning policy", + "privilege": "CreateAutomatedReasoningPolicy", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "bedrock:BearerTokenType" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a test case for an automated reasoning policy", + "privilege": "CreateAutomatedReasoningPolicyTestCase", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "automated-reasoning-policy*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a new automated reasoning policy version", + "privilege": "CreateAutomatedReasoningPolicyVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "automated-reasoning-policy*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "bedrock:BearerTokenType" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a blueprint for custom output from data automation", "privilege": "CreateBlueprint", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -27950,6 +29813,43 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a custom model into Bedrock", + "privilege": "CreateCustomModel", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "bedrock:BearerTokenType" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a custom model deployment for custom model", + "privilege": "CreateCustomModelDeployment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "custom-model*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "bedrock:BearerTokenType" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a data automation project", @@ -27959,6 +29859,14 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "blueprint" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -27984,15 +29892,26 @@ "dependent_actions": [], "resource_type": "custom-model*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "default-prompt-router*" + }, { "condition_keys": [], "dependent_actions": [], "resource_type": "foundation-model*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "prompt-router*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "bedrock:BearerTokenType" ], "dependent_actions": [], "resource_type": "" @@ -28063,10 +29982,26 @@ "description": "Grants permission to create a new guardrail", "privilege": "CreateGuardrail", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "automated-reasoning-policy" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "automated-reasoning-policy-version" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "guardrail-profile" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "bedrock:BearerTokenType" ], "dependent_actions": [], "resource_type": "" @@ -28115,6 +30050,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a new invocation in an existing session", + "privilege": "CreateInvocation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "session*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a knowledge base", @@ -28155,7 +30102,8 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "bedrock:BearerTokenType" ], "dependent_actions": [], "resource_type": "" @@ -28180,7 +30128,8 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "bedrock:BearerTokenType" ], "dependent_actions": [], "resource_type": "" @@ -28205,7 +30154,8 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "bedrock:BearerTokenType" ], "dependent_actions": [], "resource_type": "" @@ -28220,7 +30170,8 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "bedrock:BearerTokenType" ], "dependent_actions": [], "resource_type": "" @@ -28250,7 +30201,8 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "bedrock:BearerTokenType" ], "dependent_actions": [], "resource_type": "" @@ -28272,6 +30224,37 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a custom prompt router", + "privilege": "CreatePromptRouter", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application-inference-profile*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "foundation-model*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "inference-profile*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "bedrock:BearerTokenType" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a version of a prompt", @@ -28307,6 +30290,22 @@ "dependent_actions": [], "resource_type": "foundation-model*" }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "bedrock:BearerTokenType" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a new session", + "privilege": "CreateSession", + "resource_types": [ { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -28377,6 +30376,47 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete an automated reasoning policy or its version", + "privilege": "DeleteAutomatedReasoningPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "automated-reasoning-policy*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "automated-reasoning-policy-version*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a build workflow for an automated reasoning policy", + "privilege": "DeleteAutomatedReasoningPolicyBuildWorkflow", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "automated-reasoning-policy*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a test case for an automated reasoning policy", + "privilege": "DeleteAutomatedReasoningPolicyTestCase", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "automated-reasoning-policy*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a blueprint for data automation", @@ -28401,6 +30441,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a custom model deployment that you created earlier", + "privilege": "DeleteCustomModelDeployment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "custom-model-deployment*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a data automation project", @@ -28586,6 +30638,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a custom prompt router", + "privilege": "DeletePromptRouter", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "prompt-router*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a provisioned model throughput that you created earlier", @@ -28610,6 +30674,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a Session that you created earlier", + "privilege": "DeleteSession", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "session*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to deregister a marketplace model endpoint to make it unusable in Bedrock Marketplace", @@ -28663,6 +30739,35 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to end a Session that you created earlier", + "privilege": "EndSession", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "session*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve an automated reasoning policy version artifact", + "privilege": "ExportAutomatedReasoningPolicyVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "automated-reasoning-policy*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "automated-reasoning-policy-version*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to generate queries associated with user input", @@ -28776,6 +30881,95 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve an automated reasoning policy or its version", + "privilege": "GetAutomatedReasoningPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "automated-reasoning-policy*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "automated-reasoning-policy-version*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve annotations for a build workflow for an automated reasoning policy", + "privilege": "GetAutomatedReasoningPolicyAnnotations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "automated-reasoning-policy*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a build workflow for an automated reasoning policy", + "privilege": "GetAutomatedReasoningPolicyBuildWorkflow", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "automated-reasoning-policy*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve assets for a build workflow for an automated reasoning policy", + "privilege": "GetAutomatedReasoningPolicyBuildWorkflowResultAssets", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "automated-reasoning-policy*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the next unreviewed generated scenario for a build workflow for an automated reasoning policy", + "privilege": "GetAutomatedReasoningPolicyNextScenario", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "automated-reasoning-policy*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a test case for an automated reasoning policy", + "privilege": "GetAutomatedReasoningPolicyTestCase", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "automated-reasoning-policy*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve result for a test case for an automated reasoning policy", + "privilege": "GetAutomatedReasoningPolicyTestResult", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "automated-reasoning-policy*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve an existing blueprint for data automation", @@ -28812,6 +31006,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get the properties associated with a custom model deployment. Use this operation to get the status of a custom model deployment", + "privilege": "GetCustomModelDeployment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "custom-model-deployment*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve an existing data automation project", @@ -28860,6 +31066,28 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the flow definition for a flow execution", + "privilege": "GetExecutionFlowSnapshot", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "flow*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "flow-alias*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "flow-execution*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve an existing prompt flow", @@ -28884,6 +31112,28 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve an existing execution of a flow alias", + "privilege": "GetFlowExecution", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "flow*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "flow-alias*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "flow-execution*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve an existing version of a prompt flow", @@ -28973,6 +31223,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get an invocation step from a session", + "privilege": "GetInvocationStep", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "session*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve an existing knowledge base", @@ -29107,6 +31369,11 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "default-prompt-router*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "prompt-router*" } ] }, @@ -29134,6 +31401,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve an existing session", + "privilege": "GetSession", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "session*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve a use case for model access", @@ -29170,6 +31449,23 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to invoke an Automated Reasoning policy", + "privilege": "InvokeAutomatedReasoningPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "automated-reasoning-policy*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "automated-reasoning-policy-version*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to invoke blueprint recommendations asynchronously", @@ -29178,7 +31474,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "data-automation-profile*" } ] }, @@ -29204,10 +31500,23 @@ "dependent_actions": [], "resource_type": "blueprint*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "data-automation-profile*" + }, { "condition_keys": [], "dependent_actions": [], "resource_type": "data-automation-project*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -29229,7 +31538,9 @@ "privilege": "InvokeInlineAgent", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "bedrock:InlineAgentName" + ], "dependent_actions": [], "resource_type": "" } @@ -29255,6 +31566,11 @@ "dependent_actions": [], "resource_type": "bedrock-marketplace-model-endpoint*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "custom-model-deployment*" + }, { "condition_keys": [], "dependent_actions": [], @@ -29275,6 +31591,11 @@ "dependent_actions": [], "resource_type": "inference-profile*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "prompt-router*" + }, { "condition_keys": [], "dependent_actions": [], @@ -29285,7 +31606,9 @@ "bedrock:InferenceProfileArn", "bedrock:PromptRouterArn", "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "bedrock:GuardrailIdentifier", + "bedrock:BearerTokenType" ], "dependent_actions": [], "resource_type": "" @@ -29307,6 +31630,11 @@ "dependent_actions": [], "resource_type": "bedrock-marketplace-model-endpoint*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "custom-model-deployment*" + }, { "condition_keys": [], "dependent_actions": [], @@ -29327,6 +31655,11 @@ "dependent_actions": [], "resource_type": "inference-profile*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "prompt-router*" + }, { "condition_keys": [], "dependent_actions": [], @@ -29335,13 +31668,27 @@ { "condition_keys": [ "bedrock:InferenceProfileArn", - "bedrock:PromptRouterArn" + "bedrock:PromptRouterArn", + "bedrock:GuardrailIdentifier", + "bedrock:BearerTokenType" ], "dependent_actions": [], "resource_type": "" } ] }, + { + "access_level": "Read", + "description": "Grants permission to invoke the specified Bedrock tool to run inference", + "privilege": "InvokeTool", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "system-tool*" + } + ] + }, { "access_level": "List", "description": "Grants permission to list action groups in an agent", @@ -29426,6 +31773,54 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list automated reasoning policies or its versions", + "privilege": "ListAutomatedReasoningPolicies", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "automated-reasoning-policy" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list build workflows for an automated reasoning policy", + "privilege": "ListAutomatedReasoningPolicyBuildWorkflows", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "automated-reasoning-policy*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list test cases for an automated reasoning policy", + "privilege": "ListAutomatedReasoningPolicyTestCases", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "automated-reasoning-policy*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list test result for an automated reasoning policy", + "privilege": "ListAutomatedReasoningPolicyTestResults", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "automated-reasoning-policy*" + } + ] + }, { "access_level": "List", "description": "Grants permission to list existing blueprints for data automation", @@ -29438,6 +31833,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to get the list of custom model deployments that you have submitted", + "privilege": "ListCustomModelDeployments", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to get a list of Bedrock custom models that you have created", @@ -29498,6 +31905,45 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to retrieve events for a flow execution", + "privilege": "ListFlowExecutionEvents", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "flow*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "flow-alias*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "flow-execution*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list executions of a flow or a flow alias", + "privilege": "ListFlowExecutions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "flow*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "flow-alias" + } + ] + }, { "access_level": "List", "description": "Grants permission to list existing versions of a prompt flow", @@ -29594,6 +32040,30 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to get list of invocation step from a session", + "privilege": "ListInvocationSteps", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "session*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list invocations in a session", + "privilege": "ListInvocations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "session*" + } + ] + }, { "access_level": "List", "description": "Grants permission to list documents in a knowledge base", @@ -29726,6 +32196,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list existing sessions", + "privilege": "ListSessions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to list tags for a Bedrock resource", @@ -29751,11 +32233,41 @@ "dependent_actions": [], "resource_type": "async-invoke*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "automated-reasoning-policy*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "automated-reasoning-policy-version*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "blueprint*" + }, { "condition_keys": [], "dependent_actions": [], "resource_type": "custom-model*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "custom-model-deployment*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "data-automation-invocation-job*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "data-automation-project*" + }, { "condition_keys": [], "dependent_actions": [], @@ -29816,6 +32328,11 @@ "dependent_actions": [], "resource_type": "prompt*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "prompt-router*" + }, { "condition_keys": [], "dependent_actions": [], @@ -29825,6 +32342,11 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "provisioned-model*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "session*" } ] }, @@ -29876,6 +32398,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to put an invocation step into an invocation in session", + "privilege": "PutInvocationStep", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "session*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create an existing Invocation logging configuration", @@ -29985,6 +32519,47 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to start a build workflow for an automated reasoning policy", + "privilege": "StartAutomatedReasoningPolicyBuildWorkflow", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "automated-reasoning-policy*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start a test workflow for an automated reasoning policy", + "privilege": "StartAutomatedReasoningPolicyTestWorkflow", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "automated-reasoning-policy*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start an execution of a flow alias", + "privilege": "StartFlowExecution", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "flow*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "flow-alias*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to start an ingestion job", @@ -30009,6 +32584,28 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to stop an execution of a flow alias", + "privilege": "StopFlowExecution", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "flow*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "flow-alias*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "flow-execution*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to stop an ingestion job", @@ -30070,11 +32667,41 @@ "dependent_actions": [], "resource_type": "async-invoke" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "automated-reasoning-policy" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "automated-reasoning-policy-version" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "blueprint" + }, { "condition_keys": [], "dependent_actions": [], "resource_type": "custom-model" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "custom-model-deployment" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "data-automation-invocation-job" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "data-automation-project" + }, { "condition_keys": [], "dependent_actions": [], @@ -30135,6 +32762,11 @@ "dependent_actions": [], "resource_type": "prompt" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "prompt-router" + }, { "condition_keys": [], "dependent_actions": [], @@ -30145,10 +32777,16 @@ "dependent_actions": [], "resource_type": "provisioned-model" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "session" + }, { "condition_keys": [ "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "bedrock:BearerTokenType" ], "dependent_actions": [], "resource_type": "" @@ -30180,11 +32818,41 @@ "dependent_actions": [], "resource_type": "async-invoke" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "automated-reasoning-policy" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "automated-reasoning-policy-version" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "blueprint" + }, { "condition_keys": [], "dependent_actions": [], "resource_type": "custom-model" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "custom-model-deployment" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "data-automation-invocation-job" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "data-automation-project" + }, { "condition_keys": [], "dependent_actions": [], @@ -30245,6 +32913,11 @@ "dependent_actions": [], "resource_type": "prompt" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "prompt-router" + }, { "condition_keys": [], "dependent_actions": [], @@ -30255,9 +32928,15 @@ "dependent_actions": [], "resource_type": "provisioned-model" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "session" + }, { "condition_keys": [ - "aws:TagKeys" + "aws:TagKeys", + "bedrock:BearerTokenType" ], "dependent_actions": [], "resource_type": "" @@ -30329,6 +33008,42 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update an automated reasoning policy", + "privilege": "UpdateAutomatedReasoningPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "automated-reasoning-policy*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update annotations for a build workflow for an automated reasoning policy", + "privilege": "UpdateAutomatedReasoningPolicyAnnotations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "automated-reasoning-policy*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a test case for automated reasoning policy", + "privilege": "UpdateAutomatedReasoningPolicyTestCase", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "automated-reasoning-policy*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update a blueprint for data automation", @@ -30403,6 +33118,21 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "guardrail*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "automated-reasoning-policy" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "automated-reasoning-policy-version" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "guardrail-profile" } ] }, @@ -30464,6 +33194,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update an existing session", + "privilege": "UpdateSession", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "session*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to validate prompt flow definitions", @@ -30483,6 +33225,11 @@ "condition_keys": [], "resource": "foundation-model" }, + { + "arn": "arn:${Partition}:bedrock::${Account}:system-tool/${ResourceId}", + "condition_keys": [], + "resource": "system-tool" + }, { "arn": "arn:${Partition}:bedrock:${Region}:${Account}:async-invoke/${ResourceId}", "condition_keys": [ @@ -30500,6 +33247,11 @@ "condition_keys": [], "resource": "default-prompt-router" }, + { + "arn": "arn:${Partition}:bedrock:${Region}:${Account}:prompt-router/${ResourceId}", + "condition_keys": [], + "resource": "prompt-router" + }, { "arn": "arn:${Partition}:bedrock:${Region}:${Account}:application-inference-profile/${ResourceId}", "condition_keys": [ @@ -30577,6 +33329,25 @@ ], "resource": "guardrail" }, + { + "arn": "arn:${Partition}:bedrock:${Region}:${Account}:guardrail-profile/${ResourceId}", + "condition_keys": [], + "resource": "guardrail-profile" + }, + { + "arn": "arn:${Partition}:bedrock:${Region}:${Account}:automated-reasoning-policy/${AutomatedReasoningPolicyId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "automated-reasoning-policy" + }, + { + "arn": "arn:${Partition}:bedrock:${Region}:${Account}:automated-reasoning-policy/${AutomatedReasoningPolicyId}:${AutomatedReasoningPolicyVersion}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "automated-reasoning-policy-version" + }, { "arn": "arn:${Partition}:bedrock:${Region}:${Account}:flow/${FlowId}", "condition_keys": [ @@ -30591,6 +33362,11 @@ ], "resource": "flow-alias" }, + { + "arn": "arn:${Partition}:bedrock:${Region}:${Account}:flow/${FlowId}/alias/${FlowAliasId}/execution/${FlowExecutionId}", + "condition_keys": [], + "resource": "flow-execution" + }, { "arn": "arn:${Partition}:bedrock:${Region}:${Account}:model-copy-job/${ResourceId}", "condition_keys": [ @@ -30633,90 +33409,227 @@ }, { "arn": "arn:${Partition}:bedrock:${Region}:${Account}:data-automation-project/${ProjectId}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "data-automation-project" }, { "arn": "arn:${Partition}:bedrock:${Region}:${Account}:blueprint/${BlueprintId}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "blueprint" }, { "arn": "arn:${Partition}:bedrock:${Region}:${Account}:data-automation-invocation/${JobId}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "data-automation-invocation-job" + }, + { + "arn": "arn:${Partition}:bedrock:${Region}:${Account}:data-automation-profile/${ProfileId}", + "condition_keys": [], + "resource": "data-automation-profile" + }, + { + "arn": "arn:${Partition}:bedrock:${Region}:${Account}:session/${SessionId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "session" + }, + { + "arn": "arn:${Partition}:bedrock:${Region}:${Account}:custom-model/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "custom-model-deployment" } ], "service_name": "Amazon Bedrock" }, { - "conditions": [], - "prefix": "billing", + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by creating requests based on the allowed set of values for each of the mandatory tags", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by having actions based on the tag value associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by creating requests based on the presence of mandatory tags in the request", + "type": "ArrayOfString" + }, + { + "condition": "bedrock-agentcore:GatewayAuthorizerType", + "description": "Filters access by the authorizerType attribute on a Gateway", + "type": "String" + }, + { + "condition": "bedrock-agentcore:InboundJwtClaim/aud", + "description": "Filters access by the audience claim (aud) in the JWT passed in the request", + "type": "ArrayOfString" + }, + { + "condition": "bedrock-agentcore:InboundJwtClaim/client_id", + "description": "Filters access by the client_id claim in the JWT passed in the request", + "type": "String" + }, + { + "condition": "bedrock-agentcore:InboundJwtClaim/iss", + "description": "Filters access by the issuer (iss) claim present in the JWT passed in the request", + "type": "String" + }, + { + "condition": "bedrock-agentcore:InboundJwtClaim/scope", + "description": "Filters access by the scope claim in the JWT passed in the request", + "type": "ArrayOfString" + }, + { + "condition": "bedrock-agentcore:InboundJwtClaim/sub", + "description": "Filters access by the subject claim (sub) in the JWT passed in the request", + "type": "String" + }, + { + "condition": "bedrock-agentcore:actorId", + "description": "Filters access by Actor Id", + "type": "String" + }, + { + "condition": "bedrock-agentcore:namespace", + "description": "Filters access by namespace", + "type": "String" + }, + { + "condition": "bedrock-agentcore:sessionId", + "description": "Filters access by Session Id", + "type": "String" + }, + { + "condition": "bedrock-agentcore:strategyId", + "description": "Filters access by Memory Strategy Id", + "type": "String" + }, + { + "condition": "bedrock-agentcore:userid", + "description": "Filters access by the static user ID value passed in the request", + "type": "String" + } + ], + "prefix": "bedrock-agentcore", "privileges": [ { - "access_level": "Read", - "description": "Grants permission to perform queries on billing information", - "privilege": "GetBillingData", + "access_level": "Permissions management", + "description": "Grants permission to configure vended telemetry for a resource", + "privilege": "AllowVendedLogDeliveryForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "memory*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view detailed line item billing information", - "privilege": "GetBillingDetails", + "access_level": "Write", + "description": "Grants permission to create one or more memory records", + "privilege": "BatchCreateMemoryRecords", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "memory*" + }, + { + "condition_keys": [ + "bedrock-agentcore:namespace" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view notifications sent by AWS related to your accounts billing information", - "privilege": "GetBillingNotifications", + "access_level": "Write", + "description": "Grants permission to delete one or more memory records", + "privilege": "BatchDeleteMemoryRecords", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "memory*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view billing preferences such as reserved instance, savings plans and credits sharing", - "privilege": "GetBillingPreferences", + "access_level": "Write", + "description": "Grants permission to update one or more memory records", + "privilege": "BatchUpdateMemoryRecords", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "memory*" + }, + { + "condition_keys": [ + "bedrock-agentcore:namespace" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to view the account's contract information including the contract number, end-user organization names, PO numbers and if the account is used to service public-sector customers", - "privilege": "GetContractInformation", + "description": "Grants permission to retrieve access token with OAuth2 for 3LO flow to access external resource", + "privilege": "CompleteResourceTokenAuth", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "oauth2credentialprovider*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "token-vault*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workload-identity*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workload-identity-directory*" + }, + { + "condition_keys": [ + "bedrock-agentcore:InboundJwtClaim/iss", + "bedrock-agentcore:InboundJwtClaim/sub", + "bedrock-agentcore:InboundJwtClaim/aud", + "bedrock-agentcore:InboundJwtClaim/scope", + "bedrock-agentcore:InboundJwtClaim/client_id", + "bedrock-agentcore:userid" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to view credits that have been redeemed", - "privilege": "GetCredits", + "description": "Grants permission to connect to a browser automation stream", + "privilege": "ConnectBrowserAutomationStream", "resource_types": [ { "condition_keys": [], @@ -30727,8 +33640,8 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve the state of the Allow IAM Access billing preference", - "privilege": "GetIAMAccessPreference", + "description": "Grants permission to connect to a browser live view stream", + "privilege": "ConnectBrowserLiveViewStream", "resource_types": [ { "condition_keys": [], @@ -30738,48 +33651,77 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the account's default Seller of Record", - "privilege": "GetSellerOfRecord", + "access_level": "Write", + "description": "Grants permission to create a new agent runtime", + "privilege": "CreateAgentRuntime", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "iam:PassRole" + ], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get billing information for your proforma billing groups", - "privilege": "ListBillingViews", + "access_level": "Write", + "description": "Grants permission to create a new agent runtime endpoint", + "privilege": "CreateAgentRuntimeEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "runtime*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to set the account's contract information end-user organization names and if the account is used to service public-sector customers", - "privilege": "PutContractInformation", + "description": "Grants permission to create a new API Key Credential Provider", + "privilege": "CreateApiKeyCredentialProvider", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "apikeycredentialprovider*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "token-vault*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to redeem an AWS credit", - "privilege": "RedeemCredits", + "description": "Grants permission to create a new custom browser", + "privilege": "CreateBrowser", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -30787,11 +33729,14 @@ }, { "access_level": "Write", - "description": "Grants permission to update billing preferences such as reserved instance, savings plans and credits sharing", - "privilege": "UpdateBillingPreferences", + "description": "Grants permission to create a new custom code interpreter", + "privilege": "CreateCodeInterpreter", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -30799,73 +33744,89 @@ }, { "access_level": "Write", - "description": "Grants permission to update the Allow IAM Access billing preference", - "privilege": "UpdateIAMAccessPreference", + "description": "Grants permission to create an Event", + "privilege": "CreateEvent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "memory*" + }, + { + "condition_keys": [ + "bedrock-agentcore:sessionId", + "bedrock-agentcore:actorId" + ], + "dependent_actions": [], "resource_type": "" } ] - } - ], - "resources": [], - "service_name": "AWS Billing and Cost Management" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", - "type": "String" }, { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", - "type": "String" + "access_level": "Write", + "description": "Grants permission to create a new gateway", + "privilege": "CreateGateway", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "" + } + ] }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", - "type": "ArrayOfString" - } - ], - "prefix": "billing", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to create a billing view", - "privilege": "CreateBillingView", + "description": "Grants permission to create a new target in an existing gateway", + "privilege": "CreateGatewayTarget", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "billingview*" - }, + "resource_type": "gateway*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a Memory resource", + "privilege": "CreateMemory", + "resource_types": [ { "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys" ], - "dependent_actions": [], + "dependent_actions": [ + "iam:PassRole" + ], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a billing view", - "privilege": "DeleteBillingView", + "description": "Grants permission to create a new Credential Provider to access external resources with OAuth2 protocol", + "privilege": "CreateOauth2CredentialProvider", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "billingview*" + "resource_type": "oauth2credentialprovider*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "token-vault*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -30873,18 +33834,24 @@ ] }, { - "access_level": "Permissions management", - "description": "Grants permission to delete a billing view resource policy", - "privilege": "DeleteResourcePolicy", + "access_level": "Write", + "description": "Grants permission to create a new Workload Identity", + "privilege": "CreateWorkloadIdentity", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "billingview*" + "resource_type": "workload-identity*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workload-identity-directory*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -30892,66 +33859,89 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to perform queries on billing information", - "privilege": "GetBillingData", + "access_level": "Write", + "description": "Grants permission to delete an agent runtime", + "privilege": "DeleteAgentRuntime", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "runtime*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view detailed line item billing information", - "privilege": "GetBillingDetails", + "access_level": "Write", + "description": "Grants permission to delete an agent runtime endpoint", + "privilege": "DeleteAgentRuntimeEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "runtime*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "runtime-endpoint*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view notifications sent by AWS related to your accounts billing information", - "privilege": "GetBillingNotifications", + "access_level": "Write", + "description": "Grants permission to delete a registered API Key Credential Provider", + "privilege": "DeleteApiKeyCredentialProvider", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "apikeycredentialprovider*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "token-vault*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view billing preferences such as reserved instance, savings plans and credits sharing", - "privilege": "GetBillingPreferences", + "access_level": "Write", + "description": "Grants permission to delete a custom browser", + "privilege": "DeleteBrowser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "browser-custom*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the metadata for a specified billing view", - "privilege": "GetBillingView", + "access_level": "Write", + "description": "Grants permission to delete a custom code interpreter", + "privilege": "DeleteCodeInterpreter", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "billingview*" + "resource_type": "code-interpreter-custom*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an Event", + "privilege": "DeleteEvent", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "memory*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "bedrock-agentcore:sessionId", + "bedrock-agentcore:actorId" ], "dependent_actions": [], "resource_type": "" @@ -30959,200 +33949,222 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to view the account's contract information including the contract number, end-user organization names, PO numbers and if the account is used to service public-sector customers", - "privilege": "GetContractInformation", + "access_level": "Write", + "description": "Grants permission to delete an existing gateway", + "privilege": "DeleteGateway", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "gateway*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view credits that have been redeemed", - "privilege": "GetCredits", + "access_level": "Write", + "description": "Grants permission to delete an existing gateway target", + "privilege": "DeleteGatewayTarget", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "gateway*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the state of the Allow IAM Access billing preference", - "privilege": "GetIAMAccessPreference", + "access_level": "Write", + "description": "Grants permission to delete a Memory resource", + "privilege": "DeleteMemory", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "memory*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to get the resource policy specified billing view", - "privilege": "GetResourcePolicy", + "access_level": "Write", + "description": "Grants permission to delete a Memory Record", + "privilege": "DeleteMemoryRecord", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "billingview*" + "resource_type": "memory*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a registered OAuth2 Credential Provider", + "privilege": "DeleteOauth2CredentialProvider", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "oauth2credentialprovider*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "token-vault*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a registered Workload Identity", + "privilege": "DeleteWorkloadIdentity", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workload-identity*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workload-identity-directory*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the account's default Seller of Record", - "privilege": "GetSellerOfRecord", + "description": "Grants permission to retrieve an agent card for A2A", + "privilege": "GetAgentCard", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "runtime*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "runtime-endpoint*" } ] }, { "access_level": "Read", - "description": "Grants permission to get a list of all your available billing views", - "privilege": "ListBillingViews", + "description": "Grants permission to get details of an agent runtime", + "privilege": "GetAgentRuntime", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "runtime*" } ] }, { - "access_level": "List", - "description": "Grants permission to get the list of source views for a specified billing view", - "privilege": "ListSourceViewsForBillingView", + "access_level": "Read", + "description": "Grants permission to get details of an agent runtime endpoint", + "privilege": "GetAgentRuntimeEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "billingview*" + "resource_type": "runtime*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "runtime-endpoint*" } ] }, { "access_level": "Read", - "description": "Grants permission to get the list of tags for a specified billing view", - "privilege": "ListTagsForResource", + "description": "Grants permission to fetch a registered API Key Credential Provider by its name", + "privilege": "GetApiKeyCredentialProvider", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "billingview*" + "resource_type": "apikeycredentialprovider*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "token-vault*" } ] }, { - "access_level": "Write", - "description": "Grants permission to set the account's contract information end-user organization names and if the account is used to service public-sector customers", - "privilege": "PutContractInformation", + "access_level": "Read", + "description": "Grants permission to get details of a browser", + "privilege": "GetBrowser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "browser-custom*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to put a billing view resource policy", - "privilege": "PutResourcePolicy", + "access_level": "Read", + "description": "Grants permission to get details of a browser session", + "privilege": "GetBrowserSession", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "billingview*" + "resource_type": "browser*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "browser-custom*" } ] }, { - "access_level": "Write", - "description": "Grants permission to redeem an AWS credit", - "privilege": "RedeemCredits", + "access_level": "Read", + "description": "Grants permission to get details of a code interpreter", + "privilege": "GetCodeInterpreter", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "code-interpreter-custom*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add tags to a specified billing view", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to get details of a code interpreter session", + "privilege": "GetCodeInterpreterSession", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "billingview*" + "resource_type": "code-interpreter*" }, { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "code-interpreter-custom*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove a tag from a specified billing view", - "privilege": "UntagResource", + "access_level": "Read", + "description": "Grants permission to fetch an Event", + "privilege": "GetEvent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "billingview*" + "resource_type": "memory*" }, { "condition_keys": [ - "aws:TagKeys", - "aws:ResourceTag/${TagKey}" + "bedrock-agentcore:sessionId", + "bedrock-agentcore:actorId" ], "dependent_actions": [], "resource_type": "" @@ -31160,167 +34172,175 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update billing preferences such as reserved instance, savings plans and credits sharing", - "privilege": "UpdateBillingPreferences", + "access_level": "Read", + "description": "Grants permission to retrieve an existing gateway", + "privilege": "GetGateway", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "gateway*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a billing view", - "privilege": "UpdateBillingView", + "access_level": "Read", + "description": "Grants permission to retrieve an existing gateway target", + "privilege": "GetGatewayTarget", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "billingview*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "gateway*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the Allow IAM Access billing preference", - "privilege": "UpdateIAMAccessPreference", + "access_level": "Read", + "description": "Grants permission to fetch details for a Memory resource", + "privilege": "GetMemory", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "memory*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:billing::${Account}:billingview/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "billingview" - } - ], - "service_name": "AWS Billing" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", - "type": "String" }, { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", - "type": "String" + "access_level": "Read", + "description": "Grants permission to fetch a Memory Record", + "privilege": "GetMemoryRecord", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "memory*" + } + ] }, { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", - "type": "ArrayOfString" - } - ], - "prefix": "billingconductor", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to associate between one and 30 accounts to a billing group", - "privilege": "AssociateAccounts", + "access_level": "Read", + "description": "Grants permission to fetch a registered OAuth2 Credential Provider by its name", + "privilege": "GetOauth2CredentialProvider", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "billinggroup*" + "resource_type": "oauth2credentialprovider*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "token-vault*" } ] }, { - "access_level": "Write", - "description": "Grants permission to associate pricing rules", - "privilege": "AssociatePricingRules", + "access_level": "Read", + "description": "Grants permission to retrieve an API Key associated with an Api Key Credential Provider", + "privilege": "GetResourceApiKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pricingplan*" + "resource_type": "apikeycredentialprovider*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "pricingrule*" + "resource_type": "token-vault*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workload-identity*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workload-identity-directory*" } ] }, { - "access_level": "Write", - "description": "Grants permission to batch associate resources to a percentage custom line item", - "privilege": "BatchAssociateResourcesToCustomLineItem", + "access_level": "Read", + "description": "Grants permission to retrieve access token with OAuth2 2LO or 3LO flow to access external resource", + "privilege": "GetResourceOauth2Token", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "customlineitem*" + "resource_type": "oauth2credentialprovider*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "token-vault*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workload-identity*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workload-identity-directory*" } ] }, { - "access_level": "Write", - "description": "Grants permission to batch disassociate resources from a percentage custom line item", - "privilege": "BatchDisassociateResourcesFromCustomLineItem", + "access_level": "Read", + "description": "Grants permission to fetch the current configuration of the TokenVault, including encryption settings", + "privilege": "GetTokenVault", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "customlineitem*" + "resource_type": "token-vault*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a billing group", - "privilege": "CreateBillingGroup", + "description": "Grants permission to retrieve an Workload access token for agentic workloads not acting on behalf of a user", + "privilege": "GetWorkloadAccessToken", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pricingplan*" + "resource_type": "workload-identity*" }, { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "workload-identity-directory*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a custom line item", - "privilege": "CreateCustomLineItem", + "description": "Grants permission to retrieve an Workload access token for agentic workloads acting on behalf of user with JWT token", + "privilege": "GetWorkloadAccessTokenForJWT", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "billinggroup*" + "resource_type": "workload-identity*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workload-identity-directory*" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "bedrock-agentcore:InboundJwtClaim/iss", + "bedrock-agentcore:InboundJwtClaim/sub", + "bedrock-agentcore:InboundJwtClaim/aud", + "bedrock-agentcore:InboundJwtClaim/scope", + "bedrock-agentcore:InboundJwtClaim/client_id" ], "dependent_actions": [], "resource_type": "" @@ -31329,18 +34349,22 @@ }, { "access_level": "Write", - "description": "Grants permission to create a pricing plan", - "privilege": "CreatePricingPlan", + "description": "Grants permission to retrieve an Workload access token for agentic workloads acting on behalf of user with User Id", + "privilege": "GetWorkloadAccessTokenForUserId", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pricingrule*" + "resource_type": "workload-identity*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workload-identity-directory*" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "bedrock-agentcore:userid" ], "dependent_actions": [], "resource_type": "" @@ -31348,113 +34372,125 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a pricing rule", - "privilege": "CreatePricingRule", + "access_level": "Read", + "description": "Grants permission to fetch details for a specific Workload identity, including its name and allowed OAuth2 return URLs", + "privilege": "GetWorkloadIdentity", "resource_types": [ { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "workload-identity*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workload-identity-directory*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a billing group", - "privilege": "DeleteBillingGroup", + "description": "Grants permission to invoke an agent runtime endpoint", + "privilege": "InvokeAgentRuntime", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "billinggroup*" + "resource_type": "runtime*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "runtime-endpoint*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a custom line item", - "privilege": "DeleteCustomLineItem", + "description": "Grants permission to invoke an agent runtime endpoint with X-Amzn-Bedrock-AgentCore-Runtime-User-Id header", + "privilege": "InvokeAgentRuntimeForUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "customlineitem*" + "resource_type": "runtime*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "runtime-endpoint*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a pricing plan", - "privilege": "DeletePricingPlan", + "description": "Grants permission to invoke a code interpreter session", + "privilege": "InvokeCodeInterpreter", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pricingplan*" + "resource_type": "code-interpreter*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "code-interpreter-custom*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a pricing rule", - "privilege": "DeletePricingRule", + "access_level": "Permissions management", + "description": "Grants permission to invoke a gateway", + "privilege": "InvokeGateway", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pricingrule*" + "resource_type": "gateway*" } ] }, { - "access_level": "Write", - "description": "Grants permission to detach between one and 30 accounts from a billing group", - "privilege": "DisassociateAccounts", + "access_level": "List", + "description": "Grants permission to list Actors", + "privilege": "ListActors", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "billinggroup*" + "resource_type": "memory*" } ] }, { - "access_level": "Write", - "description": "Grants permission to disassociate pricing rules", - "privilege": "DisassociatePricingRules", + "access_level": "List", + "description": "Grants permission to list agent runtime endpoints", + "privilege": "ListAgentRuntimeEndpoints", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pricingplan*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "pricingrule*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view the billing group cost report for the specified billing group", - "privilege": "GetBillingGroupCostReport", + "access_level": "List", + "description": "Grants permission to list agent runtime versions", + "privilege": "ListAgentRuntimeVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "billinggroup*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list the linked accounts of the payer account for the given billing period while also providing the billing group the linked accounts belong to", - "privilege": "ListAccountAssociations", + "description": "Grants permission to list agent runtimes", + "privilege": "ListAgentRuntimes", "resource_types": [ { "condition_keys": [], @@ -31465,20 +34501,25 @@ }, { "access_level": "Read", - "description": "Grants permission to view the billing group cost report", - "privilege": "ListBillingGroupCostReports", + "description": "Grants permission to list all API Key Credential Providers in the Token Vault", + "privilege": "ListApiKeyCredentialProviders", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "apikeycredentialprovider*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "token-vault*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view the details of billing groups", - "privilege": "ListBillingGroups", + "access_level": "List", + "description": "Grants permission to list browser sessions", + "privilege": "ListBrowserSessions", "resource_types": [ { "condition_keys": [], @@ -31488,33 +34529,38 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to view custom line item versions", - "privilege": "ListCustomLineItemVersions", + "access_level": "List", + "description": "Grants permission to list browsers", + "privilege": "ListBrowsers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "customlineitem*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view custom line item details", - "privilege": "ListCustomLineItems", + "access_level": "List", + "description": "Grants permission to list code interpreter sessions", + "privilege": "ListCodeInterpreterSessions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "code-interpreter*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "code-interpreter-custom*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view the pricing plans details", - "privilege": "ListPricingPlans", + "access_level": "List", + "description": "Grants permission to list code interpreters", + "privilege": "ListCodeInterpreters", "resource_types": [ { "condition_keys": [], @@ -31525,81 +34571,110 @@ }, { "access_level": "List", - "description": "Grants permission to list pricing plans associated with a pricing rule", - "privilege": "ListPricingPlansAssociatedWithPricingRule", + "description": "Grants permission to list events", + "privilege": "ListEvents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pricingrule*" + "resource_type": "memory*" + }, + { + "condition_keys": [ + "bedrock-agentcore:sessionId", + "bedrock-agentcore:actorId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view pricing rules details", - "privilege": "ListPricingRules", + "access_level": "List", + "description": "Grants permission to list existing gateway targets", + "privilege": "ListGatewayTargets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "gateway*" } ] }, { "access_level": "List", - "description": "Grants permission to list pricing rules associated to a pricing plan", - "privilege": "ListPricingRulesAssociatedToPricingPlan", + "description": "Grants permission to list existing gateways", + "privilege": "ListGateways", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pricingplan*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list resources associated to a percentage custom line item", - "privilege": "ListResourcesAssociatedToCustomLineItem", + "description": "Grants permission to list memory resources", + "privilege": "ListMemories", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "customlineitem*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list tags of a resource", - "privilege": "ListTagsForResource", + "access_level": "List", + "description": "Grants permission to list memory records", + "privilege": "ListMemoryRecords", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "billinggroup" + "resource_type": "memory*" }, + { + "condition_keys": [ + "bedrock-agentcore:namespace", + "bedrock-agentcore:strategyId" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list all OAuth2 Credential Providers in the Token Vault", + "privilege": "ListOauth2CredentialProviders", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "customlineitem" + "resource_type": "oauth2credentialprovider*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "pricingplan" - }, + "resource_type": "token-vault*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list sessions", + "privilege": "ListSessions", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pricingrule" + "resource_type": "memory*" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "bedrock-agentcore:actorId" ], "dependent_actions": [], "resource_type": "" @@ -31607,68 +34682,98 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag a resource", - "privilege": "TagResource", + "access_level": "List", + "description": "Grants permission to list tags for a Bedrock-AgentCore resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "billinggroup" + "resource_type": "apikeycredentialprovider" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "customlineitem" + "resource_type": "browser-custom" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "pricingplan" + "resource_type": "code-interpreter-custom" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "pricingrule" + "resource_type": "gateway" }, { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to untag a resource", - "privilege": "UntagResource", - "resource_types": [ + "resource_type": "memory" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "billinggroup" + "resource_type": "oauth2credentialprovider" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "customlineitem" + "resource_type": "runtime" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "pricingplan" + "resource_type": "runtime-endpoint" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "pricingrule" + "resource_type": "token-vault" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workload-identity" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workload-identity-directory" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list all Workload Identities in the caller's AWS account", + "privilege": "ListWorkloadIdentities", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workload-identity*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workload-identity-directory*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve memory records through sematic query", + "privilege": "RetrieveMemoryRecords", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "memory*" }, { "condition_keys": [ - "aws:TagKeys" + "bedrock-agentcore:namespace", + "bedrock-agentcore:strategyId" ], "dependent_actions": [], "resource_type": "" @@ -31676,163 +34781,178 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update a billing group", - "privilege": "UpdateBillingGroup", + "access_level": "Read", + "description": "Grants permission to associate a Customer Managed Key (CMK) or a Service Managed Key with a specific TokenVault", + "privilege": "SetTokenVaultCMK", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "billinggroup*" + "resource_type": "token-vault*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a custom line item", - "privilege": "UpdateCustomLineItem", + "description": "Grants permission to starts a new browser session", + "privilege": "StartBrowserSession", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "customlineitem*" + "resource_type": "browser*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "browser-custom*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a pricing plan", - "privilege": "UpdatePricingPlan", + "description": "Grants permission to start a new code interpreter session", + "privilege": "StartCodeInterpreterSession", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pricingplan*" + "resource_type": "code-interpreter*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "code-interpreter-custom*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a pricing rule", - "privilege": "UpdatePricingRule", + "description": "Grants permission to stop a browser session", + "privilege": "StopBrowserSession", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pricingrule*" + "resource_type": "browser*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "browser-custom*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:billingconductor::${Account}:billinggroup/${BillingGroupId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "billinggroup" - }, - { - "arn": "arn:${Partition}:billingconductor::${Account}:pricingplan/${PricingPlanId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "pricingplan" }, { - "arn": "arn:${Partition}:billingconductor::${Account}:pricingrule/${PricingRuleId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "pricingrule" + "access_level": "Write", + "description": "Grants permission to stop a code interpreter session", + "privilege": "StopCodeInterpreterSession", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "code-interpreter*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "code-interpreter-custom*" + } + ] }, - { - "arn": "arn:${Partition}:billingconductor::${Account}:customlineitem/${CustomLineItemId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "customlineitem" - } - ], - "service_name": "AWS Billing Conductor" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tag key-value pairs attached to the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the presence of tag keys in the request", - "type": "ArrayOfString" - } - ], - "prefix": "braket", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to accept the Amazon Braket user agreement", - "privilege": "AcceptUserAgreement", + "description": "Grants permission to stop a runtime session", + "privilege": "StopRuntimeSession", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to check if an Amazon Braket feature is enabled for an account. Customers need this permission to use all features available in the console", - "privilege": "AccessBraketFeature", - "resource_types": [ + "resource_type": "runtime*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "runtime-endpoint*" } ] }, { - "access_level": "Write", - "description": "Grants permission to cancel a job", - "privilege": "CancelJob", + "access_level": "Permissions management", + "description": "Grants permission to enable search on gateways", + "privilege": "SynchronizeGatewayTargets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job*" + "resource_type": "gateway*" } ] }, { - "access_level": "Write", - "description": "Grants permission to cancel a quantum task", - "privilege": "CancelQuantumTask", + "access_level": "Tagging", + "description": "Grants permission to Tag a Bedrock-AgentCore resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "quantum-task*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a job", - "privilege": "CreateJob", - "resource_types": [ + "resource_type": "apikeycredentialprovider" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "browser-custom" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "code-interpreter-custom" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "gateway" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "memory" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "oauth2credentialprovider" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "runtime" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "runtime-endpoint" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "token-vault" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workload-identity" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workload-identity-directory" + }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -31840,13 +34960,67 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a quantum task", - "privilege": "CreateQuantumTask", + "access_level": "Tagging", + "description": "Grants permission to Untag a Bedrock-AgentCore resource", + "privilege": "UntagResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "apikeycredentialprovider" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "browser-custom" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "code-interpreter-custom" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "gateway" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "memory" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "oauth2credentialprovider" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "runtime" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "runtime-endpoint" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "token-vault" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workload-identity" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workload-identity-directory" + }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -31855,222 +35029,271 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about the devices available in Amazon Braket", - "privilege": "GetDevice", + "access_level": "Write", + "description": "Grants permission to update an agent runtime", + "privilege": "UpdateAgentRuntime", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "runtime*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve jobs", - "privilege": "GetJob", + "access_level": "Write", + "description": "Grants permission to update an agent runtime endpoint", + "privilege": "UpdateAgentRuntimeEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve quantum tasks", - "privilege": "GetQuantumTask", - "resource_types": [ + "resource_type": "runtime*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "quantum-task*" + "resource_type": "runtime-endpoint*" } ] }, { - "access_level": "Read", - "description": "Grants permission to check if the Amazon Braket service linked role has been created", - "privilege": "GetServiceLinkedRoleStatus", + "access_level": "Write", + "description": "Grants permission to update an existing API Key Credential Provider", + "privilege": "UpdateApiKeyCredentialProvider", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to check if the account has accepted the Amazon Braket user agreement", - "privilege": "GetUserAgreementStatus", - "resource_types": [ + "resource_type": "apikeycredentialprovider*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "token-vault*" } ] }, { - "access_level": "Read", - "description": "Grants permission to listing the tags that have been applied to the quantum task resource or the job", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to update the status of browser session stream", + "privilege": "UpdateBrowserStream", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job" + "resource_type": "browser*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "quantum-task" + "resource_type": "browser-custom*" } ] }, { - "access_level": "Read", - "description": "Grants permission to search for devices available in Amazon Braket", - "privilege": "SearchDevices", + "access_level": "Write", + "description": "Grants permission to update an existing gateway", + "privilege": "UpdateGateway", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "gateway*" } ] }, { - "access_level": "Read", - "description": "Grants permission to search for jobs", - "privilege": "SearchJobs", + "access_level": "Write", + "description": "Grants permission to update an existing gateway target", + "privilege": "UpdateGatewayTarget", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "gateway*" } ] }, { - "access_level": "Read", - "description": "Grants permission to search for quantum tasks", - "privilege": "SearchQuantumTasks", + "access_level": "Write", + "description": "Grants permission to update a Memory resource", + "privilege": "UpdateMemory", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "memory*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add one or more tags to a quantum task or a hybrid job", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to update an existing OAuth2 Credential Provider", + "privilege": "UpdateOauth2CredentialProvider", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job" + "resource_type": "oauth2credentialprovider*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "quantum-task" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "token-vault*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove one or more tags from a quantum task resource or a job. A tag consists of a key-value pair", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to update the metadata of an existing Workload Identity", + "privilege": "UpdateWorkloadIdentity", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job" + "resource_type": "workload-identity*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "quantum-task" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "workload-identity-directory*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:braket:${Region}:${Account}:quantum-task/${RandomId}", + "arn": "arn:${Partition}:bedrock-agentcore:${Region}:${Account}:memory/${MemoryId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "quantum-task" + "resource": "memory" }, { - "arn": "arn:${Partition}:braket:${Region}:${Account}:job/${JobName}", + "arn": "arn:${Partition}:bedrock-agentcore:${Region}:${Account}:gateway/${GatewayId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "job" + "resource": "gateway" + }, + { + "arn": "arn:${Partition}:bedrock-agentcore:${Region}:${Account}:workload-identity-directory/${DirectoryId}/workload-identity/${WorkloadIdentityName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "workload-identity" + }, + { + "arn": "arn:${Partition}:bedrock-agentcore:${Region}:${Account}:token-vault/${TokenVaultId}/oauth2credentialprovider/${Name}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "oauth2credentialprovider" + }, + { + "arn": "arn:${Partition}:bedrock-agentcore:${Region}:${Account}:token-vault/${TokenVaultId}/apikeycredentialprovider/${Name}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "apikeycredentialprovider" + }, + { + "arn": "arn:${Partition}:bedrock-agentcore:${Region}:${Account}:runtime/${RuntimeId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "runtime" + }, + { + "arn": "arn:${Partition}:bedrock-agentcore:${Region}:${Account}:runtime/${RuntimeId}/runtime-endpoint/${Name}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "runtime-endpoint" + }, + { + "arn": "arn:${Partition}:bedrock-agentcore:${Region}:${Account}:code-interpreter-custom/${CodeInterpreterId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "code-interpreter-custom" + }, + { + "arn": "arn:${Partition}:bedrock-agentcore:${Region}:aws:code-interpreter/${CodeInterpreterId}", + "condition_keys": [], + "resource": "code-interpreter" + }, + { + "arn": "arn:${Partition}:bedrock-agentcore:${Region}:${Account}:browser-custom/${BrowserId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "browser-custom" + }, + { + "arn": "arn:${Partition}:bedrock-agentcore:${Region}:aws:browser/${BrowserId}", + "condition_keys": [], + "resource": "browser" + }, + { + "arn": "arn:${Partition}:bedrock-agentcore:${Region}:${Account}:workload-identity-directory/${DirectoryId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "workload-identity-directory" + }, + { + "arn": "arn:${Partition}:bedrock-agentcore:${Region}:${Account}:token-vault/${TokenVaultId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "token-vault" } ], - "service_name": "Amazon Braket" + "service_name": "Amazon Bedrock Agentcore" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access based on the tags that are passed in the request", + "description": "Filters access by the tags that are passed in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access based on the tags associated with the resource", + "description": "Filters access by the tags associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access based on the tag keys that are passed in the request", + "description": "Filters access by the tag keys that are passed in the request", "type": "ArrayOfString" } ], - "prefix": "budgets", + "prefix": "billing", "privileges": [ { "access_level": "Write", - "description": "Grants permission to configure a response that executes once your budget exceeds a specific budget threshold. Creating a budget action with tags also requires the 'budgets:TagResource' permission", - "privilege": "CreateBudgetAction", + "description": "Grants permission to associate source views to a billing view", + "privilege": "AssociateSourceViews", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "iam:PassRole" + "billing:UseSourceView", + "iam:CreateServiceLinkedRole" ], - "resource_type": "budgetAction*" + "resource_type": "billingview*" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], @@ -32080,148 +35303,145 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an action that is associated with a specific budget", - "privilege": "DeleteBudgetAction", + "description": "Grants permission to create a billing view", + "privilege": "CreateBillingView", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "billing:UseSourceView", + "iam:CreateServiceLinkedRole" + ], + "resource_type": "billingview*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "budgetAction*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the details of a specific budget action associated with a budget", - "privilege": "DescribeBudgetAction", + "access_level": "Write", + "description": "Grants permission to delete a billing view", + "privilege": "DeleteBillingView", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "budgetAction*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve a historical view of the budget actions statuses associated with a particular budget action. These status include statues such as 'Standby', 'Pending' and 'Executed'", - "privilege": "DescribeBudgetActionHistories", - "resource_types": [ + "resource_type": "billingview*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "budgetAction*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the details of all of the budget actions associated with your account", - "privilege": "DescribeBudgetActionsForAccount", + "access_level": "Permissions management", + "description": "Grants permission to delete a billing view resource policy", + "privilege": "DeleteResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "billingview*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the details of all of the budget actions associated with a budget", - "privilege": "DescribeBudgetActionsForBudget", + "access_level": "Write", + "description": "Grants permission to disassociate source views from a billing view", + "privilege": "DisassociateSourceViews", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "budget*" + "resource_type": "billingview*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to initiate a pending budget action as well as reverse a previously executed budget action", - "privilege": "ExecuteBudgetAction", + "access_level": "Read", + "description": "Grants permission to perform queries on billing information", + "privilege": "GetBillingData", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "budgetAction*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to view resource tags for a budget or budget action", - "privilege": "ListTagsForResource", + "description": "Grants permission to view detailed line item billing information", + "privilege": "GetBillingDetails", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "budget" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "budgetAction" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create and modify budgets, and edit budget details. Creating a budget with tags also requires the 'budgets:TagResource' permission", - "privilege": "ModifyBudget", + "access_level": "Read", + "description": "Grants permission to view notifications sent by AWS related to your accounts billing information", + "privilege": "GetBillingNotifications", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "budget*" + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to apply resource tags to a budget or budget action. Also needed to create a budget or budget action with tags", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to view billing preferences such as reserved instance, savings plans and credits sharing", + "privilege": "GetBillingPreferences", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "budget" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "budgetAction" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove resource tags from a budget or budget action", - "privilege": "UntagResource", + "access_level": "Read", + "description": "Grants permission to get the metadata for a specified billing view", + "privilege": "GetBillingView", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "budget" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "budgetAction" + "resource_type": "billingview*" }, { "condition_keys": [ - "aws:TagKeys" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -32229,138 +35449,62 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update the details of a specific budget action associated with a budget", - "privilege": "UpdateBudgetAction", + "access_level": "Read", + "description": "Grants permission to get cost and usage data for a specified billng view", + "privilege": "GetBillingViewData", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:PassRole" - ], - "resource_type": "budgetAction*" + "dependent_actions": [], + "resource_type": "billingview*" } ] }, { "access_level": "Read", - "description": "Grants permission to view budgets and budget details", - "privilege": "ViewBudget", + "description": "Grants permission to view the account's contract information including the contract number, end-user organization names, PO numbers and if the account is used to service public-sector customers", + "privilege": "GetContractInformation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "budget*" - } - ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:budgets::${Account}:budget/${BudgetName}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" - ], - "resource": "budget" - }, - { - "arn": "arn:${Partition}:budgets::${Account}:budget/${BudgetName}/action/${ActionId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" - ], - "resource": "budgetAction" - } - ], - "service_name": "AWS Budget Service" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access based on the tags that are passed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access based on the tags associated with the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access based on the tag keys that are passed in the request", - "type": "ArrayOfString" - } - ], - "prefix": "bugbust", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to create a BugBust event", - "privilege": "CreateEvent", - "resource_types": [ - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [ - "iam:CreateServiceLinkedRole" - ], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to evaluate checked-in profiling groups", - "privilege": "EvaluateProfilingGroups", + "access_level": "Read", + "description": "Grants permission to view credits that have been redeemed", + "privilege": "GetCredits", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Event*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to view customer details about an event", - "privilege": "GetEvent", + "description": "Grants permission to retrieve the state of the Allow IAM Access billing preference", + "privilege": "GetIAMAccessPreference", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Event*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view the status of a BugBust player's attempt to join a BugBust event", - "privilege": "GetJoinEventStatus", + "access_level": "Permissions management", + "description": "Grants permission to get the resource policy specified billing view", + "privilege": "GetResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Event*" + "resource_type": "billingview*" }, { "condition_keys": [ @@ -32372,55 +35516,38 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to join an event", - "privilege": "JoinEvent", + "access_level": "Read", + "description": "Grants permission to retrieve the account's default Seller of Record", + "privilege": "GetSellerOfRecord", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Event*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to view the bugs that were imported into an event for players to work on", - "privilege": "ListBugs", + "description": "Grants permission to get a list of all your available billing views", + "privilege": "ListBillingViews", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "codeguru-reviewer:DescribeCodeReview", - "codeguru-reviewer:ListRecommendations" - ], - "resource_type": "Event*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view the participants of an event", - "privilege": "ListEventParticipants", + "access_level": "List", + "description": "Grants permission to get the list of source views for a specified billing view", + "privilege": "ListSourceViewsForBillingView", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Event*" + "resource_type": "billingview*" }, { "condition_keys": [ @@ -32433,13 +35560,13 @@ }, { "access_level": "Read", - "description": "Grants permission to view the scores of an event's players", - "privilege": "ListEventScores", + "description": "Grants permission to get the list of tags for a specified billing view", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Event*" + "resource_type": "billingview*" }, { "condition_keys": [ @@ -32451,28 +35578,26 @@ ] }, { - "access_level": "List", - "description": "Grants permission to List BugBust events", - "privilege": "ListEvents", + "access_level": "Write", + "description": "Grants permission to set the account's contract information end-user organization names and if the account is used to service public-sector customers", + "privilege": "PutContractInformation", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view the profiling groups that were imported into an event for players to work on", - "privilege": "ListProfilingGroups", + "access_level": "Permissions management", + "description": "Grants permission to put a billing view resource policy", + "privilege": "PutResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Event*" + "resource_type": "billingview*" }, { "condition_keys": [ @@ -32484,36 +35609,31 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to view the pull requests used by players to submit fixes to their claimed bugs in an event", - "privilege": "ListPullRequests", + "access_level": "Write", + "description": "Grants permission to redeem an AWS credit", + "privilege": "RedeemCredits", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Event*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to lists tag for a Bugbust resource", - "privilege": "ListTagsForResource", + "access_level": "Tagging", + "description": "Grants permission to add tags to a specified billing view", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Event*" + "resource_type": "billingview*" }, { "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], @@ -32523,18 +35643,18 @@ }, { "access_level": "Tagging", - "description": "Grants permission to tag a Bugbust resource", - "privilege": "TagResource", + "description": "Grants permission to remove a tag from a specified billing view", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Event*" + "resource_type": "billingview*" }, { "condition_keys": [ "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -32542,42 +35662,26 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag a Bugbust resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to update billing preferences such as reserved instance, savings plans and credits sharing", + "privilege": "UpdateBillingPreferences", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Event*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a BugBust event", - "privilege": "UpdateEvent", + "description": "Grants permission to update a billing view", + "privilege": "UpdateBillingView", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "codeguru-profiler:DescribeProfilingGroup", - "codeguru-profiler:ListProfilingGroups", - "codeguru-reviewer:DescribeCodeReview", - "codeguru-reviewer:ListCodeReviews", - "codeguru-reviewer:ListRecommendations", - "codeguru-reviewer:TagResource", - "codeguru-reviewer:UnTagResource" - ], - "resource_type": "Event*" + "dependent_actions": [], + "resource_type": "billingview*" }, { "condition_keys": [ @@ -32590,41 +35694,23 @@ }, { "access_level": "Write", - "description": "Grants permission to update a work item as claimed or unclaimed (bug or profiling group)", - "privilege": "UpdateWorkItem", + "description": "Grants permission to update the Allow IAM Access billing preference", + "privilege": "UpdateIAMAccessPreference", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "codeguru-reviewer:ListRecommendations" - ], - "resource_type": "Event*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update an event's work item (bug or profiling group)", - "privilege": "UpdateWorkItemAdmin", + "access_level": "Read", + "description": "Grants permission to use a billing view as a data source for other billing views", + "privilege": "UseSourceView", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "codeguru-reviewer:ListRecommendations" - ], - "resource_type": "Event*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], "dependent_actions": [], "resource_type": "" } @@ -32633,149 +35719,103 @@ ], "resources": [ { - "arn": "arn:${Partition}:bugbust:${Region}:${Account}:events/${EventId}", + "arn": "arn:${Partition}:billing::${Account}:billingview/${ResourceId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "Event" + "resource": "billingview" } ], - "service_name": "AWS BugBust" + "service_name": "AWS Billing" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by tags that are passed in the request", + "description": "Filters access by the tags that are passed in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tags associated with the resource", + "description": "Filters access by the tags associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by tag keys that are passed in the request", + "description": "Filters access by the tag keys that are passed in the request", "type": "ArrayOfString" - }, - { - "condition": "connect:UserArn", - "description": "Filters access by connect's UserArn", - "type": "ARN" } ], - "prefix": "cases", + "prefix": "billingconductor", "privileges": [ { - "access_level": "Read", - "description": "Grants permission to retrieve information about the case rules in the case domain", - "privilege": "BatchGetCaseRule", + "access_level": "Write", + "description": "Grants permission to associate between one and 30 accounts to a billing group", + "privilege": "AssociateAccounts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "CaseRule*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Domain*" + "resource_type": "billinggroup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about the fields in the case domain", - "privilege": "BatchGetField", + "access_level": "Write", + "description": "Grants permission to associate pricing rules", + "privilege": "AssociatePricingRules", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Domain*" + "resource_type": "pricingplan*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Field*" + "resource_type": "pricingrule*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the field options in the case domain", - "privilege": "BatchPutFieldOptions", + "description": "Grants permission to batch associate resources to a percentage custom line item", + "privilege": "BatchAssociateResourcesToCustomLineItem", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Domain*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Field*" + "resource_type": "customlineitem*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a case in the case domain", - "privilege": "CreateCase", + "description": "Grants permission to batch disassociate resources from a percentage custom line item", + "privilege": "BatchDisassociateResourcesFromCustomLineItem", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Case*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Domain*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Field*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Template*" - }, - { - "condition_keys": [ - "connect:UserArn" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "customlineitem*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a case rule in the case domain", - "privilege": "CreateCaseRule", + "description": "Grants permission to create a billing group", + "privilege": "CreateBillingGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "CaseRule*" + "resource_type": "pricingplan*" }, { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Domain*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a new case domain", - "privilege": "CreateDomain", - "resource_types": [ - { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } @@ -32783,61 +35823,53 @@ }, { "access_level": "Write", - "description": "Grants permission to create a field in the case domain", - "privilege": "CreateField", + "description": "Grants permission to create a custom line item", + "privilege": "CreateCustomLineItem", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Domain*" + "resource_type": "billinggroup*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "Field*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a layout in the case domain", - "privilege": "CreateLayout", + "description": "Grants permission to create a pricing plan", + "privilege": "CreatePricingPlan", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Domain*" + "resource_type": "pricingrule*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "Layout*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a related item associated to a case in the case domain", - "privilege": "CreateRelatedItem", + "description": "Grants permission to create a pricing rule", + "privilege": "CreatePricingRule", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Case*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Domain*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "RelatedItem*" - }, { "condition_keys": [ - "connect:UserArn" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -32846,411 +35878,277 @@ }, { "access_level": "Write", - "description": "Grants permission to create a template in the case domain", - "privilege": "CreateTemplate", + "description": "Grants permission to delete a billing group", + "privilege": "DeleteBillingGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Domain*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Layout*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Template*" + "resource_type": "billinggroup*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the case rule in the case domain", - "privilege": "DeleteCaseRule", + "description": "Grants permission to delete a custom line item", + "privilege": "DeleteCustomLineItem", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "CaseRule*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Domain*" + "resource_type": "customlineitem*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the domain", - "privilege": "DeleteDomain", + "description": "Grants permission to delete a pricing plan", + "privilege": "DeletePricingPlan", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Domain*" + "resource_type": "pricingplan*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the field in the case domain", - "privilege": "DeleteField", + "description": "Grants permission to delete a pricing rule", + "privilege": "DeletePricingRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Domain*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Field*" + "resource_type": "pricingrule*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the layout in the case domain", - "privilege": "DeleteLayout", + "description": "Grants permission to detach between one and 30 accounts from a billing group", + "privilege": "DisassociateAccounts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Domain*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Layout*" + "resource_type": "billinggroup*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a related item associated to a case in the case domain", - "privilege": "DeleteRelatedItem", + "description": "Grants permission to disassociate pricing rules", + "privilege": "DisassociatePricingRules", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Case*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Domain*" + "resource_type": "pricingplan*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "RelatedItem*" + "resource_type": "pricingrule*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the template in the case domain", - "privilege": "DeleteTemplate", + "access_level": "Read", + "description": "Grants permission to view the billing group cost report for the specified billing group", + "privilege": "GetBillingGroupCostReport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Domain*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Template*" + "resource_type": "billinggroup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about a case in the case domain", - "privilege": "GetCase", + "access_level": "List", + "description": "Grants permission to list the linked accounts of the payer account for the given billing period while also providing the billing group the linked accounts belong to", + "privilege": "ListAccountAssociations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Case*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Domain*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Field*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to view audit history of a case", - "privilege": "GetCaseAuditEvents", + "description": "Grants permission to view the billing group cost report", + "privilege": "ListBillingGroupCostReports", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Case*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Domain*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve information about the case event configuraton in the case domain", - "privilege": "GetCaseEventConfiguration", + "description": "Grants permission to view the details of billing groups", + "privilege": "ListBillingGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Domain*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve information about the case domain", - "privilege": "GetDomain", + "description": "Grants permission to view custom line item versions", + "privilege": "ListCustomLineItemVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Domain*" + "resource_type": "customlineitem*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve information about the layout in the case domain", - "privilege": "GetLayout", + "description": "Grants permission to view custom line item details", + "privilege": "ListCustomLineItems", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Domain*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Layout*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve information about the template in the case domain", - "privilege": "GetTemplate", + "description": "Grants permission to view the pricing plans details", + "privilege": "ListPricingPlans", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Domain*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Template*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list case rules in the case domain", - "privilege": "ListCaseRules", + "description": "Grants permission to list pricing plans associated with a pricing rule", + "privilege": "ListPricingPlansAssociatedWithPricingRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Domain*" + "resource_type": "pricingrule*" } ] }, { - "access_level": "List", - "description": "Grants permission to list cases for a specific contact in the case domain", - "privilege": "ListCasesForContact", + "access_level": "Read", + "description": "Grants permission to view pricing rules details", + "privilege": "ListPricingRules", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Domain*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list all domains in the aws account", - "privilege": "ListDomains", + "description": "Grants permission to list pricing rules associated to a pricing plan", + "privilege": "ListPricingRulesAssociatedToPricingPlan", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "pricingplan*" } ] }, { "access_level": "List", - "description": "Grants permission to list field options for a single select field in the case domain", - "privilege": "ListFieldOptions", + "description": "Grants permission to list resources associated to a percentage custom line item", + "privilege": "ListResourcesAssociatedToCustomLineItem", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Domain*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Field*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list fields in the case domain", - "privilege": "ListFields", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Domain*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list layouts in the case domain", - "privilege": "ListLayouts", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Domain*" + "resource_type": "customlineitem*" } ] }, { "access_level": "Read", - "description": "Grants permission to list the tags for the specified resource", + "description": "Grants permission to list tags of a resource", "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list templates in the case domain", - "privilege": "ListTemplates", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Domain*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to insert or update the case event configuration in the case domain", - "privilege": "PutCaseEventConfiguration", - "resource_types": [ + "resource_type": "billinggroup" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Domain*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to search for cases in the case domain", - "privilege": "SearchCases", - "resource_types": [ + "resource_type": "customlineitem" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Domain*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to search for related items associated to the case in the case domain", - "privilege": "SearchRelatedItems", - "resource_types": [ + "resource_type": "pricingplan" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Case*" + "resource_type": "pricingrule" }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "Domain*" + "resource_type": "" } ] }, { "access_level": "Tagging", - "description": "Grants permission to add the specified tags to the specified resource", + "description": "Grants permission to tag a resource", "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Case" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "CaseRule" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Domain" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Field" + "resource_type": "billinggroup" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Layout" + "resource_type": "customlineitem" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "RelatedItem" + "resource_type": "pricingplan" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Template" + "resource_type": "pricingrule" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -33259,43 +36157,28 @@ }, { "access_level": "Tagging", - "description": "Grants permission to remove the specified tags from the specified resource", + "description": "Grants permission to untag a resource", "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Case" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "CaseRule" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Domain" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Field" + "resource_type": "billinggroup" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Layout" + "resource_type": "customlineitem" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "RelatedItem" + "resource_type": "pricingplan" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Template" + "resource_type": "pricingrule" }, { "condition_keys": [ @@ -33308,243 +36191,150 @@ }, { "access_level": "Write", - "description": "Grants permission to update the field values on the case in the case domain", - "privilege": "UpdateCase", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Case*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Domain*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Field*" - }, - { - "condition_keys": [ - "connect:UserArn" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update the case rule in the case domain", - "privilege": "UpdateCaseRule", + "description": "Grants permission to update a billing group", + "privilege": "UpdateBillingGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "CaseRule*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Domain*" + "resource_type": "billinggroup*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the field in the case domain", - "privilege": "UpdateField", + "description": "Grants permission to update a custom line item", + "privilege": "UpdateCustomLineItem", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Domain*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Field*" + "resource_type": "customlineitem*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the layout in the case domain", - "privilege": "UpdateLayout", + "description": "Grants permission to update a pricing plan", + "privilege": "UpdatePricingPlan", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Domain*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Layout*" + "resource_type": "pricingplan*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the template in the case domain", - "privilege": "UpdateTemplate", + "description": "Grants permission to update a pricing rule", + "privilege": "UpdatePricingRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Domain*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Template*" + "resource_type": "pricingrule*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:cases:${Region}:${Account}:domain/${DomainId}/case/${CaseId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Case" - }, - { - "arn": "arn:${Partition}:cases:${Region}:${Account}:domain/${DomainId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Domain" - }, - { - "arn": "arn:${Partition}:cases:${Region}:${Account}:domain/${DomainId}/field/${FieldId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Field" - }, - { - "arn": "arn:${Partition}:cases:${Region}:${Account}:domain/${DomainId}/layout/${LayoutId}", + "arn": "arn:${Partition}:billingconductor::${Account}:billinggroup/${BillingGroupId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "Layout" + "resource": "billinggroup" }, { - "arn": "arn:${Partition}:cases:${Region}:${Account}:domain/${DomainId}/case/${CaseId}/related-item/${RelatedItemId}", + "arn": "arn:${Partition}:billingconductor::${Account}:pricingplan/${PricingPlanId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "RelatedItem" + "resource": "pricingplan" }, { - "arn": "arn:${Partition}:cases:${Region}:${Account}:domain/${DomainId}/template/${TemplateId}", + "arn": "arn:${Partition}:billingconductor::${Account}:pricingrule/${PricingRuleId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "Template" + "resource": "pricingrule" }, { - "arn": "arn:${Partition}:cases:${Region}:${Account}:domain/${DomainId}/case-rule/${CaseRuleId}", + "arn": "arn:${Partition}:billingconductor::${Account}:customlineitem/${CustomLineItemId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "CaseRule" + "resource": "customlineitem" } ], - "service_name": "Amazon Connect Cases" + "service_name": "AWS Billing Conductor" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the presence of tag key-value pairs in the request", + "description": "Filters access by the presence of tag key-value pairs in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on tag key-value pairs attached to the resource", + "description": "Filters access by tag key-value pairs attached to the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters actions based on the presence of tag keys in the request", + "description": "Filters access by the presence of tag keys in the request", "type": "ArrayOfString" } ], - "prefix": "cassandra", + "prefix": "braket", "privileges": [ { "access_level": "Write", - "description": "Grants permission to alter a keyspace or table", - "privilege": "Alter", + "description": "Grants permission to accept the Amazon Braket user agreement", + "privilege": "AcceptUserAgreement", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "keyspace" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "table" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to alter a multiregion keyspace or table", - "privilege": "AlterMultiRegionResource", + "description": "Grants permission to cancel a job", + "privilege": "CancelJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "keyspace" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "table" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "job*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a keyspace or table", - "privilege": "Create", + "description": "Grants permission to cancel a quantum task", + "privilege": "CancelQuantumTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "keyspace" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "table" - }, + "resource_type": "quantum-task*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a job", + "privilege": "CreateJob", + "resource_types": [ { "condition_keys": [ "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -33554,22 +36344,13 @@ }, { "access_level": "Write", - "description": "Grants permission to create a multiregion keyspace or table", - "privilege": "CreateMultiRegionResource", + "description": "Grants permission to create a quantum task", + "privilege": "CreateQuantumTask", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "keyspace" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "table" - }, { "condition_keys": [ "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -33578,178 +36359,136 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to drop a keyspace or table", - "privilege": "Drop", + "access_level": "Read", + "description": "Grants permission to retrieve information about the devices available in Amazon Braket", + "privilege": "GetDevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "keyspace" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "table" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to drop a multiregion keyspace or table", - "privilege": "DropMultiRegionResource", + "access_level": "Read", + "description": "Grants permission to retrieve jobs", + "privilege": "GetJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "keyspace" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "table" + "resource_type": "job*" } ] }, { - "access_level": "Write", - "description": "Grants permission to INSERT, UPDATE or DELETE data in a table", - "privilege": "Modify", + "access_level": "Read", + "description": "Grants permission to retrieve quantum tasks", + "privilege": "GetQuantumTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "quantum-task*" } ] }, { - "access_level": "Write", - "description": "Grants permission to INSERT, UPDATE or DELETE data in a multiregion table", - "privilege": "ModifyMultiRegionResource", + "access_level": "Read", + "description": "Grants permission to check if the Amazon Braket service linked role has been created", + "privilege": "GetServiceLinkedRoleStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to restore table from a backup", - "privilege": "Restore", + "access_level": "Read", + "description": "Grants permission to check if the account has accepted the Amazon Braket user agreement", + "privilege": "GetUserAgreementStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to restore multiregion table from a backup", - "privilege": "RestoreMultiRegionTable", + "access_level": "Read", + "description": "Grants permission to listing the tags that have been applied to the quantum task resource or the job", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to SELECT data from a table", - "privilege": "Select", - "resource_types": [ + "resource_type": "job" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "quantum-task" } ] }, { "access_level": "Read", - "description": "Grants permission to SELECT data from a multiregion table", - "privilege": "SelectMultiRegionResource", + "description": "Grants permission to search for devices available in Amazon Braket", + "privilege": "SearchDevices", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag a multiregion keyspace or table", - "privilege": "TagMultiRegionResource", + "access_level": "Read", + "description": "Grants permission to search for jobs", + "privilege": "SearchJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "keyspace" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "table" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag a keyspace or table", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to search for quantum tasks", + "privilege": "SearchQuantumTasks", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "keyspace" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "table" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Tagging", - "description": "Grants permission to untag a multiregion keyspace or table", - "privilege": "UnTagMultiRegionResource", + "description": "Grants permission to add one or more tags to a quantum task or a hybrid job", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "keyspace" + "resource_type": "job" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "table" + "resource_type": "quantum-task" }, { "condition_keys": [ + "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -33759,18 +36498,18 @@ }, { "access_level": "Tagging", - "description": "Grants permission to untag a keyspace or table", + "description": "Grants permission to remove one or more tags from a quantum task resource or a job. A tag consists of a key-value pair", "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "keyspace" + "resource_type": "job" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "table" + "resource_type": "quantum-task" }, { "condition_keys": [ @@ -33780,67 +36519,63 @@ "resource_type": "" } ] - }, - { - "access_level": "Write", - "description": "Grants permission to UPDATE the partitioner in a system table", - "privilege": "UpdatePartitioner", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" - } - ] } ], "resources": [ { - "arn": "arn:${Partition}:cassandra:${Region}:${Account}:/keyspace/${KeyspaceName}/", + "arn": "arn:${Partition}:braket:${Region}:${Account}:quantum-task/${RandomId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "keyspace" + "resource": "quantum-task" }, { - "arn": "arn:${Partition}:cassandra:${Region}:${Account}:/keyspace/${KeyspaceName}/table/${TableName}", + "arn": "arn:${Partition}:braket:${Region}:${Account}:job/${JobName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "table" + "resource": "job" } ], - "service_name": "Amazon Keyspaces (for Apache Cassandra)" + "service_name": "Amazon Braket" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", + "description": "Filters access based on the tags that are passed in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", + "description": "Filters access based on the tags associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", + "description": "Filters access based on the tag keys that are passed in the request", "type": "ArrayOfString" } ], - "prefix": "ce", + "prefix": "budgets", "privileges": [ { "access_level": "Write", - "description": "Grants permission to create a new Anomaly Monitor", - "privilege": "CreateAnomalyMonitor", + "description": "Grants permission to configure a response that executes once your budget exceeds a specific budget threshold. Creating a budget action with tags also requires the 'budgets:TagResource' permission", + "privilege": "CreateBudgetAction", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "budgetAction*" + }, { "condition_keys": [ + "aws:TagKeys", "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -33849,50 +36584,44 @@ }, { "access_level": "Write", - "description": "Grants permission to create a new Anomaly Subscription", - "privilege": "CreateAnomalySubscription", + "description": "Grants permission to delete an action that is associated with a specific budget", + "privilege": "DeleteBudgetAction", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "budgetAction*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new Cost Category with the requested name and rules", - "privilege": "CreateCostCategoryDefinition", + "access_level": "Read", + "description": "Grants permission to retrieve the details of a specific budget action associated with a budget", + "privilege": "DescribeBudgetAction", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "budgetAction*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create Reservation expiration alerts", - "privilege": "CreateNotificationSubscription", + "access_level": "Read", + "description": "Grants permission to retrieve a historical view of the budget actions statuses associated with a particular budget action. These status include statues such as 'Standby', 'Pending' and 'Executed'", + "privilege": "DescribeBudgetActionHistories", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "budgetAction*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create Cost Explorer Reports", - "privilege": "CreateReport", + "access_level": "Read", + "description": "Grants permission to retrieve the details of all of the budget actions associated with your account", + "privilege": "DescribeBudgetActionsForAccount", "resource_types": [ { "condition_keys": [], @@ -33902,99 +36631,103 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete an Anomaly Monitor", - "privilege": "DeleteAnomalyMonitor", + "access_level": "Read", + "description": "Grants permission to retrieve the details of all of the budget actions associated with a budget", + "privilege": "DescribeBudgetActionsForBudget", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "anomalymonitor*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "budget*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an Anomaly Subscription", - "privilege": "DeleteAnomalySubscription", + "description": "Grants permission to initiate a pending budget action as well as reverse a previously executed budget action", + "privilege": "ExecuteBudgetAction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "anomalysubscription*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "budgetAction*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a Cost Category", - "privilege": "DeleteCostCategoryDefinition", + "access_level": "Read", + "description": "Grants permission to view resource tags for a budget or budget action", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "costcategory*" + "resource_type": "budget" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "budgetAction" } ] }, { "access_level": "Write", - "description": "Grants permission to delete Reservation expiration alerts", - "privilege": "DeleteNotificationSubscription", + "description": "Grants permission to create and modify budgets, and edit budget details. Creating a budget with tags also requires the 'budgets:TagResource' permission", + "privilege": "ModifyBudget", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "iam:CreateServiceLinkedRole" + ], + "resource_type": "budget*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete Cost Explorer Reports", - "privilege": "DeleteReport", + "access_level": "Tagging", + "description": "Grants permission to apply resource tags to a budget or budget action. Also needed to create a budget or budget action with tags", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "budget" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "budgetAction" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve descriptions such as the name, ARN, rules, definition, and effective dates of a Cost Category", - "privilege": "DescribeCostCategoryDefinition", + "access_level": "Tagging", + "description": "Grants permission to remove resource tags from a budget or budget action", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "costcategory*" + "resource_type": "budget" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "budgetAction" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -34002,38 +36735,102 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to view Reservation expiration alerts", - "privilege": "DescribeNotificationSubscription", + "access_level": "Write", + "description": "Grants permission to update the details of a specific budget action associated with a budget", + "privilege": "UpdateBudgetAction", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "budgetAction*" } ] }, { "access_level": "Read", - "description": "Grants permission to view Cost Explorer Reports page", - "privilege": "DescribeReport", + "description": "Grants permission to view budgets and budget details", + "privilege": "ViewBudget", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "billing:GetBillingViewData" + ], + "resource_type": "budget*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:budgets::${Account}:budget/${BudgetName}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "resource": "budget" + }, + { + "arn": "arn:${Partition}:budgets::${Account}:budget/${BudgetName}/action/${ActionId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "resource": "budgetAction" + } + ], + "service_name": "AWS Budget Service" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access based on the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access based on the tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access based on the tag keys that are passed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "bugbust", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create a BugBust event", + "privilege": "CreateEvent", + "resource_types": [ + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [ + "iam:CreateServiceLinkedRole" + ], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve anomalies", - "privilege": "GetAnomalies", + "access_level": "Write", + "description": "Grants permission to evaluate checked-in profiling groups", + "privilege": "EvaluateProfilingGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "anomalymonitor*" + "resource_type": "Event*" }, { "condition_keys": [ @@ -34046,13 +36843,13 @@ }, { "access_level": "Read", - "description": "Grants permission to query Anomaly Monitors", - "privilege": "GetAnomalyMonitors", + "description": "Grants permission to view customer details about an event", + "privilege": "GetEvent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "anomalymonitor*" + "resource_type": "Event*" }, { "condition_keys": [ @@ -34065,13 +36862,13 @@ }, { "access_level": "Read", - "description": "Grants permission to query Anomaly Subscriptions", - "privilege": "GetAnomalySubscriptions", + "description": "Grants permission to view the status of a BugBust player's attempt to join a BugBust event", + "privilege": "GetJoinEventStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "anomalysubscription*" + "resource_type": "Event*" }, { "condition_keys": [ @@ -34083,24 +36880,41 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve approximate usage record count for the chosen resource, level, and hourly granularity preferences, derived from the past month's usage", - "privilege": "GetApproximateUsageRecords", + "access_level": "Write", + "description": "Grants permission to join an event", + "privilege": "JoinEvent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "Event*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the commitment purchase analysis for your account", - "privilege": "GetCommitmentPurchaseAnalysis", + "description": "Grants permission to view the bugs that were imported into an event for players to work on", + "privilege": "ListBugs", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "codeguru-reviewer:DescribeCodeReview", + "codeguru-reviewer:ListRecommendations" + ], + "resource_type": "Event*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } @@ -34108,25 +36922,32 @@ }, { "access_level": "Read", - "description": "Grants permission to view whether existing or fine-grained IAM actions are being used to control authorization to Billing, Cost Management, and Account consoles", - "privilege": "GetConsoleActionSetEnforced", + "description": "Grants permission to view the participants of an event", + "privilege": "ListEventParticipants", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "Event*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the cost and usage metrics for your account", - "privilege": "GetCostAndUsage", + "description": "Grants permission to view the scores of an event's players", + "privilege": "ListEventScores", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "billingview" + "resource_type": "Event*" }, { "condition_keys": [ @@ -34138,15 +36959,10 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the cost and usage metrics with resources for your account", - "privilege": "GetCostAndUsageWithResources", + "access_level": "List", + "description": "Grants permission to List BugBust events", + "privilege": "ListEvents", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "billingview" - }, { "condition_keys": [ "aws:ResourceTag/${TagKey}" @@ -34158,13 +36974,13 @@ }, { "access_level": "Read", - "description": "Grants permission to query Cost Catagory names and values for a specified time period", - "privilege": "GetCostCategories", + "description": "Grants permission to view the profiling groups that were imported into an event for players to work on", + "privilege": "ListProfilingGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "billingview" + "resource_type": "Event*" }, { "condition_keys": [ @@ -34177,13 +36993,13 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve a cost forecast for a forecast time period", - "privilege": "GetCostForecast", + "description": "Grants permission to view the pull requests used by players to submit fixes to their claimed bugs in an event", + "privilege": "ListPullRequests", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "billingview" + "resource_type": "Event*" }, { "condition_keys": [ @@ -34196,13 +37012,13 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve all available filter values for a filter for a period of time", - "privilege": "GetDimensionValues", + "description": "Grants permission to lists tag for a Bugbust resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "billingview" + "resource_type": "Event*" }, { "condition_keys": [ @@ -34214,138 +37030,230 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to view Cost Explorer Preferences page", - "privilege": "GetPreferences", + "access_level": "Tagging", + "description": "Grants permission to tag a Bugbust resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "Event*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the reservation coverage for your account", - "privilege": "GetReservationCoverage", + "access_level": "Tagging", + "description": "Grants permission to untag a Bugbust resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "Event*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the reservation recommendations for your account", - "privilege": "GetReservationPurchaseRecommendation", + "access_level": "Write", + "description": "Grants permission to update a BugBust event", + "privilege": "UpdateEvent", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "codeguru-profiler:DescribeProfilingGroup", + "codeguru-profiler:ListProfilingGroups", + "codeguru-reviewer:DescribeCodeReview", + "codeguru-reviewer:ListCodeReviews", + "codeguru-reviewer:ListRecommendations", + "codeguru-reviewer:TagResource", + "codeguru-reviewer:UnTagResource" + ], + "resource_type": "Event*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the reservation utilization for your account", - "privilege": "GetReservationUtilization", + "access_level": "Write", + "description": "Grants permission to update a work item as claimed or unclaimed (bug or profiling group)", + "privilege": "UpdateWorkItem", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "codeguru-reviewer:ListRecommendations" + ], + "resource_type": "Event*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the rightsizing recommendations for your account", - "privilege": "GetRightsizingRecommendation", + "access_level": "Write", + "description": "Grants permission to update an event's work item (bug or profiling group)", + "privilege": "UpdateWorkItemAdmin", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "codeguru-reviewer:ListRecommendations" + ], + "resource_type": "Event*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:bugbust:${Region}:${Account}:events/${EventId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Event" + } + ], + "service_name": "AWS BugBust" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by tag keys that are passed in the request", + "type": "ArrayOfString" }, + { + "condition": "connect:UserArn", + "description": "Filters access by connect's UserArn", + "type": "ARN" + } + ], + "prefix": "cases", + "privileges": [ { "access_level": "Read", - "description": "Grants permission to retrieve the Savings Plan recommendation details for your account", - "privilege": "GetSavingsPlanPurchaseRecommendationDetails", + "description": "Grants permission to retrieve information about the case rules in the case domain", + "privilege": "BatchGetCaseRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve the Savings Plans coverage for your account", - "privilege": "GetSavingsPlansCoverage", - "resource_types": [ + "resource_type": "CaseRule*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Domain*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the Savings Plans recommendations for your account", - "privilege": "GetSavingsPlansPurchaseRecommendation", + "description": "Grants permission to retrieve information about the fields in the case domain", + "privilege": "BatchGetField", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve the Savings Plans utilization for your account", - "privilege": "GetSavingsPlansUtilization", - "resource_types": [ + "resource_type": "Domain*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Field*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the Savings Plans utilization details for your account", - "privilege": "GetSavingsPlansUtilizationDetails", + "access_level": "Write", + "description": "Grants permission to update the field options in the case domain", + "privilege": "BatchPutFieldOptions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Domain*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Field*" } ] }, { - "access_level": "Read", - "description": "Grants permission to query tags for a specified time period", - "privilege": "GetTags", + "access_level": "Write", + "description": "Grants permission to create a case in the case domain", + "privilege": "CreateCase", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "billingview" + "resource_type": "Case*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Domain*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Field*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Template*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "connect:UserArn" ], "dependent_actions": [], "resource_type": "" @@ -34353,28 +37261,26 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a usage forecast for a forecast time period", - "privilege": "GetUsageForecast", + "access_level": "Write", + "description": "Grants permission to create a case rule in the case domain", + "privilege": "CreateCaseRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "billingview" + "resource_type": "CaseRule*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Domain*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of your historical commitment purchase analyses", - "privilege": "ListCommitmentPurchaseAnalyses", + "access_level": "Write", + "description": "Grants permission to create a new case domain", + "privilege": "CreateDomain", "resource_types": [ { "condition_keys": [], @@ -34384,76 +37290,62 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list Cost Allocation Tag backfill history", - "privilege": "ListCostAllocationTagBackfillHistory", + "access_level": "Write", + "description": "Grants permission to create a field in the case domain", + "privilege": "CreateField", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Domain*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Field*" } ] }, { - "access_level": "List", - "description": "Grants permission to list Cost Allocation Tags", - "privilege": "ListCostAllocationTags", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to retrieve names, ARN, and effective dates for all Cost Categories", - "privilege": "ListCostCategoryDefinitions", + "access_level": "Write", + "description": "Grants permission to create a layout in the case domain", + "privilege": "CreateLayout", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to retrieve a list of your historical recommendation generations", - "privilege": "ListSavingsPlansPurchaseRecommendationGeneration", - "resource_types": [ + "resource_type": "Domain*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Layout*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list tags for a Cost Explorer resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to create a related item associated to a case in the case domain", + "privilege": "CreateRelatedItem", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "anomalymonitor" + "resource_type": "Case*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "anomalysubscription" + "resource_type": "Domain*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "costcategory" + "resource_type": "RelatedItem*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "connect:UserArn" ], "dependent_actions": [], "resource_type": "" @@ -34462,312 +37354,323 @@ }, { "access_level": "Write", - "description": "Grants permission to provide feedback on detected anomalies", - "privilege": "ProvideAnomalyFeedback", + "description": "Grants permission to create a template in the case domain", + "privilege": "CreateTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Domain*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Layout*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Template*" } ] }, { "access_level": "Write", - "description": "Grants permission to request a commitment purchase analysis", - "privilege": "StartCommitmentPurchaseAnalysis", + "description": "Grants permission to delete the case in the case domain", + "privilege": "DeleteCase", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Case*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Domain*" } ] }, { "access_level": "Write", - "description": "Grants permission to request a Cost Allocation Tag backfill", - "privilege": "StartCostAllocationTagBackfill", + "description": "Grants permission to delete the case rule in the case domain", + "privilege": "DeleteCaseRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "CaseRule*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Domain*" } ] }, { "access_level": "Write", - "description": "Grants permission to request a Savings Plans recommendation generation", - "privilege": "StartSavingsPlansPurchaseRecommendationGeneration", + "description": "Grants permission to delete the domain", + "privilege": "DeleteDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Domain*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag a Cost Explorer resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to delete the field in the case domain", + "privilege": "DeleteField", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "anomalymonitor" + "resource_type": "Domain*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "anomalysubscription" - }, + "resource_type": "Field*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the layout in the case domain", + "privilege": "DeleteLayout", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "costcategory" + "resource_type": "Domain*" }, { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Layout*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from a Cost Explorer resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to delete the related item associated to the case in the case domain", + "privilege": "DeleteRelatedItem", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "anomalymonitor" + "resource_type": "Case*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "anomalysubscription" + "resource_type": "Domain*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "costcategory" + "resource_type": "RelatedItem*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the template in the case domain", + "privilege": "DeleteTemplate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Domain*" }, { - "condition_keys": [ - "aws:TagKeys", - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Template*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update an existing Anomaly Monitor", - "privilege": "UpdateAnomalyMonitor", + "access_level": "Read", + "description": "Grants permission to retrieve information about a case in the case domain", + "privilege": "GetCase", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "anomalymonitor*" + "resource_type": "Case*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Domain*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Field*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update an existing Anomaly Subscription", - "privilege": "UpdateAnomalySubscription", + "access_level": "Read", + "description": "Grants permission to view audit history of a case", + "privilege": "GetCaseAuditEvents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "anomalysubscription*" + "resource_type": "Case*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Domain*" } ] }, { - "access_level": "Write", - "description": "Grants permission to change whether existing or fine-grained IAM actions will be used to control authorization to Billing, Cost Management, and Account consoles", - "privilege": "UpdateConsoleActionSetEnforced", + "access_level": "Read", + "description": "Grants permission to retrieve information about the case event configuraton in the case domain", + "privilege": "GetCaseEventConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Domain*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update existing Cost Allocation Tags status", - "privilege": "UpdateCostAllocationTagsStatus", + "access_level": "Read", + "description": "Grants permission to retrieve information about the case domain", + "privilege": "GetDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Domain*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update an existing Cost Category", - "privilege": "UpdateCostCategoryDefinition", + "access_level": "Read", + "description": "Grants permission to retrieve information about the layout in the case domain", + "privilege": "GetLayout", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "costcategory*" + "resource_type": "Domain*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Layout*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update Reservation expiration alerts", - "privilege": "UpdateNotificationSubscription", + "access_level": "Read", + "description": "Grants permission to retrieve information about the template in the case domain", + "privilege": "GetTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Domain*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Template*" } ] }, { - "access_level": "Write", - "description": "Grants permission to edit Cost Explorer Preferences page", - "privilege": "UpdatePreferences", + "access_level": "List", + "description": "Grants permission to list case rules in the case domain", + "privilege": "ListCaseRules", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Domain*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update Cost Explorer Reports", - "privilege": "UpdateReport", + "access_level": "List", + "description": "Grants permission to list cases for a specific contact in the case domain", + "privilege": "ListCasesForContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Domain*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:ce::${Account}:anomalysubscription/${Identifier}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "anomalysubscription" - }, - { - "arn": "arn:${Partition}:ce::${Account}:anomalymonitor/${Identifier}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "anomalymonitor" }, { - "arn": "arn:${Partition}:ce::${Account}:costcategory/${Identifier}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "costcategory" + "access_level": "List", + "description": "Grants permission to list all domains in the aws account", + "privilege": "ListDomains", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:billing::${Account}:billingview/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "billingview" - } - ], - "service_name": "AWS Cost Explorer Service" - }, - { - "conditions": [], - "prefix": "chatbot", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to associate a resource with a configuration", - "privilege": "AssociateToConfiguration", + "access_level": "List", + "description": "Grants permission to list field options for a single select field in the case domain", + "privilege": "ListFieldOptions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ChatbotConfiguration*" + "resource_type": "Domain*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "custom-action*" + "resource_type": "Field*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an AWS Chatbot Chime Webhook Configuration", - "privilege": "CreateChimeWebhookConfiguration", + "access_level": "List", + "description": "Grants permission to list fields in the case domain", + "privilege": "ListFields", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Domain*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a custom action", - "privilege": "CreateCustomAction", + "access_level": "List", + "description": "Grants permission to list layouts in the case domain", + "privilege": "ListLayouts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Domain*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an AWS Chatbot Microsoft Teams Channel Configuration", - "privilege": "CreateMicrosoftTeamsChannelConfiguration", + "access_level": "Read", + "description": "Grants permission to list the tags for the specified resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], @@ -34777,266 +37680,502 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create an AWS Chatbot Slack Channel Configuration", - "privilege": "CreateSlackChannelConfiguration", + "access_level": "List", + "description": "Grants permission to list templates in the case domain", + "privilege": "ListTemplates", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Domain*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an AWS Chatbot Chime Webhook Configuration", - "privilege": "DeleteChimeWebhookConfiguration", + "description": "Grants permission to insert or update the case event configuration in the case domain", + "privilege": "PutCaseEventConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ChatbotConfiguration*" + "resource_type": "Domain*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a custom action", - "privilege": "DeleteCustomAction", + "access_level": "Read", + "description": "Grants permission to search for cases in the case domain", + "privilege": "SearchCases", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "custom-action*" + "resource_type": "Domain*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an AWS Chatbot Microsoft Teams Channel Configuration", - "privilege": "DeleteMicrosoftTeamsChannelConfiguration", + "access_level": "Read", + "description": "Grants permission to search for related items associated to the case in the case domain", + "privilege": "SearchRelatedItems", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ChatbotConfiguration*" + "resource_type": "Case*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Domain*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the Microsoft Teams configured with AWS Chatbot in an AWS account", - "privilege": "DeleteMicrosoftTeamsConfiguredTeam", + "access_level": "Tagging", + "description": "Grants permission to add the specified tags to the specified resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "Case" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "CaseRule" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Domain" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Field" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Layout" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "RelatedItem" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Template" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an AWS Chatbot Microsoft Teams User Identity", - "privilege": "DeleteMicrosoftTeamsUserIdentity", + "access_level": "Tagging", + "description": "Grants permission to remove the specified tags from the specified resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "Case" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "CaseRule" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Domain" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Field" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Layout" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "RelatedItem" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Template" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an AWS Chatbot Slack Channel Configuration", - "privilege": "DeleteSlackChannelConfiguration", + "description": "Grants permission to update the field values on the case in the case domain", + "privilege": "UpdateCase", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ChatbotConfiguration*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete an AWS Chatbot Slack User Identity", - "privilege": "DeleteSlackUserIdentity", - "resource_types": [ + "resource_type": "Case*" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "Domain*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Field*" + }, + { + "condition_keys": [ + "connect:UserArn" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the Slack workspace authorization with AWS Chatbot, associated with an AWS account", - "privilege": "DeleteSlackWorkspaceAuthorization", + "description": "Grants permission to update the case rule in the case domain", + "privilege": "UpdateCaseRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "CaseRule*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Domain*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list all AWS Chatbot Chime Webhook Configurations in an AWS Account", - "privilege": "DescribeChimeWebhookConfigurations", + "access_level": "Write", + "description": "Grants permission to update the field in the case domain", + "privilege": "UpdateField", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Domain*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Field*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list all AWS Chatbot Slack Channel Configurations in an AWS account", - "privilege": "DescribeSlackChannelConfigurations", + "access_level": "Write", + "description": "Grants permission to update the layout in the case domain", + "privilege": "UpdateLayout", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Domain*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Layout*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list all public Slack channels in the Slack workspace connected to the AWS Account onboarded with AWS Chatbot service", - "privilege": "DescribeSlackChannels", + "access_level": "Write", + "description": "Grants permission to update the template in the case domain", + "privilege": "UpdateTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Domain*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Template*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:cases:${Region}:${Account}:domain/${DomainId}/case/${CaseId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Case" }, { - "access_level": "Read", - "description": "Grants permission to describe AWS Chatbot Slack User Identities", - "privilege": "DescribeSlackUserIdentities", + "arn": "arn:${Partition}:cases:${Region}:${Account}:domain/${DomainId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Domain" + }, + { + "arn": "arn:${Partition}:cases:${Region}:${Account}:domain/${DomainId}/field/${FieldId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Field" + }, + { + "arn": "arn:${Partition}:cases:${Region}:${Account}:domain/${DomainId}/layout/${LayoutId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Layout" + }, + { + "arn": "arn:${Partition}:cases:${Region}:${Account}:domain/${DomainId}/case/${CaseId}/related-item/${RelatedItemId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "RelatedItem" + }, + { + "arn": "arn:${Partition}:cases:${Region}:${Account}:domain/${DomainId}/template/${TemplateId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Template" + }, + { + "arn": "arn:${Partition}:cases:${Region}:${Account}:domain/${DomainId}/case-rule/${CaseRuleId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "CaseRule" + } + ], + "service_name": "Amazon Connect Cases" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters actions based on the presence of tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters actions based on tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters actions based on the presence of tag keys in the request", + "type": "ArrayOfString" + } + ], + "prefix": "cassandra", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to alter a keyspace or table", + "privilege": "Alter", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "keyspace" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list all authorized Slack workspaces connected to the AWS Account onboarded with AWS Chatbot service", - "privilege": "DescribeSlackWorkspaces", + "access_level": "Write", + "description": "Grants permission to alter a multiregion keyspace or table", + "privilege": "AlterMultiRegionResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "keyspace" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate a resource from a configuration", - "privilege": "DisassociateFromConfiguration", + "description": "Grants permission to create a keyspace or table", + "privilege": "Create", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ChatbotConfiguration*" + "resource_type": "keyspace" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "custom-action*" + "resource_type": "table" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve AWS Chatbot account preferences", - "privilege": "GetAccountPreferences", + "access_level": "Write", + "description": "Grants permission to create a multiregion keyspace or table", + "privilege": "CreateMultiRegionResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "keyspace" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a custom action", - "privilege": "GetCustomAction", + "access_level": "Write", + "description": "Grants permission to drop a keyspace or table", + "privilege": "Drop", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "custom-action*" + "resource_type": "keyspace" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a single AWS Chatbot Microsoft Teams Channel Configurations in an AWS account", - "privilege": "GetMicrosoftTeamsChannelConfiguration", + "access_level": "Write", + "description": "Grants permission to drop a multiregion keyspace or table", + "privilege": "DropMultiRegionResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "keyspace" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table" } ] }, { "access_level": "Read", - "description": "Grants permission to generate OAuth parameters to request Microsoft Teams OAuth code to be used by the AWS Chatbot service", - "privilege": "GetMicrosoftTeamsOauthParameters", + "description": "Grants permission to retrieve the CDC stream records from a given shard", + "privilege": "GetRecords", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "stream*" } ] }, { "access_level": "Read", - "description": "Grants permission to generate OAuth parameters to request Slack OAuth code to be used by the AWS Chatbot service", - "privilege": "GetSlackOauthParameters", + "description": "Grants permission to return a shard iterator", + "privilege": "GetShardIterator", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "stream*" } ] }, { "access_level": "Read", - "description": "Grants permission to list resources associated with a configuration", - "privilege": "ListAssociations", + "description": "Grants permission to return information about a CDC stream, including the composition of its shards", + "privilege": "GetStream", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ChatbotConfiguration*" + "resource_type": "stream*" } ] }, { "access_level": "List", - "description": "Grants permission to list custom actions", - "privilege": "ListCustomActions", + "description": "Grants permission to return an array of CDC stream ARNs associated with the current account and endpoint", + "privilege": "ListStreams", "resource_types": [ { "condition_keys": [], @@ -35046,203 +38185,253 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list all AWS Chatbot Microsoft Teams Channel Configurations in an AWS account", - "privilege": "ListMicrosoftTeamsChannelConfigurations", + "access_level": "Write", + "description": "Grants permission to INSERT, UPDATE or DELETE data in a table", + "privilege": "Modify", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list all Microsoft Teams connected to the AWS Account onboarded with AWS Chatbot service", - "privilege": "ListMicrosoftTeamsConfiguredTeams", + "access_level": "Write", + "description": "Grants permission to INSERT, UPDATE or DELETE data in a multiregion table", + "privilege": "ModifyMultiRegionResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe AWS Chatbot Microsoft Teams User Identities", - "privilege": "ListMicrosoftTeamsUserIdentities", + "access_level": "Write", + "description": "Grants permission to restore table from a backup", + "privilege": "Restore", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { - "access_level": "Read", - "description": "Grants permission to List all tags associated with the AWS Chatbot Channel Configuration", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to restore multiregion table from a backup", + "privilege": "RestoreMultiRegionTable", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { - "access_level": "Write", - "description": "Grants permission to redeem previously generated parameters with Microsoft APIs, to acquire OAuth tokens to be used by the AWS Chatbot service", - "privilege": "RedeemMicrosoftTeamsOauthCode", + "access_level": "Read", + "description": "Grants permission to SELECT data from a table", + "privilege": "Select", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { - "access_level": "Write", - "description": "Grants permission to redeem previously generated parameters with Slack API, to acquire OAuth tokens to be used by the AWS Chatbot service", - "privilege": "RedeemSlackOauthCode", + "access_level": "Read", + "description": "Grants permission to SELECT data from a multiregion table", + "privilege": "SelectMultiRegionResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { "access_level": "Tagging", - "description": "Grants permission to create tags on AWS Chatbot Channel Configuration", - "privilege": "TagResource", + "description": "Grants permission to tag a multiregion keyspace or table", + "privilege": "TagMultiRegionResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "keyspace" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Tagging", - "description": "Grants permission to remove tags on AWS Chatbot Channel Configuration", - "privilege": "UntagResource", + "description": "Grants permission to tag a keyspace, table, or stream", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "keyspace" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "stream" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update AWS Chatbot account preferences", - "privilege": "UpdateAccountPreferences", + "access_level": "Tagging", + "description": "Grants permission to untag a multiregion keyspace or table", + "privilege": "UnTagMultiRegionResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "keyspace" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update an AWS Chatbot Chime Webhook Configuration", - "privilege": "UpdateChimeWebhookConfiguration", + "access_level": "Tagging", + "description": "Grants permission to untag a keyspace, table or stream", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ChatbotConfiguration*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a custom action", - "privilege": "UpdateCustomAction", - "resource_types": [ + "resource_type": "keyspace" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "custom-action*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update an AWS Chatbot Microsoft Teams Channel Configuration", - "privilege": "UpdateMicrosoftTeamsChannelConfiguration", - "resource_types": [ + "resource_type": "stream" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ChatbotConfiguration*" + "resource_type": "table" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update an AWS Chatbot Slack Channel Configuration", - "privilege": "UpdateSlackChannelConfiguration", + "description": "Grants permission to UPDATE the partitioner in a system table", + "privilege": "UpdatePartitioner", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ChatbotConfiguration*" + "resource_type": "table*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:chatbot::${Account}:chat-configuration/${ConfigurationType}/${ChatbotConfigurationName}", - "condition_keys": [], - "resource": "ChatbotConfiguration" + "arn": "arn:${Partition}:cassandra:${Region}:${Account}:/keyspace/${KeyspaceName}/", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "keyspace" }, { - "arn": "arn:${Partition}:chatbot::${Account}:custom-action/${ActionName}", - "condition_keys": [], - "resource": "custom-action" + "arn": "arn:${Partition}:cassandra:${Region}:${Account}:/keyspace/${KeyspaceName}/table/${TableName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "table" + }, + { + "arn": "arn:${Partition}:cassandra:${Region}:${Account}:/keyspace/${KeyspaceName}/table/${TableName}/stream/${StreamLabel}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "stream" } ], - "service_name": "AWS Chatbot" + "service_name": "Amazon Keyspaces (for Apache Cassandra)" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by a tag's key and value in a request", + "description": "Filters access by the tags that are passed in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tag key-value pairs attached to the resource", + "description": "Filters access by the tags associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by the tag keys in a request", + "description": "Filters access by the tag keys that are passed in the request", "type": "ArrayOfString" } ], - "prefix": "chime", + "prefix": "ce", "privileges": [ { "access_level": "Write", - "description": "Grants permission to accept the delegate invitation to share management of an Amazon Chime account with another AWS Account", - "privilege": "AcceptDelegate", + "description": "Grants permission to create a new Anomaly Monitor", + "privilege": "CreateAnomalyMonitor", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -35250,11 +38439,14 @@ }, { "access_level": "Write", - "description": "Grants permission to activate users in an Amazon Chime Enterprise account", - "privilege": "ActivateUsers", + "description": "Grants permission to create a new Anomaly Subscription", + "privilege": "CreateAnomalySubscription", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -35262,11 +38454,14 @@ }, { "access_level": "Write", - "description": "Grants permission to add a domain to your Amazon Chime account", - "privilege": "AddDomain", + "description": "Grants permission to create a new Cost Category with the requested name and rules", + "privilege": "CreateCostCategoryDefinition", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -35274,8 +38469,8 @@ }, { "access_level": "Write", - "description": "Grants permission to add new or update existing Active Directory or Okta user groups associated with your Amazon Chime Enterprise account", - "privilege": "AddOrUpdateGroups", + "description": "Grants permission to create Reservation expiration alerts", + "privilege": "CreateNotificationSubscription", "resource_types": [ { "condition_keys": [], @@ -35286,59 +38481,77 @@ }, { "access_level": "Write", - "description": "Grants permission to associate a flow with a channel", - "privilege": "AssociateChannelFlow", + "description": "Grants permission to create Cost Explorer Reports", + "privilege": "CreateReport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-user*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an Anomaly Monitor", + "privilege": "DeleteAnomalyMonitor", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "anomalymonitor*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "channel-flow*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to associate a phone number with an Amazon Chime user", - "privilege": "AssociatePhoneNumberWithUser", + "description": "Grants permission to delete an Anomaly Subscription", + "privilege": "DeleteAnomalySubscription", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "anomalysubscription*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to associate multiple phone numbers with an Amazon Chime Voice Connector", - "privilege": "AssociatePhoneNumbersWithVoiceConnector", + "description": "Grants permission to delete a Cost Category", + "privilege": "DeleteCostCategoryDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" + "resource_type": "costcategory*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to associate multiple phone numbers with an Amazon Chime Voice Connector Group", - "privilege": "AssociatePhoneNumbersWithVoiceConnectorGroup", + "description": "Grants permission to delete Reservation expiration alerts", + "privilege": "DeleteNotificationSubscription", "resource_types": [ { "condition_keys": [], @@ -35349,8 +38562,8 @@ }, { "access_level": "Write", - "description": "Grants permission to associate the specified sign-in delegate groups with the specified Amazon Chime account", - "privilege": "AssociateSigninDelegateGroupsWithAccount", + "description": "Grants permission to delete Cost Explorer Reports", + "privilege": "DeleteReport", "resource_types": [ { "condition_keys": [], @@ -35360,21 +38573,28 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to associate the specified Amazon Connect instance with an Amazon Chime Voice Connector", - "privilege": "AssociateVoiceConnectorConnect", + "access_level": "Read", + "description": "Grants permission to retrieve descriptions such as the name, ARN, rules, definition, and effective dates of a Cost Category", + "privilege": "DescribeCostCategoryDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "costcategory*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to authorize an Active Directory for your Amazon Chime Enterprise account", - "privilege": "AuthorizeDirectory", + "access_level": "Read", + "description": "Grants permission to view Reservation expiration alerts", + "privilege": "DescribeNotificationSubscription", "resource_types": [ { "condition_keys": [], @@ -35384,67 +38604,78 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create new attendees for an active Amazon Chime SDK meeting", - "privilege": "BatchCreateAttendee", + "access_level": "Read", + "description": "Grants permission to view Cost Explorer Reports page", + "privilege": "DescribeReport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "meeting*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to add multiple users and bots to a channel", - "privilege": "BatchCreateChannelMembership", + "access_level": "Read", + "description": "Grants permission to retrieve anomalies", + "privilege": "GetAnomalies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-user*" + "resource_type": "anomalymonitor*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to batch add room members", - "privilege": "BatchCreateRoomMembership", + "access_level": "Read", + "description": "Grants permission to query Anomaly Monitors", + "privilege": "GetAnomalyMonitors", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "anomalymonitor*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to move up to 50 phone numbers to the deletion queue", - "privilege": "BatchDeletePhoneNumber", + "access_level": "Read", + "description": "Grants permission to query Anomaly Subscriptions", + "privilege": "GetAnomalySubscriptions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "anomalysubscription*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to suspend up to 50 users from a Team or EnterpriseLWA Amazon Chime account", - "privilege": "BatchSuspendUser", + "access_level": "Read", + "description": "Grants permission to retrieve approximate usage record count for the chosen resource, level, and hourly granularity preferences, derived from the past month's usage", + "privilege": "GetApproximateUsageRecords", "resource_types": [ { "condition_keys": [], @@ -35454,9 +38685,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to remove the suspension from up to 50 previously suspended users for the specified Amazon Chime EnterpriseLWA account", - "privilege": "BatchUnsuspendUser", + "access_level": "Read", + "description": "Grants permission to retrieve the commitment purchase analysis for your account", + "privilege": "GetCommitmentPurchaseAnalysis", "resource_types": [ { "condition_keys": [], @@ -35466,186 +38697,238 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update AttendeeCapabilities except the capabilities listed in an ExcludedAttendeeIds table", - "privilege": "BatchUpdateAttendeeCapabilitiesExcept", + "access_level": "Read", + "description": "Grants permission to view whether existing or fine-grained IAM actions are being used to control authorization to Billing, Cost Management, and Account consoles", + "privilege": "GetConsoleActionSetEnforced", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "meeting*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update phone number details within the UpdatePhoneNumberRequestItem object for up to 50 phone numbers", - "privilege": "BatchUpdatePhoneNumber", + "access_level": "Read", + "description": "Grants permission to retrieve the cost and usage metrics for your account", + "privilege": "GetCostAndUsage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "billingview" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update user details within the UpdateUserRequestItem object for up to 20 users for the specified Amazon Chime account", - "privilege": "BatchUpdateUser", + "access_level": "Read", + "description": "Grants permission to retrieve the cost and usage comparisons for your account", + "privilege": "GetCostAndUsageComparisons", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "billingview" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to callback for a message on a channel", - "privilege": "ChannelFlowCallback", + "access_level": "Read", + "description": "Grants permission to retrieve the cost and usage metrics with resources for your account", + "privilege": "GetCostAndUsageWithResources", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "billingview" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to establish a web socket connection for app instance user to the messaging session endpoint", - "privilege": "Connect", + "access_level": "Read", + "description": "Grants permission to query Cost Catagory names and values for a specified time period", + "privilege": "GetCostCategories", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-user*" + "resource_type": "billingview" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to connect an Active Directory to your Amazon Chime Enterprise account", - "privilege": "ConnectDirectory", + "access_level": "Read", + "description": "Grants permission to retrieve the cost drivers for your account", + "privilege": "GetCostComparisonDrivers", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ds:ConnectDirectory" + "dependent_actions": [], + "resource_type": "billingview" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an Amazon Chime account under the administrator's AWS account", - "privilege": "CreateAccount", + "access_level": "Read", + "description": "Grants permission to retrieve a cost forecast for a forecast time period", + "privilege": "GetCostForecast", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "billingview" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new SCIM access key for your Amazon Chime account and Okta configuration", - "privilege": "CreateApiKey", + "access_level": "Read", + "description": "Grants permission to retrieve all available filter values for a filter for a period of time", + "privilege": "GetDimensionValues", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "billingview" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an app instance in the AWS account (tag-based access controls are only supported on identity-chime..amazonaws.com endpoints)", - "privilege": "CreateAppInstance", + "access_level": "Read", + "description": "Grants permission to view Cost Explorer Preferences page", + "privilege": "GetPreferences", "resource_types": [ { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to promote a user or bot to an AppInstanceAdmin", - "privilege": "CreateAppInstanceAdmin", + "access_level": "Read", + "description": "Grants permission to retrieve the reservation coverage for your account", + "privilege": "GetReservationCoverage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the reservation recommendations for your account", + "privilege": "GetReservationPurchaseRecommendation", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the reservation utilization for your account", + "privilege": "GetReservationUtilization", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-user*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a bot within an AppInstance (tag-based access controls are only supported on identity-chime..amazonaws.com endpoints)", - "privilege": "CreateAppInstanceBot", + "access_level": "Read", + "description": "Grants permission to retrieve the rightsizing recommendations for your account", + "privilege": "GetRightsizingRecommendation", "resource_types": [ { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a user within an AppInstance (tag-based access controls are only supported on identity-chime..amazonaws.com endpoints)", - "privilege": "CreateAppInstanceUser", + "access_level": "Read", + "description": "Grants permission to retrieve the Savings Plan recommendation details for your account", + "privilege": "GetSavingsPlanPurchaseRecommendationDetails", "resource_types": [ { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new attendee for an active Amazon Chime SDK meeting", - "privilege": "CreateAttendee", + "access_level": "Read", + "description": "Grants permission to retrieve the Savings Plans coverage for your account", + "privilege": "GetSavingsPlansCoverage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "meeting*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a bot for an Amazon Chime Enterprise account", - "privilege": "CreateBot", + "access_level": "Read", + "description": "Grants permission to retrieve the Savings Plans recommendations for your account", + "privilege": "GetSavingsPlansPurchaseRecommendation", "resource_types": [ { "condition_keys": [], @@ -35655,39 +38938,42 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a new Call Detail Record S3 bucket", - "privilege": "CreateCDRBucket", + "access_level": "Read", + "description": "Grants permission to retrieve the Savings Plans utilization for your account", + "privilege": "GetSavingsPlansUtilization", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "s3:CreateBucket", - "s3:ListAllMyBuckets" - ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a channel for an app instance in the AWS account (tag-based access controls are only supported on messaging-chime..amazonaws.com endpoints)", - "privilege": "CreateChannel", + "access_level": "Read", + "description": "Grants permission to retrieve the Savings Plans utilization details for your account", + "privilege": "GetSavingsPlansUtilizationDetails", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to query tags for a specified time period", + "privilege": "GetTags", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-user*" + "resource_type": "billingview" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -35695,211 +38981,216 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to ban a user or bot from a channel", - "privilege": "CreateChannelBan", + "access_level": "Read", + "description": "Grants permission to retrieve a usage forecast for a forecast time period", + "privilege": "GetUsageForecast", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" + "resource_type": "billingview" }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "app-instance-user*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve a list of your historical commitment purchase analyses", + "privilege": "ListCommitmentPurchaseAnalyses", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a channel flow for an app instance in the AWS account (tag-based access controls are only supported on messaging-chime..amazonaws.com endpoints)", - "privilege": "CreateChannelFlow", + "access_level": "List", + "description": "Grants permission to list Cost Allocation Tag backfill history", + "privilege": "ListCostAllocationTagBackfillHistory", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to add a user or bot to a channel", - "privilege": "CreateChannelMembership", + "access_level": "List", + "description": "Grants permission to list Cost Allocation Tags", + "privilege": "ListCostAllocationTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve names, ARN, and effective dates for all Cost Categories", + "privilege": "ListCostCategoryDefinitions", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-user*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve a list of your historical recommendation generations", + "privilege": "ListSavingsPlansPurchaseRecommendationGeneration", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a channel moderator", - "privilege": "CreateChannelModerator", + "access_level": "Read", + "description": "Grants permission to list tags for a Cost Explorer resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" + "resource_type": "anomalymonitor" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-user*" + "resource_type": "anomalysubscription" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create an Amazon Connect Analytics Connector in the AWS account (tag-based access controls are only supported on voice-chime..amazonaws.com endpoints)", - "privilege": "CreateConnectAnalyticsConnector", - "resource_types": [ + "resource_type": "costcategory" + }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [ - "chime:CreateVoiceConnector" + "aws:ResourceTag/${TagKey}" ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create an Amazon Connect Call Transfer Connector in the AWS account (tag-based access controls are only supported on voice-chime..amazonaws.com endpoints)", - "privilege": "CreateConnectCallTransferConnector", + "description": "Grants permission to provide feedback on detected anomalies", + "privilege": "ProvideAnomalyFeedback", "resource_types": [ { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [ - "chime:CreateVoiceConnector" - ], + "condition_keys": [], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a media capture pipeline (tag-based access controls are only supported on media-pipelines-chime..amazonaws.com endpoints)", - "privilege": "CreateMediaCapturePipeline", + "description": "Grants permission to request a commitment purchase analysis", + "privilege": "StartCommitmentPurchaseAnalysis", "resource_types": [ { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [ - "s3:GetBucketPolicy" - ], + "condition_keys": [], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a media concatenation pipeline (tag-based access controls are only supported on media-pipelines-chime..amazonaws.com endpoints)", - "privilege": "CreateMediaConcatenationPipeline", + "description": "Grants permission to request a Cost Allocation Tag backfill", + "privilege": "StartCostAllocationTagBackfill", "resource_types": [ { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [ - "s3:GetBucketPolicy" - ], + "condition_keys": [], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a media insights pipeline (tag-based access controls are only supported on media-pipelines-chime..amazonaws.com endpoints)", - "privilege": "CreateMediaInsightsPipeline", + "description": "Grants permission to request a Savings Plans recommendation generation", + "privilege": "StartSavingsPlansPurchaseRecommendationGeneration", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "chime:TagResource", - "kinesisvideo:DescribeStream" - ], - "resource_type": "media-insights-pipeline-configuration*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a media insights pipeline configuration (tag-based access controls are only supported on media-pipelines-chime..amazonaws.com endpoints)", - "privilege": "CreateMediaInsightsPipelineConfiguration", + "access_level": "Tagging", + "description": "Grants permission to tag a Cost Explorer resource", + "privilege": "TagResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "anomalymonitor" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "anomalysubscription" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "costcategory" + }, { "condition_keys": [ "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [ - "chime:TagResource", - "iam:PassRole", - "kinesis:DescribeStream", - "s3:ListBucket" + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a media live connector pipeline (tag-based access controls are only supported on media-pipelines-chime..amazonaws.com endpoints)", - "privilege": "CreateMediaLiveConnectorPipeline", + "access_level": "Tagging", + "description": "Grants permission to remove tags from a Cost Explorer resource", + "privilege": "UntagResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "anomalymonitor" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "anomalysubscription" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "costcategory" + }, { "condition_keys": [ "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -35908,42 +39199,36 @@ }, { "access_level": "Write", - "description": "Grants permission to create kinesis video stream pool (tag-based access controls are only supported on media-pipelines-chime..amazonaws.com endpoints)", - "privilege": "CreateMediaPipelineKinesisVideoStreamPool", + "description": "Grants permission to update an existing Anomaly Monitor", + "privilege": "UpdateAnomalyMonitor", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "anomalymonitor*" + }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [ - "kinesis:DescribeStream", - "kinesisvideo:CreateStream", - "kinesisvideo:GetDataEndpoint", - "kinesisvideo:ListStreams" + "aws:ResourceTag/${TagKey}" ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a media stream pipeline (tag-based access controls are only supported on media-pipelines-chime..amazonaws.com endpoints)", - "privilege": "CreateMediaStreamPipeline", + "description": "Grants permission to update an existing Anomaly Subscription", + "privilege": "UpdateAnomalySubscription", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "kinesisvideo:DescribeStream", - "kinesisvideo:GetDataEndpoint", - "kinesisvideo:PutMedia" - ], - "resource_type": "media-pipeline-kinesis-video-stream-pool*" + "dependent_actions": [], + "resource_type": "anomalysubscription*" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -35952,14 +39237,11 @@ }, { "access_level": "Write", - "description": "Grants permission to create a new meeting in the specified media Region, with no initial attendees (tag-based access controls are only supported on meetings-chime..amazonaws.com endpoints)", - "privilege": "CreateMeeting", + "description": "Grants permission to change whether existing or fine-grained IAM actions will be used to control authorization to Billing, Cost Management, and Account consoles", + "privilege": "UpdateConsoleActionSetEnforced", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -35967,25 +39249,29 @@ }, { "access_level": "Write", - "description": "Grants permission to call a phone number to join the specified Amazon Chime SDK meeting", - "privilege": "CreateMeetingDialOut", + "description": "Grants permission to update existing Cost Allocation Tags status", + "privilege": "UpdateCostAllocationTagsStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "meeting*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new meeting in the specified media Region, with a set of attendees (tag-based access controls are only supported on meetings-chime..amazonaws.com endpoints)", - "privilege": "CreateMeetingWithAttendees", + "description": "Grants permission to update an existing Cost Category", + "privilege": "UpdateCostCategoryDefinition", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "costcategory*" + }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -35994,8 +39280,8 @@ }, { "access_level": "Write", - "description": "Grants permission to create a phone number order with the Carriers", - "privilege": "CreatePhoneNumberOrder", + "description": "Grants permission to update Reservation expiration alerts", + "privilege": "UpdateNotificationSubscription", "resource_types": [ { "condition_keys": [], @@ -36006,20 +39292,20 @@ }, { "access_level": "Write", - "description": "Grants permission to create a proxy session for the specified Amazon Chime Voice Connector", - "privilege": "CreateProxySession", + "description": "Grants permission to edit Cost Explorer Preferences page", + "privilege": "UpdatePreferences", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a room", - "privilege": "CreateRoom", + "description": "Grants permission to update Cost Explorer Reports", + "privilege": "UpdateReport", "resource_types": [ { "condition_keys": [], @@ -36027,23 +39313,88 @@ "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:ce::${Account}:anomalysubscription/${Identifier}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "anomalysubscription" + }, + { + "arn": "arn:${Partition}:ce::${Account}:anomalymonitor/${Identifier}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "anomalymonitor" + }, + { + "arn": "arn:${Partition}:ce::${Account}:costcategory/${Identifier}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "costcategory" + }, + { + "arn": "arn:${Partition}:billing::${Account}:billingview/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "billingview" + } + ], + "service_name": "AWS Cost Explorer Service" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "chatbot", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to add a room member", - "privilege": "CreateRoomMembership", + "description": "Grants permission to associate a resource with a configuration", + "privilege": "AssociateToConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "ChatbotConfiguration*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "custom-action*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create an Amazon Chime SIP media application in the AWS account (tag-based access controls are only supported on voice-chime..amazonaws.com endpoints)", - "privilege": "CreateSipMediaApplication", + "description": "Grants permission to create an AWS Chatbot Chime Webhook Configuration", + "privilege": "CreateChimeWebhookConfiguration", "resource_types": [ { "condition_keys": [ @@ -36057,35 +39408,29 @@ }, { "access_level": "Write", - "description": "Grants permission to create outbound call for Amazon Chime SIP media application under the administrator's AWS account", - "privilege": "CreateSipMediaApplicationCall", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "sip-media-application*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create an Amazon Chime SIP rule under the administrator's AWS account", - "privilege": "CreateSipRule", + "description": "Grants permission to create a custom action", + "privilege": "CreateCustomAction", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "sip-media-application" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a user under the specified Amazon Chime account", - "privilege": "CreateUser", + "description": "Grants permission to create an AWS Chatbot Microsoft Teams Channel Configuration", + "privilege": "CreateMicrosoftTeamsChannelConfiguration", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } @@ -36093,41 +39438,33 @@ }, { "access_level": "Write", - "description": "Grants permission to create a Voice Connector in the AWS account (tag-based access controls are only supported on voice-chime..amazonaws.com endpoints)", - "privilege": "CreateVoiceConnector", + "description": "Grants permission to create an AWS Chatbot Slack Channel Configuration", + "privilege": "CreateSlackChannelConfiguration", "resource_types": [ { "condition_keys": [ "aws:TagKeys", "aws:RequestTag/${TagKey}" ], - "dependent_actions": [ - "chime:CreateConnectAnalyticsConnector", - "chime:CreateConnectCallTransferConnector" - ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a Amazon Chime Voice Connector Group under the administrator's AWS account", - "privilege": "CreateVoiceConnectorGroup", + "description": "Grants permission to delete an AWS Chatbot Chime Webhook Configuration", + "privilege": "DeleteChimeWebhookConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a voice profile", - "privilege": "CreateVoiceProfile", - "resource_types": [ + "resource_type": "ChatbotConfiguration*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } @@ -36135,39 +39472,46 @@ }, { "access_level": "Write", - "description": "Grants permission to create a voice profile domain (tag-based access controls are only supported on voice-chime..amazonaws.com endpoints)", - "privilege": "CreateVoiceProfileDomain", + "description": "Grants permission to delete a custom action", + "privilege": "DeleteCustomAction", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "custom-action*" + }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [ - "chime:TagResource", - "kms:CreateGrant", - "kms:DescribeKey" + "aws:ResourceTag/${TagKey}" ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the specified Amazon Chime account", - "privilege": "DeleteAccount", + "description": "Grants permission to delete an AWS Chatbot Microsoft Teams Channel Configuration", + "privilege": "DeleteMicrosoftTeamsChannelConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "ChatbotConfiguration*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the OpenIdConfig attributes from your Amazon Chime account", - "privilege": "DeleteAccountOpenIdConfig", + "description": "Grants permission to delete the Microsoft Teams configured with AWS Chatbot in an AWS account", + "privilege": "DeleteMicrosoftTeamsConfiguredTeam", "resource_types": [ { "condition_keys": [], @@ -36178,8 +39522,8 @@ }, { "access_level": "Write", - "description": "Grants permission to delete the specified SCIM access key associated with your Amazon Chime account and Okta configuration", - "privilege": "DeleteApiKey", + "description": "Grants permission to delete an AWS Chatbot Microsoft Teams User Identity", + "privilege": "DeleteMicrosoftTeamsUserIdentity", "resource_types": [ { "condition_keys": [], @@ -36190,226 +39534,192 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an AppInstance", - "privilege": "DeleteAppInstance", + "description": "Grants permission to delete an AWS Chatbot Slack Channel Configuration", + "privilege": "DeleteSlackChannelConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance*" + "resource_type": "ChatbotConfiguration*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to demote an AppInstanceAdmin to a user or bot", - "privilege": "DeleteAppInstanceAdmin", + "description": "Grants permission to delete an AWS Chatbot Slack User Identity", + "privilege": "DeleteSlackUserIdentity", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-bot*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-user*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an AppInstanceBot", - "privilege": "DeleteAppInstanceBot", + "description": "Grants permission to delete the Slack workspace authorization with AWS Chatbot, associated with an AWS account", + "privilege": "DeleteSlackWorkspaceAuthorization", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to disable data streaming for the app instance", - "privilege": "DeleteAppInstanceStreamingConfigurations", + "access_level": "Read", + "description": "Grants permission to list all AWS Chatbot Chime Webhook Configurations in an AWS Account", + "privilege": "DescribeChimeWebhookConfigurations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an AppInstanceUser", - "privilege": "DeleteAppInstanceUser", + "access_level": "Read", + "description": "Grants permission to list all AWS Chatbot Slack Channel Configurations in an AWS account", + "privilege": "DescribeSlackChannelConfigurations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-user*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified attendee from an Amazon Chime SDK meeting", - "privilege": "DeleteAttendee", + "access_level": "Read", + "description": "Grants permission to list all public Slack channels in the Slack workspace connected to the AWS Account onboarded with AWS Chatbot service", + "privilege": "DescribeSlackChannels", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "meeting*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a Call Detail Record S3 bucket from your Amazon Chime account", - "privilege": "DeleteCDRBucket", + "access_level": "Read", + "description": "Grants permission to describe AWS Chatbot Slack User Identities", + "privilege": "DescribeSlackUserIdentities", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "s3:DeleteBucket" - ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a channel", - "privilege": "DeleteChannel", + "access_level": "Read", + "description": "Grants permission to list all authorized Slack workspaces connected to the AWS Account onboarded with AWS Chatbot service", + "privilege": "DescribeSlackWorkspaces", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-user*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to remove a user or bot from a channel's ban list", - "privilege": "DeleteChannelBan", + "description": "Grants permission to disassociate a resource from a configuration", + "privilege": "DisassociateFromConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" + "resource_type": "ChatbotConfiguration*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-user*" + "resource_type": "custom-action*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a channel flow", - "privilege": "DeleteChannelFlow", + "access_level": "Read", + "description": "Grants permission to retrieve AWS Chatbot account preferences", + "privilege": "GetAccountPreferences", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to remove a member from a channel", - "privilege": "DeleteChannelMembership", + "access_level": "Read", + "description": "Grants permission to get a custom action", + "privilege": "GetCustomAction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-user*" + "resource_type": "custom-action*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a channel message", - "privilege": "DeleteChannelMessage", + "access_level": "Read", + "description": "Grants permission to get a single AWS Chatbot Microsoft Teams Channel Configurations in an AWS account", + "privilege": "GetMicrosoftTeamsChannelConfiguration", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-bot*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-user*" - }, - { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a channel moderator", - "privilege": "DeleteChannelModerator", + "access_level": "Read", + "description": "Grants permission to generate OAuth parameters to request Microsoft Teams OAuth code to be used by the AWS Chatbot service", + "privilege": "GetMicrosoftTeamsOauthParameters", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-user*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete delegated AWS account management from your Amazon Chime account", - "privilege": "DeleteDelegate", + "access_level": "Read", + "description": "Grants permission to generate OAuth parameters to request Slack OAuth code to be used by the AWS Chatbot service", + "privilege": "GetSlackOauthParameters", "resource_types": [ { "condition_keys": [], @@ -36419,21 +39729,21 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete a domain from your Amazon Chime account", - "privilege": "DeleteDomain", + "access_level": "Read", + "description": "Grants permission to list resources associated with a configuration", + "privilege": "ListAssociations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ChatbotConfiguration*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an events configuration for a bot to receive outgoing events", - "privilege": "DeleteEventsConfiguration", + "access_level": "List", + "description": "Grants permission to list custom actions", + "privilege": "ListCustomActions", "resource_types": [ { "condition_keys": [], @@ -36443,9 +39753,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete Active Directory or Okta user groups from your Amazon Chime Enterprise account", - "privilege": "DeleteGroups", + "access_level": "Read", + "description": "Grants permission to list all AWS Chatbot Microsoft Teams Channel Configurations in an AWS account", + "privilege": "ListMicrosoftTeamsChannelConfigurations", "resource_types": [ { "condition_keys": [], @@ -36455,119 +39765,118 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete a media capture pipeline", - "privilege": "DeleteMediaCapturePipeline", + "access_level": "Read", + "description": "Grants permission to list all Microsoft Teams connected to the AWS Account onboarded with AWS Chatbot service", + "privilege": "ListMicrosoftTeamsConfiguredTeams", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "media-pipeline*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a media insights pipeline configuration", - "privilege": "DeleteMediaInsightsPipelineConfiguration", + "access_level": "Read", + "description": "Grants permission to describe AWS Chatbot Microsoft Teams User Identities", + "privilege": "ListMicrosoftTeamsUserIdentities", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "chime:ListVoiceConnectors" - ], - "resource_type": "media-insights-pipeline-configuration*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a media pipeline", - "privilege": "DeleteMediaPipeline", + "access_level": "Read", + "description": "Grants permission to List all tags associated with the AWS Chatbot Channel Configuration", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "media-pipeline*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete kinesis video stream pool", - "privilege": "DeleteMediaPipelineKinesisVideoStreamPool", + "description": "Grants permission to redeem previously generated parameters with Microsoft APIs, to acquire OAuth tokens to be used by the AWS Chatbot service", + "privilege": "RedeemMicrosoftTeamsOauthCode", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "media-pipeline-kinesis-video-stream-pool*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the specified Amazon Chime SDK meeting", - "privilege": "DeleteMeeting", + "description": "Grants permission to redeem previously generated parameters with Slack API, to acquire OAuth tokens to be used by the AWS Chatbot service", + "privilege": "RedeemSlackOauthCode", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "meeting*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the data streaming configurations of an AppInstance", - "privilege": "DeleteMessagingStreamingConfigurations", + "access_level": "Tagging", + "description": "Grants permission to create tags on AWS Chatbot Channel Configuration", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to move a phone number to the deletion queue", - "privilege": "DeletePhoneNumber", - "resource_types": [ + "resource_type": "ChatbotConfiguration" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "custom-action" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a proxy session for the specified Amazon Chime Voice Connector", - "privilege": "DeleteProxySession", + "access_level": "Tagging", + "description": "Grants permission to remove tags on AWS Chatbot Channel Configuration", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a room", - "privilege": "DeleteRoom", - "resource_types": [ + "resource_type": "ChatbotConfiguration" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "custom-action" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to remove a room member", - "privilege": "DeleteRoomMembership", + "description": "Grants permission to update AWS Chatbot account preferences", + "privilege": "UpdateAccountPreferences", "resource_types": [ { "condition_keys": [], @@ -36578,73 +39887,135 @@ }, { "access_level": "Write", - "description": "Grants permission to delete Amazon Chime SIP media application under the administrator's AWS account", - "privilege": "DeleteSipMediaApplication", + "description": "Grants permission to update an AWS Chatbot Chime Webhook Configuration", + "privilege": "UpdateChimeWebhookConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sip-media-application*" + "resource_type": "ChatbotConfiguration*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete Amazon Chime SIP rule under the administrator's AWS account", - "privilege": "DeleteSipRule", + "description": "Grants permission to update a custom action", + "privilege": "UpdateCustomAction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "custom-action*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the specified Amazon Chime Voice Connector", - "privilege": "DeleteVoiceConnector", + "description": "Grants permission to update an AWS Chatbot Microsoft Teams Channel Configuration", + "privilege": "UpdateMicrosoftTeamsChannelConfiguration", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "logs:CreateLogDelivery", - "logs:DeleteLogDelivery", - "logs:GetLogDelivery", - "logs:ListLogDeliveries" + "dependent_actions": [], + "resource_type": "ChatbotConfiguration*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" ], - "resource_type": "voice-connector*" + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete emergency calling configuration for the specified Amazon Chime Voice Connector", - "privilege": "DeleteVoiceConnectorEmergencyCallingConfiguration", + "description": "Grants permission to update an AWS Chatbot Slack Channel Configuration", + "privilege": "UpdateSlackChannelConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" + "resource_type": "ChatbotConfiguration*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:chatbot::${Account}:chat-configuration/${ConfigurationType}/${ChatbotConfigurationName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "ChatbotConfiguration" + }, + { + "arn": "arn:${Partition}:chatbot::${Account}:custom-action/${ActionName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "custom-action" + } + ], + "service_name": "AWS Chatbot" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by a tag's key and value in a request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tag key-value pairs attached to the resource", + "type": "String" }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys in a request", + "type": "ArrayOfString" + } + ], + "prefix": "chime", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to delete the configuration of the external system that is connected with the specified Amazon Chime Voice Connector", - "privilege": "DeleteVoiceConnectorExternalSystemsConfiguration", + "description": "Grants permission to accept the delegate invitation to share management of an Amazon Chime account with another AWS Account", + "privilege": "AcceptDelegate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the specified Amazon Chime Voice Connector Group", - "privilege": "DeleteVoiceConnectorGroup", + "description": "Grants permission to activate users in an Amazon Chime Enterprise account", + "privilege": "ActivateUsers", "resource_types": [ { "condition_keys": [], @@ -36655,174 +40026,143 @@ }, { "access_level": "Write", - "description": "Grants permission to delete the origination settings for the specified Amazon Chime Voice Connector", - "privilege": "DeleteVoiceConnectorOrigination", + "description": "Grants permission to add a domain to your Amazon Chime account", + "privilege": "AddDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete proxy configuration for the specified Amazon Chime Voice Connector", - "privilege": "DeleteVoiceConnectorProxy", + "description": "Grants permission to add new or update existing Active Directory or Okta user groups associated with your Amazon Chime Enterprise account", + "privilege": "AddOrUpdateGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete streaming configuration for the specified Amazon Chime Voice Connector", - "privilege": "DeleteVoiceConnectorStreamingConfiguration", + "description": "Grants permission to associate a flow with a channel", + "privilege": "AssociateChannelFlow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete the termination settings for the specified Amazon Chime Voice Connector", - "privilege": "DeleteVoiceConnectorTermination", - "resource_types": [ + "resource_type": "app-instance-bot*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete SIP termination credentials for the specified Amazon Chime Voice Connector", - "privilege": "DeleteVoiceConnectorTerminationCredentials", - "resource_types": [ + "resource_type": "app-instance-user*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a voice profile", - "privilege": "DeleteVoiceProfile", - "resource_types": [ + "resource_type": "channel*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-profile*" + "resource_type": "channel-flow*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a voice profile domain", - "privilege": "DeleteVoiceProfileDomain", + "description": "Grants permission to associate a phone number with an Amazon Chime user", + "privilege": "AssociatePhoneNumberWithUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-profile-domain*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to deregister an endpoint for an app instance user", - "privilege": "DeregisterAppInstanceUserEndpoint", + "description": "Grants permission to associate multiple phone numbers with an Amazon Chime Voice Connector", + "privilege": "AssociatePhoneNumbersWithVoiceConnector", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-user*" + "resource_type": "voice-connector*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the full details of an AppInstance", - "privilege": "DescribeAppInstance", + "access_level": "Write", + "description": "Grants permission to associate multiple phone numbers with an Amazon Chime Voice Connector Group", + "privilege": "AssociatePhoneNumbersWithVoiceConnectorGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the full details of an AppInstanceAdmin", - "privilege": "DescribeAppInstanceAdmin", + "access_level": "Write", + "description": "Grants permission to associate the specified sign-in delegate groups with the specified Amazon Chime account", + "privilege": "AssociateSigninDelegateGroupsWithAccount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-bot*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-user*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the full details of an AppInstanceBot", - "privilege": "DescribeAppInstanceBot", + "access_level": "Write", + "description": "Grants permission to associate the specified Amazon Connect instance with an Amazon Chime Voice Connector", + "privilege": "AssociateVoiceConnectorConnect", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the full details of an AppInstanceUser", - "privilege": "DescribeAppInstanceUser", + "access_level": "Write", + "description": "Grants permission to authorize an Active Directory for your Amazon Chime Enterprise account", + "privilege": "AuthorizeDirectory", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-user*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe an endpoint registered for an app instance user", - "privilege": "DescribeAppInstanceUserEndpoint", + "access_level": "Write", + "description": "Grants permission to create new attendees for an active Amazon Chime SDK meeting", + "privilege": "BatchCreateAttendee", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-user*" + "resource_type": "meeting*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the full details of a channel", - "privilege": "DescribeChannel", + "access_level": "Write", + "description": "Grants permission to add multiple users and bots to a channel", + "privilege": "BatchCreateChannelMembership", "resource_types": [ { "condition_keys": [], @@ -36842,194 +40182,131 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get the full details of a channel ban", - "privilege": "DescribeChannelBan", + "access_level": "Write", + "description": "Grants permission to batch add room members", + "privilege": "BatchCreateRoomMembership", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-user*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the full details of a channel flow", - "privilege": "DescribeChannelFlow", + "access_level": "Write", + "description": "Grants permission to move up to 50 phone numbers to the deletion queue", + "privilege": "BatchDeletePhoneNumber", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel-flow*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the full details of a channel membership", - "privilege": "DescribeChannelMembership", + "access_level": "Write", + "description": "Grants permission to suspend up to 50 users from a Team or EnterpriseLWA Amazon Chime account", + "privilege": "BatchSuspendUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-user*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the details of a channel based on the membership of the specified user or bot", - "privilege": "DescribeChannelMembershipForAppInstanceUser", + "access_level": "Write", + "description": "Grants permission to remove the suspension from up to 50 previously suspended users for the specified Amazon Chime EnterpriseLWA account", + "privilege": "BatchUnsuspendUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-user*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the full details of a channel moderated by the specified user or bot", - "privilege": "DescribeChannelModeratedByAppInstanceUser", + "access_level": "Write", + "description": "Grants permission to update AttendeeCapabilities except the capabilities listed in an ExcludedAttendeeIds table", + "privilege": "BatchUpdateAttendeeCapabilitiesExcept", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-user*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "meeting*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the full details of a single ChannelModerator", - "privilege": "DescribeChannelModerator", + "access_level": "Write", + "description": "Grants permission to update phone number details within the UpdatePhoneNumberRequestItem object for up to 50 phone numbers", + "privilege": "BatchUpdatePhoneNumber", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-user*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate a flow from a channel", - "privilege": "DisassociateChannelFlow", + "description": "Grants permission to update user details within the UpdateUserRequestItem object for up to 20 users for the specified Amazon Chime account", + "privilege": "BatchUpdateUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-user*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "channel*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "channel-flow*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate the primary provisioned number from the specified Amazon Chime user", - "privilege": "DisassociatePhoneNumberFromUser", + "description": "Grants permission to callback for a message on a channel", + "privilege": "ChannelFlowCallback", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate multiple phone numbers from the specified Amazon Chime Voice Connector", - "privilege": "DisassociatePhoneNumbersFromVoiceConnector", + "description": "Grants permission to establish a web socket connection for app instance user to the messaging session endpoint", + "privilege": "Connect", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" + "resource_type": "app-instance-user*" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate multiple phone numbers from the specified Amazon Chime Voice Connector Group", - "privilege": "DisassociatePhoneNumbersFromVoiceConnectorGroup", + "description": "Grants permission to connect an Active Directory to your Amazon Chime Enterprise account", + "privilege": "ConnectDirectory", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "ds:ConnectDirectory" + ], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate the specified sign-in delegate groups from the specified Amazon Chime account", - "privilege": "DisassociateSigninDelegateGroupsFromAccount", + "description": "Grants permission to create an Amazon Chime account under the administrator's AWS account", + "privilege": "CreateAccount", "resource_types": [ { "condition_keys": [], @@ -37040,8 +40317,8 @@ }, { "access_level": "Write", - "description": "Grants permission to disassociate the Amazon Connect instance from the specified Amazon Chime Voice Connector", - "privilege": "DisassociateVoiceConnectorConnect", + "description": "Grants permission to create a new SCIM access key for your Amazon Chime account and Okta configuration", + "privilege": "CreateApiKey", "resource_types": [ { "condition_keys": [], @@ -37052,134 +40329,139 @@ }, { "access_level": "Write", - "description": "Grants permission to disconnect the Active Directory from your Amazon Chime Enterprise account", - "privilege": "DisconnectDirectory", + "description": "Grants permission to create an app instance in the AWS account (tag-based access controls are only supported on identity-chime..amazonaws.com endpoints)", + "privilege": "CreateAppInstance", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details for the specified Amazon Chime account", - "privilege": "GetAccount", + "access_level": "Write", + "description": "Grants permission to promote a user or bot to an AppInstanceAdmin", + "privilege": "CreateAppInstanceAdmin", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get details for the account resource associated with your Amazon Chime account", - "privilege": "GetAccountResource", - "resource_types": [ + "resource_type": "app-instance*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get account settings for the specified Amazon Chime account ID", - "privilege": "GetAccountSettings", - "resource_types": [ + "resource_type": "app-instance-bot*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "app-instance-user*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the account details and OpenIdConfig attributes for your Amazon Chime account", - "privilege": "GetAccountWithOpenIdConfig", + "access_level": "Write", + "description": "Grants permission to create a bot within an AppInstance (tag-based access controls are only supported on identity-chime..amazonaws.com endpoints)", + "privilege": "CreateAppInstanceBot", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get retention settings for an app instance", - "privilege": "GetAppInstanceRetentionSettings", + "access_level": "Write", + "description": "Grants permission to create a user within an AppInstance (tag-based access controls are only supported on identity-chime..amazonaws.com endpoints)", + "privilege": "CreateAppInstanceUser", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "app-instance*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the streaming configurations for an app instance", - "privilege": "GetAppInstanceStreamingConfigurations", + "access_level": "Write", + "description": "Grants permission to create a new attendee for an active Amazon Chime SDK meeting", + "privilege": "CreateAttendee", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance*" + "resource_type": "meeting*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get attendee details for a specified meeting ID and attendee ID", - "privilege": "GetAttendee", + "access_level": "Write", + "description": "Grants permission to create a bot for an Amazon Chime Enterprise account", + "privilege": "CreateBot", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "meeting*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve details for the specified bot", - "privilege": "GetBot", + "access_level": "Write", + "description": "Grants permission to create a new Call Detail Record S3 bucket", + "privilege": "CreateCDRBucket", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "s3:CreateBucket", + "s3:ListAllMyBuckets" + ], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details of a Call Detail Record S3 bucket associated with your Amazon Chime account", - "privilege": "GetCDRBucket", + "access_level": "Write", + "description": "Grants permission to create a channel for an app instance in the AWS account (tag-based access controls are only supported on messaging-chime..amazonaws.com endpoints)", + "privilege": "CreateChannel", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "s3:GetBucketAcl", - "s3:GetBucketLocation", - "s3:GetBucketLogging", - "s3:GetBucketVersioning", - "s3:GetBucketWebsite" + "dependent_actions": [], + "resource_type": "app-instance-bot*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-instance-user*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the preferences for a channel membership", - "privilege": "GetChannelMembershipPreferences", + "access_level": "Write", + "description": "Grants permission to ban a user or bot from a channel", + "privilege": "CreateChannelBan", "resource_types": [ { "condition_keys": [], @@ -37199,9 +40481,29 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get the full details of a channel message", - "privilege": "GetChannelMessage", + "access_level": "Write", + "description": "Grants permission to create a channel flow for an app instance in the AWS account (tag-based access controls are only supported on messaging-chime..amazonaws.com endpoints)", + "privilege": "CreateChannelFlow", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-instance*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to add a user or bot to a channel", + "privilege": "CreateChannelMembership", "resource_types": [ { "condition_keys": [], @@ -37221,9 +40523,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get the status of a channel message", - "privilege": "GetChannelMessageStatus", + "access_level": "Write", + "description": "Grants permission to create a channel moderator", + "privilege": "CreateChannelModerator", "resource_types": [ { "condition_keys": [], @@ -37243,153 +40545,221 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get domain details for a domain associated with your Amazon Chime account", - "privilege": "GetDomain", + "access_level": "Write", + "description": "Grants permission to create an Amazon Connect Analytics Connector in the AWS account (tag-based access controls are only supported on voice-chime..amazonaws.com endpoints)", + "privilege": "CreateConnectAnalyticsConnector", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [ + "chime:CreateVoiceConnector" + ], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve details for an events configuration for a bot to receive outgoing events", - "privilege": "GetEventsConfiguration", + "access_level": "Write", + "description": "Grants permission to create an Amazon Connect Call Transfer Connector in the AWS account (tag-based access controls are only supported on voice-chime..amazonaws.com endpoints)", + "privilege": "CreateConnectCallTransferConnector", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [ + "chime:CreateVoiceConnector" + ], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get global settings related to Amazon Chime for the AWS account", - "privilege": "GetGlobalSettings", + "access_level": "Write", + "description": "Grants permission to create a media capture pipeline (tag-based access controls are only supported on media-pipelines-chime..amazonaws.com endpoints)", + "privilege": "CreateMediaCapturePipeline", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [ + "s3:GetBucketPolicy" + ], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get an existing media capture pipeline", - "privilege": "GetMediaCapturePipeline", + "access_level": "Write", + "description": "Grants permission to create a media concatenation pipeline (tag-based access controls are only supported on media-pipelines-chime..amazonaws.com endpoints)", + "privilege": "CreateMediaConcatenationPipeline", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "media-pipeline*" + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [ + "s3:GetBucketPolicy" + ], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a media insights pipeline configuration", - "privilege": "GetMediaInsightsPipelineConfiguration", + "access_level": "Write", + "description": "Grants permission to create a media insights pipeline (tag-based access controls are only supported on media-pipelines-chime..amazonaws.com endpoints)", + "privilege": "CreateMediaInsightsPipeline", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "chime:TagResource", + "kinesisvideo:DescribeStream" + ], "resource_type": "media-insights-pipeline-configuration*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get an existing media pipeline", - "privilege": "GetMediaPipeline", + "access_level": "Write", + "description": "Grants permission to create a media insights pipeline configuration (tag-based access controls are only supported on media-pipelines-chime..amazonaws.com endpoints)", + "privilege": "CreateMediaInsightsPipelineConfiguration", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "media-pipeline*" + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [ + "chime:TagResource", + "iam:PassRole", + "kinesis:DescribeStream", + "s3:ListBucket" + ], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get an existing media pipeline", - "privilege": "GetMediaPipelineKinesisVideoStreamPool", + "access_level": "Write", + "description": "Grants permission to create a media live connector pipeline (tag-based access controls are only supported on media-pipelines-chime..amazonaws.com endpoints)", + "privilege": "CreateMediaLiveConnectorPipeline", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "media-pipeline-kinesis-video-stream-pool*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the meeting record for a specified meeting ID", - "privilege": "GetMeeting", + "access_level": "Write", + "description": "Grants permission to create kinesis video stream pool (tag-based access controls are only supported on media-pipelines-chime..amazonaws.com endpoints)", + "privilege": "CreateMediaPipelineKinesisVideoStreamPool", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "meeting*" + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [ + "kinesis:DescribeStream", + "kinesisvideo:CreateStream", + "kinesisvideo:GetDataEndpoint", + "kinesisvideo:ListStreams" + ], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get attendee, connection, and other details for a meeting", - "privilege": "GetMeetingDetail", + "access_level": "Write", + "description": "Grants permission to create a media stream pipeline (tag-based access controls are only supported on media-pipelines-chime..amazonaws.com endpoints)", + "privilege": "CreateMediaStreamPipeline", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "kinesisvideo:DescribeStream", + "kinesisvideo:GetDataEndpoint", + "kinesisvideo:PutMedia" + ], + "resource_type": "media-pipeline-kinesis-video-stream-pool*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the endpoint for the messaging session", - "privilege": "GetMessagingSessionEndpoint", + "access_level": "Write", + "description": "Grants permission to create a new meeting in the specified media Region, with no initial attendees (tag-based access controls are only supported on meetings-chime..amazonaws.com endpoints)", + "privilege": "CreateMeeting", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the data streaming configurations of an AppInstance", - "privilege": "GetMessagingStreamingConfigurations", + "access_level": "Write", + "description": "Grants permission to call a phone number to join the specified Amazon Chime SDK meeting", + "privilege": "CreateMeetingDialOut", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance*" + "resource_type": "meeting*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details for the specified phone number", - "privilege": "GetPhoneNumber", + "access_level": "Write", + "description": "Grants permission to create a new meeting in the specified media Region, with a set of attendees (tag-based access controls are only supported on meetings-chime..amazonaws.com endpoints)", + "privilege": "CreateMeetingWithAttendees", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details for the specified phone number order", - "privilege": "GetPhoneNumberOrder", + "access_level": "Write", + "description": "Grants permission to create a phone number order with the Carriers", + "privilege": "CreatePhoneNumberOrder", "resource_types": [ { "condition_keys": [], @@ -37399,33 +40769,33 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get phone number settings related to Amazon Chime for the AWS account", - "privilege": "GetPhoneNumberSettings", + "access_level": "Write", + "description": "Grants permission to create a proxy session for the specified Amazon Chime Voice Connector", + "privilege": "CreateProxySession", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "voice-connector*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details of the specified proxy session for the specified Amazon Chime Voice Connector", - "privilege": "GetProxySession", + "access_level": "Write", + "description": "Grants permission to create a room", + "privilege": "CreateRoom", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the retention settings for the specified Amazon Chime account", - "privilege": "GetRetentionSettings", + "access_level": "Write", + "description": "Grants permission to add a room member", + "privilege": "CreateRoomMembership", "resource_types": [ { "condition_keys": [], @@ -37435,21 +40805,24 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a room", - "privilege": "GetRoom", + "access_level": "Write", + "description": "Grants permission to create an Amazon Chime SIP media application in the AWS account (tag-based access controls are only supported on voice-chime..amazonaws.com endpoints)", + "privilege": "CreateSipMediaApplication", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details of Amazon Chime SIP media application under the administrator's AWS account", - "privilege": "GetSipMediaApplication", + "access_level": "Write", + "description": "Grants permission to create outbound call for Amazon Chime SIP media application under the administrator's AWS account", + "privilege": "CreateSipMediaApplicationCall", "resource_types": [ { "condition_keys": [], @@ -37459,51 +40832,52 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get Alexa Skill configuration settings for Amazon Chime SIP media application under the administrator's AWS account", - "privilege": "GetSipMediaApplicationAlexaSkillConfiguration", + "access_level": "Write", + "description": "Grants permission to create an Amazon Chime SIP rule under the administrator's AWS account", + "privilege": "CreateSipRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sip-media-application*" + "resource_type": "sip-media-application" } ] }, { - "access_level": "Read", - "description": "Grants permission to get logging configuration settings for Amazon Chime SIP media application under the administrator's AWS account", - "privilege": "GetSipMediaApplicationLoggingConfiguration", + "access_level": "Write", + "description": "Grants permission to create a user under the specified Amazon Chime account", + "privilege": "CreateUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sip-media-application*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details of Amazon Chime SIP rule under the administrator's AWS account", - "privilege": "GetSipRule", + "access_level": "Write", + "description": "Grants permission to create a Voice Connector in the AWS account (tag-based access controls are only supported on voice-chime..amazonaws.com endpoints)", + "privilege": "CreateVoiceConnector", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [ + "chime:CreateConnectAnalyticsConnector", + "chime:CreateConnectCallTransferConnector" + ], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a speaker search task on the specified Amazon Chime resource", - "privilege": "GetSpeakerSearchTask", + "access_level": "Write", + "description": "Grants permission to create a Amazon Chime Voice Connector Group under the administrator's AWS account", + "privilege": "CreateVoiceConnectorGroup", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "media-pipeline" - }, { "condition_keys": [], "dependent_actions": [], @@ -37512,9 +40886,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get telephony limits for the AWS account", - "privilege": "GetTelephonyLimits", + "access_level": "Write", + "description": "Grants permission to create a voice profile", + "privilege": "CreateVoiceProfile", "resource_types": [ { "condition_keys": [], @@ -37524,21 +40898,28 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get details for the specified user ID", - "privilege": "GetUser", + "access_level": "Write", + "description": "Grants permission to create a voice profile domain (tag-based access controls are only supported on voice-chime..amazonaws.com endpoints)", + "privilege": "CreateVoiceProfileDomain", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [ + "chime:TagResource", + "kms:CreateGrant", + "kms:DescribeKey" + ], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a summary of user activity on the user details page", - "privilege": "GetUserActivityReportData", + "access_level": "Write", + "description": "Grants permission to delete the specified Amazon Chime account", + "privilege": "DeleteAccount", "resource_types": [ { "condition_keys": [], @@ -37548,9 +40929,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get user details for an Amazon Chime user based on the email address in an Amazon Chime Enterprise or Team account", - "privilege": "GetUserByEmail", + "access_level": "Write", + "description": "Grants permission to delete the OpenIdConfig attributes from your Amazon Chime account", + "privilege": "DeleteAccountOpenIdConfig", "resource_types": [ { "condition_keys": [], @@ -37560,9 +40941,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get user settings related to the specified Amazon Chime user", - "privilege": "GetUserSettings", + "access_level": "Write", + "description": "Grants permission to delete the specified SCIM access key associated with your Amazon Chime account and Okta configuration", + "privilege": "DeleteApiKey", "resource_types": [ { "condition_keys": [], @@ -37572,170 +40953,227 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get details for the specified Amazon Chime Voice Connector", - "privilege": "GetVoiceConnector", + "access_level": "Write", + "description": "Grants permission to delete an AppInstance", + "privilege": "DeleteAppInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" + "resource_type": "app-instance*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details of the emergency calling configuration for the specified Amazon Chime Voice Connector", - "privilege": "GetVoiceConnectorEmergencyCallingConfiguration", + "access_level": "Write", + "description": "Grants permission to demote an AppInstanceAdmin to a user or bot", + "privilege": "DeleteAppInstanceAdmin", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" + "resource_type": "app-instance*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-instance-bot*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-instance-user*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the configuration of the external system that is connected with the specified Amazon Chime Voice Connector", - "privilege": "GetVoiceConnectorExternalSystemsConfiguration", + "access_level": "Write", + "description": "Grants permission to delete an AppInstanceBot", + "privilege": "DeleteAppInstanceBot", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" + "resource_type": "app-instance-bot*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details for the specified Amazon Chime Voice Connector Group", - "privilege": "GetVoiceConnectorGroup", + "access_level": "Write", + "description": "Grants permission to disable data streaming for the app instance", + "privilege": "DeleteAppInstanceStreamingConfigurations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "app-instance*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details of the logging configuration for the specified Amazon Chime Voice Connector", - "privilege": "GetVoiceConnectorLoggingConfiguration", + "access_level": "Write", + "description": "Grants permission to delete an AppInstanceUser", + "privilege": "DeleteAppInstanceUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" + "resource_type": "app-instance-user*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details of the origination settings for the specified Amazon Chime Voice Connector", - "privilege": "GetVoiceConnectorOrigination", + "access_level": "Write", + "description": "Grants permission to delete the specified attendee from an Amazon Chime SDK meeting", + "privilege": "DeleteAttendee", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" + "resource_type": "meeting*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details of the proxy configuration for the specified Amazon Chime Voice Connector", - "privilege": "GetVoiceConnectorProxy", + "access_level": "Write", + "description": "Grants permission to delete a Call Detail Record S3 bucket from your Amazon Chime account", + "privilege": "DeleteCDRBucket", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "voice-connector*" + "dependent_actions": [ + "s3:DeleteBucket" + ], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details of the streaming configuration for the specified Amazon Chime Voice Connector", - "privilege": "GetVoiceConnectorStreamingConfiguration", + "access_level": "Write", + "description": "Grants permission to delete a channel", + "privilege": "DeleteChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" + "resource_type": "app-instance-bot*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-instance-user*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details of the termination settings for the specified Amazon Chime Voice Connector", - "privilege": "GetVoiceConnectorTermination", + "access_level": "Write", + "description": "Grants permission to remove a user or bot from a channel's ban list", + "privilege": "DeleteChannelBan", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" + "resource_type": "app-instance-bot*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-instance-user*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details of the termination health for the specified Amazon Chime Voice Connector", - "privilege": "GetVoiceConnectorTerminationHealth", + "access_level": "Write", + "description": "Grants permission to delete a channel flow", + "privilege": "DeleteChannelFlow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" + "resource_type": "channel*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a voice profile", - "privilege": "GetVoiceProfile", + "access_level": "Write", + "description": "Grants permission to remove a member from a channel", + "privilege": "DeleteChannelMembership", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-profile*" + "resource_type": "app-instance-bot*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-instance-user*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a voice profile domain", - "privilege": "GetVoiceProfileDomain", + "access_level": "Write", + "description": "Grants permission to delete a channel message", + "privilege": "DeleteChannelMessage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-profile-domain*" + "resource_type": "app-instance-bot*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-instance-user*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a voice tone analysis task on the specified Amazon Chime resource", - "privilege": "GetVoiceToneAnalysisTask", + "access_level": "Write", + "description": "Grants permission to delete a channel moderator", + "privilege": "DeleteChannelModerator", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "media-pipeline" + "resource_type": "app-instance-bot*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector" + "resource_type": "app-instance-user*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Grants permission to send an invitation to accept a request for AWS account delegation for an Amazon Chime account", - "privilege": "InviteDelegate", + "description": "Grants permission to delete delegated AWS account management from your Amazon Chime account", + "privilege": "DeleteDelegate", "resource_types": [ { "condition_keys": [], @@ -37746,8 +41184,8 @@ }, { "access_level": "Write", - "description": "Grants permission to invite as many as 50 users to the specified Amazon Chime account", - "privilege": "InviteUsers", + "description": "Grants permission to delete a domain from your Amazon Chime account", + "privilege": "DeleteDomain", "resource_types": [ { "condition_keys": [], @@ -37758,8 +41196,8 @@ }, { "access_level": "Write", - "description": "Grants permission to invite users from a third party provider to your Amazon Chime account", - "privilege": "InviteUsersFromProvider", + "description": "Grants permission to delete an events configuration for a bot to receive outgoing events", + "privilege": "DeleteEventsConfiguration", "resource_types": [ { "condition_keys": [], @@ -37769,9 +41207,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list Amazon Chime account usage reporting data", - "privilege": "ListAccountUsageReportData", + "access_level": "Write", + "description": "Grants permission to delete Active Directory or Okta user groups from your Amazon Chime Enterprise account", + "privilege": "DeleteGroups", "resource_types": [ { "condition_keys": [], @@ -37781,127 +41219,119 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the Amazon Chime accounts under the administrator's AWS account", - "privilege": "ListAccounts", + "access_level": "Write", + "description": "Grants permission to delete a media capture pipeline", + "privilege": "DeleteMediaCapturePipeline", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "media-pipeline*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the SCIM access keys defined for your Amazon Chime account and Okta configuration", - "privilege": "ListApiKeys", + "access_level": "Write", + "description": "Grants permission to delete a media insights pipeline configuration", + "privilege": "DeleteMediaInsightsPipelineConfiguration", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "chime:ListVoiceConnectors" + ], + "resource_type": "media-insights-pipeline-configuration*" } ] }, { - "access_level": "List", - "description": "Grants permission to list administrators in the app instance", - "privilege": "ListAppInstanceAdmins", + "access_level": "Write", + "description": "Grants permission to delete a media pipeline", + "privilege": "DeleteMediaPipeline", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-bot*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-user*" + "resource_type": "media-pipeline*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all AppInstanceBots created under a single app instance", - "privilege": "ListAppInstanceBots", + "access_level": "Write", + "description": "Grants permission to delete kinesis video stream pool", + "privilege": "DeleteMediaPipelineKinesisVideoStreamPool", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" + "resource_type": "media-pipeline-kinesis-video-stream-pool*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the endpoints registered for an app instance user", - "privilege": "ListAppInstanceUserEndpoints", + "access_level": "Write", + "description": "Grants permission to delete the specified Amazon Chime SDK meeting", + "privilege": "DeleteMeeting", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-user*" + "resource_type": "meeting*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all AppInstanceUsers created under a single app instance", - "privilege": "ListAppInstanceUsers", + "access_level": "Write", + "description": "Grants permission to delete the data streaming configurations of an AppInstance", + "privilege": "DeleteMessagingStreamingConfigurations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-user*" + "resource_type": "app-instance*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all Amazon Chime app instances created under a single AWS account", - "privilege": "ListAppInstances", + "access_level": "Write", + "description": "Grants permission to move a phone number to the deletion queue", + "privilege": "DeletePhoneNumber", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the tags applied to an Amazon Chime SDK attendee resource", - "privilege": "ListAttendeeTags", + "access_level": "Write", + "description": "Grants permission to delete a proxy session for the specified Amazon Chime Voice Connector", + "privilege": "DeleteProxySession", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "meeting*" + "resource_type": "voice-connector*" } ] }, { - "access_level": "List", - "description": "Grants permission to list up to 100 attendees for a specified Amazon Chime SDK meeting", - "privilege": "ListAttendees", + "access_level": "Write", + "description": "Grants permission to delete a room", + "privilege": "DeleteRoom", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "meeting*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the available AWS Regions in which you can create an Amazon Chime SDK Voice Connector", - "privilege": "ListAvailableVoiceConnectorRegions", + "access_level": "Write", + "description": "Grants permission to remove a room member", + "privilege": "DeleteRoomMembership", "resource_types": [ { "condition_keys": [], @@ -37911,9 +41341,21 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the bots associated with the administrator's Amazon Chime Enterprise account", - "privilege": "ListBots", + "access_level": "Write", + "description": "Grants permission to delete Amazon Chime SIP media application under the administrator's AWS account", + "privilege": "DeleteSipMediaApplication", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "sip-media-application*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete Amazon Chime SIP rule under the administrator's AWS account", + "privilege": "DeleteSipRule", "resource_types": [ { "condition_keys": [], @@ -37923,24 +41365,50 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list Call Detail Record S3 buckets", - "privilege": "ListCDRBucket", + "access_level": "Write", + "description": "Grants permission to delete the specified Amazon Chime Voice Connector", + "privilege": "DeleteVoiceConnector", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "s3:ListAllMyBuckets", - "s3:ListBucket" + "logs:CreateLogDelivery", + "logs:DeleteLogDelivery", + "logs:GetLogDelivery", + "logs:ListLogDeliveries" ], - "resource_type": "" + "resource_type": "voice-connector*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the calling regions available for the administrator's AWS account", - "privilege": "ListCallingRegions", + "access_level": "Write", + "description": "Grants permission to delete emergency calling configuration for the specified Amazon Chime Voice Connector", + "privilege": "DeleteVoiceConnectorEmergencyCallingConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "voice-connector*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the configuration of the external system that is connected with the specified Amazon Chime Voice Connector", + "privilege": "DeleteVoiceConnectorExternalSystemsConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "voice-connector*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the specified Amazon Chime Voice Connector Group", + "privilege": "DeleteVoiceConnectorGroup", "resource_types": [ { "condition_keys": [], @@ -37950,66 +41418,123 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all the users and bots banned from a particular channel", - "privilege": "ListChannelBans", + "access_level": "Write", + "description": "Grants permission to delete the origination settings for the specified Amazon Chime Voice Connector", + "privilege": "DeleteVoiceConnectorOrigination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" - }, + "resource_type": "voice-connector*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete proxy configuration for the specified Amazon Chime Voice Connector", + "privilege": "DeleteVoiceConnectorProxy", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-user*" - }, + "resource_type": "voice-connector*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete streaming configuration for the specified Amazon Chime Voice Connector", + "privilege": "DeleteVoiceConnectorStreamingConfiguration", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "voice-connector*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all the Channel Flows created under a single Chime AppInstance", - "privilege": "ListChannelFlows", + "access_level": "Write", + "description": "Grants permission to delete the termination settings for the specified Amazon Chime Voice Connector", + "privilege": "DeleteVoiceConnectorTermination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel-flow*" + "resource_type": "voice-connector*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all channel memberships in a channel", - "privilege": "ListChannelMemberships", + "access_level": "Write", + "description": "Grants permission to delete SIP termination credentials for the specified Amazon Chime Voice Connector", + "privilege": "DeleteVoiceConnectorTerminationCredentials", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" - }, + "resource_type": "voice-connector*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a voice profile", + "privilege": "DeleteVoiceProfile", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "voice-profile*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a voice profile domain", + "privilege": "DeleteVoiceProfileDomain", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "voice-profile-domain*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to deregister an endpoint for an app instance user", + "privilege": "DeregisterAppInstanceUserEndpoint", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], "resource_type": "app-instance-user*" - }, + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the full details of an AppInstance", + "privilege": "DescribeAppInstance", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "app-instance*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all channels that a particular user or bot is a part of", - "privilege": "ListChannelMembershipsForAppInstanceUser", + "access_level": "Read", + "description": "Grants permission to get the full details of an AppInstanceAdmin", + "privilege": "DescribeAppInstanceAdmin", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-instance*" + }, { "condition_keys": [], "dependent_actions": [], @@ -38024,30 +41549,44 @@ }, { "access_level": "Read", - "description": "Grants permission to list all the messages in a channel", - "privilege": "ListChannelMessages", + "description": "Grants permission to get the full details of an AppInstanceBot", + "privilege": "DescribeAppInstanceBot", "resource_types": [ { "condition_keys": [], "dependent_actions": [], "resource_type": "app-instance-bot*" - }, + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the full details of an AppInstanceUser", + "privilege": "DescribeAppInstanceUser", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], "resource_type": "app-instance-user*" - }, + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe an endpoint registered for an app instance user", + "privilege": "DescribeAppInstanceUserEndpoint", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "app-instance-user*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all the moderators for a channel", - "privilege": "ListChannelModerators", + "access_level": "Read", + "description": "Grants permission to get the full details of a channel", + "privilege": "DescribeChannel", "resource_types": [ { "condition_keys": [], @@ -38067,9 +41606,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all the Channels created under a single Chime AppInstance", - "privilege": "ListChannels", + "access_level": "Read", + "description": "Grants permission to get the full details of a channel ban", + "privilege": "DescribeChannelBan", "resource_types": [ { "condition_keys": [], @@ -38080,13 +41619,18 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "app-instance-user*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all the Channels associated with a single Chime Channel Flow", - "privilege": "ListChannelsAssociatedWithChannelFlow", + "access_level": "Read", + "description": "Grants permission to get the full details of a channel flow", + "privilege": "DescribeChannelFlow", "resource_types": [ { "condition_keys": [], @@ -38096,9 +41640,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all channels moderated by a user or bot", - "privilege": "ListChannelsModeratedByAppInstanceUser", + "access_level": "Read", + "description": "Grants permission to get the full details of a channel membership", + "privilege": "DescribeChannelMembership", "resource_types": [ { "condition_keys": [], @@ -38109,61 +41653,111 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "app-instance-user*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel*" } ] }, { - "access_level": "List", - "description": "Grants permission to list account delegate information associated with your Amazon Chime account", - "privilege": "ListDelegates", + "access_level": "Read", + "description": "Grants permission to get the details of a channel based on the membership of the specified user or bot", + "privilege": "DescribeChannelMembershipForAppInstanceUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "app-instance-bot*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-instance-user*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel*" } ] }, { - "access_level": "List", - "description": "Grants permission to list active Active Directories hosted in the Directory Service of your AWS account", - "privilege": "ListDirectories", + "access_level": "Read", + "description": "Grants permission to get the full details of a channel moderated by the specified user or bot", + "privilege": "DescribeChannelModeratedByAppInstanceUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "app-instance-bot*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-instance-user*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel*" } ] }, { - "access_level": "List", - "description": "Grants permission to list domains associated with your Amazon Chime account", - "privilege": "ListDomains", + "access_level": "Read", + "description": "Grants permission to get the full details of a single ChannelModerator", + "privilege": "DescribeChannelModerator", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "app-instance-bot*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-instance-user*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel*" } ] }, { - "access_level": "List", - "description": "Grants permission to list Active Directory or Okta user groups associated with your Amazon Chime Enterprise account", - "privilege": "ListGroups", + "access_level": "Write", + "description": "Grants permission to disassociate a flow from a channel", + "privilege": "DisassociateChannelFlow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "app-instance-bot*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-instance-user*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel-flow*" } ] }, { - "access_level": "List", - "description": "Grants permission to list media capture pipelines", - "privilege": "ListMediaCapturePipelines", + "access_level": "Write", + "description": "Grants permission to disassociate the primary provisioned number from the specified Amazon Chime user", + "privilege": "DisassociatePhoneNumberFromUser", "resource_types": [ { "condition_keys": [], @@ -38173,21 +41767,21 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all media insights pipeline configurations", - "privilege": "ListMediaInsightsPipelineConfigurations", + "access_level": "Write", + "description": "Grants permission to disassociate multiple phone numbers from the specified Amazon Chime Voice Connector", + "privilege": "DisassociatePhoneNumbersFromVoiceConnector", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "voice-connector*" } ] }, { - "access_level": "List", - "description": "Grants permission to list media pipelines", - "privilege": "ListMediaPipelineKinesisVideoStreamPools", + "access_level": "Write", + "description": "Grants permission to disassociate multiple phone numbers from the specified Amazon Chime Voice Connector Group", + "privilege": "DisassociatePhoneNumbersFromVoiceConnectorGroup", "resource_types": [ { "condition_keys": [], @@ -38197,9 +41791,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list media pipelines", - "privilege": "ListMediaPipelines", + "access_level": "Write", + "description": "Grants permission to disassociate the specified sign-in delegate groups from the specified Amazon Chime account", + "privilege": "DisassociateSigninDelegateGroupsFromAccount", "resource_types": [ { "condition_keys": [], @@ -38209,9 +41803,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all events that occurred for a specified meeting", - "privilege": "ListMeetingEvents", + "access_level": "Write", + "description": "Grants permission to disassociate the Amazon Connect instance from the specified Amazon Chime Voice Connector", + "privilege": "DisassociateVoiceConnectorConnect", "resource_types": [ { "condition_keys": [], @@ -38221,21 +41815,21 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the tags applied to an Amazon Chime SDK meeting resource", - "privilege": "ListMeetingTags", + "access_level": "Write", + "description": "Grants permission to disconnect the Active Directory from your Amazon Chime Enterprise account", + "privilege": "DisconnectDirectory", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "meeting*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list up to 100 active Amazon Chime SDK meetings", - "privilege": "ListMeetings", + "access_level": "Read", + "description": "Grants permission to get details for the specified Amazon Chime account", + "privilege": "GetAccount", "resource_types": [ { "condition_keys": [], @@ -38245,9 +41839,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list meetings ended during the specified date range", - "privilege": "ListMeetingsReportData", + "access_level": "Read", + "description": "Grants permission to get details for the account resource associated with your Amazon Chime account", + "privilege": "GetAccountResource", "resource_types": [ { "condition_keys": [], @@ -38257,9 +41851,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the phone number orders under the administrator's AWS account", - "privilege": "ListPhoneNumberOrders", + "access_level": "Read", + "description": "Grants permission to get account settings for the specified Amazon Chime account ID", + "privilege": "GetAccountSettings", "resource_types": [ { "condition_keys": [], @@ -38269,9 +41863,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the phone numbers under the administrator's AWS account", - "privilege": "ListPhoneNumbers", + "access_level": "Read", + "description": "Grants permission to get the account details and OpenIdConfig attributes for your Amazon Chime account", + "privilege": "GetAccountWithOpenIdConfig", "resource_types": [ { "condition_keys": [], @@ -38281,45 +41875,45 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list proxy sessions for the specified Amazon Chime Voice Connector", - "privilege": "ListProxySessions", + "access_level": "Read", + "description": "Grants permission to get retention settings for an app instance", + "privilege": "GetAppInstanceRetentionSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" + "resource_type": "app-instance*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all room members", - "privilege": "ListRoomMemberships", + "access_level": "Read", + "description": "Grants permission to get the streaming configurations for an app instance", + "privilege": "GetAppInstanceStreamingConfigurations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "app-instance*" } ] }, { - "access_level": "List", - "description": "Grants permission to list rooms", - "privilege": "ListRooms", + "access_level": "Read", + "description": "Grants permission to get attendee details for a specified meeting ID and attendee ID", + "privilege": "GetAttendee", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "meeting*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all Amazon Chime SIP media applications under the administrator's AWS account", - "privilege": "ListSipMediaApplications", + "access_level": "Read", + "description": "Grants permission to retrieve details for the specified bot", + "privilege": "GetBot", "resource_types": [ { "condition_keys": [], @@ -38329,21 +41923,27 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all Amazon Chime SIP rules under the administrator's AWS account", - "privilege": "ListSipRules", + "access_level": "Read", + "description": "Grants permission to get details of a Call Detail Record S3 bucket associated with your Amazon Chime account", + "privilege": "GetCDRBucket", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "sip-media-application" + "dependent_actions": [ + "s3:GetBucketAcl", + "s3:GetBucketLocation", + "s3:GetBucketLogging", + "s3:GetBucketVersioning", + "s3:GetBucketWebsite" + ], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all the SubChannels under a single Channel", - "privilege": "ListSubChannels", + "access_level": "Read", + "description": "Grants permission to get the preferences for a channel membership", + "privilege": "GetChannelMembershipPreferences", "resource_types": [ { "condition_keys": [], @@ -38363,88 +41963,149 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the phone number countries supported by the AWS account", - "privilege": "ListSupportedPhoneNumberCountries", + "access_level": "Read", + "description": "Grants permission to get the full details of a channel message", + "privilege": "GetChannelMessage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "app-instance-bot*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-instance-user*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel*" } ] }, { "access_level": "Read", - "description": "Grants permission to list the tags applied to an Amazon Chime resource", - "privilege": "ListTagsForResource", + "description": "Grants permission to get the status of a channel message", + "privilege": "GetChannelMessageStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-bot" + "resource_type": "app-instance-bot*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-user" + "resource_type": "app-instance-user*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel" - }, + "resource_type": "channel*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get domain details for a domain associated with your Amazon Chime account", + "privilege": "GetDomain", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel-flow" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve details for an events configuration for a bot to receive outgoing events", + "privilege": "GetEventsConfiguration", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "media-insights-pipeline-configuration" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get global settings related to Amazon Chime for the AWS account", + "privilege": "GetGlobalSettings", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "media-pipeline" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get an existing media capture pipeline", + "privilege": "GetMediaCapturePipeline", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "media-pipeline-kinesis-video-stream-pool" - }, + "resource_type": "media-pipeline*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a media insights pipeline configuration", + "privilege": "GetMediaInsightsPipelineConfiguration", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "meeting" - }, + "resource_type": "media-insights-pipeline-configuration*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get an existing media pipeline", + "privilege": "GetMediaPipeline", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sip-media-application" - }, + "resource_type": "media-pipeline*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get an existing media pipeline", + "privilege": "GetMediaPipelineKinesisVideoStreamPool", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector" - }, + "resource_type": "media-pipeline-kinesis-video-stream-pool*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the meeting record for a specified meeting ID", + "privilege": "GetMeeting", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-profile-domain" + "resource_type": "meeting*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the users that belong to the specified Amazon Chime account", - "privilege": "ListUsers", + "access_level": "Read", + "description": "Grants permission to get attendee, connection, and other details for a meeting", + "privilege": "GetMeetingDetail", "resource_types": [ { "condition_keys": [], @@ -38454,9 +42115,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the Amazon Chime Voice Connector Groups under the administrator's AWS account", - "privilege": "ListVoiceConnectorGroups", + "access_level": "Read", + "description": "Grants permission to get the endpoint for the messaging session", + "privilege": "GetMessagingSessionEndpoint", "resource_types": [ { "condition_keys": [], @@ -38466,21 +42127,21 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the SIP termination credentials for the specified Amazon Chime Voice Connector", - "privilege": "ListVoiceConnectorTerminationCredentials", + "access_level": "Read", + "description": "Grants permission to get the data streaming configurations of an AppInstance", + "privilege": "GetMessagingStreamingConfigurations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" + "resource_type": "app-instance*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the Amazon Chime Voice Connectors under the administrator's AWS account", - "privilege": "ListVoiceConnectors", + "access_level": "Read", + "description": "Grants permission to get details for the specified phone number", + "privilege": "GetPhoneNumber", "resource_types": [ { "condition_keys": [], @@ -38490,9 +42151,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list voice profile domains", - "privilege": "ListVoiceProfileDomains", + "access_level": "Read", + "description": "Grants permission to get details for the specified phone number order", + "privilege": "GetPhoneNumberOrder", "resource_types": [ { "condition_keys": [], @@ -38502,108 +42163,122 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list voice profiles", - "privilege": "ListVoiceProfiles", + "access_level": "Read", + "description": "Grants permission to get phone number settings related to Amazon Chime for the AWS account", + "privilege": "GetPhoneNumberSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-profile-domain*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to log out the specified user from all of the devices they are currently logged into", - "privilege": "LogoutUser", + "access_level": "Read", + "description": "Grants permission to get details of the specified proxy session for the specified Amazon Chime Voice Connector", + "privilege": "GetProxySession", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "voice-connector*" } ] }, { - "access_level": "Write", - "description": "Grants permission to enable data retention for the app instance", - "privilege": "PutAppInstanceRetentionSettings", + "access_level": "Read", + "description": "Grants permission to retrieve the retention settings for the specified Amazon Chime account", + "privilege": "GetRetentionSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to configure data streaming for the app instance", - "privilege": "PutAppInstanceStreamingConfigurations", + "access_level": "Read", + "description": "Grants permission to retrieve a room", + "privilege": "GetRoom", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to put expiration settings for an AppInstanceUser", - "privilege": "PutAppInstanceUserExpirationSettings", + "access_level": "Read", + "description": "Grants permission to get details of Amazon Chime SIP media application under the administrator's AWS account", + "privilege": "GetSipMediaApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-user*" + "resource_type": "sip-media-application*" } ] }, { - "access_level": "Write", - "description": "Grants permission to put expiration settings for a channel", - "privilege": "PutChannelExpirationSettings", + "access_level": "Read", + "description": "Grants permission to get Alexa Skill configuration settings for Amazon Chime SIP media application under the administrator's AWS account", + "privilege": "GetSipMediaApplicationAlexaSkillConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-user*" - }, + "resource_type": "sip-media-application*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get logging configuration settings for Amazon Chime SIP media application under the administrator's AWS account", + "privilege": "GetSipMediaApplicationLoggingConfiguration", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "sip-media-application*" } ] }, { - "access_level": "Write", - "description": "Grants permission to put the preferences for a channel membership", - "privilege": "PutChannelMembershipPreferences", + "access_level": "Read", + "description": "Grants permission to get details of Amazon Chime SIP rule under the administrator's AWS account", + "privilege": "GetSipRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a speaker search task on the specified Amazon Chime resource", + "privilege": "GetSpeakerSearchTask", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-user*" + "resource_type": "media-pipeline" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "voice-connector" } ] }, { - "access_level": "Write", - "description": "Grants permission to update details for an events configuration for a bot to receive outgoing events", - "privilege": "PutEventsConfiguration", + "access_level": "Read", + "description": "Grants permission to get telephony limits for the AWS account", + "privilege": "GetTelephonyLimits", "resource_types": [ { "condition_keys": [], @@ -38613,21 +42288,21 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to put the data streaming configurations of an AppInstance", - "privilege": "PutMessagingStreamingConfigurations", + "access_level": "Read", + "description": "Grants permission to get details for the specified user ID", + "privilege": "GetUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create or update retention settings for the specified Amazon Chime account", - "privilege": "PutRetentionSettings", + "access_level": "Read", + "description": "Grants permission to get a summary of user activity on the user details page", + "privilege": "GetUserActivityReportData", "resource_types": [ { "condition_keys": [], @@ -38637,33 +42312,33 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update Alexa Skill configuration settings for Amazon Chime SIP media application under the administrator's AWS account", - "privilege": "PutSipMediaApplicationAlexaSkillConfiguration", + "access_level": "Read", + "description": "Grants permission to get user details for an Amazon Chime user based on the email address in an Amazon Chime Enterprise or Team account", + "privilege": "GetUserByEmail", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sip-media-application*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update logging configuration settings for Amazon Chime SIP media application under the administrator's AWS account", - "privilege": "PutSipMediaApplicationLoggingConfiguration", + "access_level": "Read", + "description": "Grants permission to get user settings related to the specified Amazon Chime user", + "privilege": "GetUserSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sip-media-application*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to add emergency calling configuration for the specified Amazon Chime Voice Connector", - "privilege": "PutVoiceConnectorEmergencyCallingConfiguration", + "access_level": "Read", + "description": "Grants permission to get details for the specified Amazon Chime Voice Connector", + "privilege": "GetVoiceConnector", "resource_types": [ { "condition_keys": [], @@ -38673,9 +42348,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update the configuration of the external system that is connected with the specified Amazon Chime Voice Connector", - "privilege": "PutVoiceConnectorExternalSystemsConfiguration", + "access_level": "Read", + "description": "Grants permission to get details of the emergency calling configuration for the specified Amazon Chime Voice Connector", + "privilege": "GetVoiceConnectorEmergencyCallingConfiguration", "resource_types": [ { "condition_keys": [], @@ -38685,40 +42360,33 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to add logging configuration for the specified Amazon Chime Voice Connector", - "privilege": "PutVoiceConnectorLoggingConfiguration", + "access_level": "Read", + "description": "Grants permission to get the configuration of the external system that is connected with the specified Amazon Chime Voice Connector", + "privilege": "GetVoiceConnectorExternalSystemsConfiguration", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "logs:CreateLogDelivery", - "logs:CreateLogGroup", - "logs:DeleteLogDelivery", - "logs:DescribeLogGroups", - "logs:GetLogDelivery", - "logs:ListLogDeliveries" - ], + "dependent_actions": [], "resource_type": "voice-connector*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the origination settings for the specified Amazon Chime Voice Connector", - "privilege": "PutVoiceConnectorOrigination", + "access_level": "Read", + "description": "Grants permission to get details for the specified Amazon Chime Voice Connector Group", + "privilege": "GetVoiceConnectorGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to add proxy configuration for the specified Amazon Chime Voice Connector", - "privilege": "PutVoiceConnectorProxy", + "access_level": "Read", + "description": "Grants permission to get details of the logging configuration for the specified Amazon Chime Voice Connector", + "privilege": "GetVoiceConnectorLoggingConfiguration", "resource_types": [ { "condition_keys": [], @@ -38728,28 +42396,21 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to add streaming configuration for the specified Amazon Chime Voice Connector", - "privilege": "PutVoiceConnectorStreamingConfiguration", + "access_level": "Read", + "description": "Grants permission to get details of the origination settings for the specified Amazon Chime Voice Connector", + "privilege": "GetVoiceConnectorOrigination", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "chime:GetMediaInsightsPipelineConfiguration" - ], - "resource_type": "voice-connector*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "media-insights-pipeline-configuration" + "resource_type": "voice-connector*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the termination settings for the specified Amazon Chime Voice Connector", - "privilege": "PutVoiceConnectorTermination", + "access_level": "Read", + "description": "Grants permission to get details of the proxy configuration for the specified Amazon Chime Voice Connector", + "privilege": "GetVoiceConnectorProxy", "resource_types": [ { "condition_keys": [], @@ -38759,9 +42420,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to add SIP termination credentials for the specified Amazon Chime Voice Connector", - "privilege": "PutVoiceConnectorTerminationCredentials", + "access_level": "Read", + "description": "Grants permission to get details of the streaming configuration for the specified Amazon Chime Voice Connector", + "privilege": "GetVoiceConnectorStreamingConfiguration", "resource_types": [ { "condition_keys": [], @@ -38771,93 +42432,74 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to redact message content", - "privilege": "RedactChannelMessage", + "access_level": "Read", + "description": "Grants permission to get details of the termination settings for the specified Amazon Chime Voice Connector", + "privilege": "GetVoiceConnectorTermination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-user*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "voice-connector*" } ] }, { - "access_level": "Write", - "description": "Grants permission to redact the specified Chime conversation Message", - "privilege": "RedactConversationMessage", + "access_level": "Read", + "description": "Grants permission to get details of the termination health for the specified Amazon Chime Voice Connector", + "privilege": "GetVoiceConnectorTerminationHealth", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "voice-connector*" } ] }, { - "access_level": "Write", - "description": "Grants permission to redacts the specified Chime room Message", - "privilege": "RedactRoomMessage", + "access_level": "Read", + "description": "Grants permission to get a voice profile", + "privilege": "GetVoiceProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "voice-profile*" } ] }, { - "access_level": "Write", - "description": "Grants permission to regenerate the security token for the specified bot", - "privilege": "RegenerateSecurityToken", + "access_level": "Read", + "description": "Grants permission to get a voice profile domain", + "privilege": "GetVoiceProfileDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "voice-profile-domain*" } ] }, { - "access_level": "Write", - "description": "Grants permission to register an endpoint for an app instance user", - "privilege": "RegisterAppInstanceUserEndpoint", + "access_level": "Read", + "description": "Grants permission to get a voice tone analysis task on the specified Amazon Chime resource", + "privilege": "GetVoiceToneAnalysisTask", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "mobiletargeting:GetApp" - ], - "resource_type": "app-instance-user*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to modify the account name for your Amazon Chime Enterprise or Team account", - "privilege": "RenameAccount", - "resource_types": [ + "dependent_actions": [], + "resource_type": "media-pipeline" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "voice-connector" } ] }, { "access_level": "Write", - "description": "Grants permission to renew the delegation request associated with an Amazon Chime account", - "privilege": "RenewDelegate", + "description": "Grants permission to send an invitation to accept a request for AWS account delegation for an Amazon Chime account", + "privilege": "InviteDelegate", "resource_types": [ { "condition_keys": [], @@ -38868,8 +42510,8 @@ }, { "access_level": "Write", - "description": "Grants permission to reset the account resource in your Amazon Chime account", - "privilege": "ResetAccountResource", + "description": "Grants permission to invite as many as 50 users to the specified Amazon Chime account", + "privilege": "InviteUsers", "resource_types": [ { "condition_keys": [], @@ -38880,8 +42522,8 @@ }, { "access_level": "Write", - "description": "Grants permission to reset the personal meeting PIN for the specified user on an Amazon Chime account", - "privilege": "ResetPersonalPIN", + "description": "Grants permission to invite users from a third party provider to your Amazon Chime account", + "privilege": "InviteUsersFromProvider", "resource_types": [ { "condition_keys": [], @@ -38891,9 +42533,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to restore the specified phone number from the deltion queue back to the phone number inventory", - "privilege": "RestorePhoneNumber", + "access_level": "List", + "description": "Grants permission to list Amazon Chime account usage reporting data", + "privilege": "ListAccountUsageReportData", "resource_types": [ { "condition_keys": [], @@ -38903,9 +42545,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to download the file containing links to all user attachments returned as part of the \"Request attachments\" action", - "privilege": "RetrieveDataExports", + "access_level": "List", + "description": "Grants permission to list the Amazon Chime accounts under the administrator's AWS account", + "privilege": "ListAccounts", "resource_types": [ { "condition_keys": [], @@ -38915,9 +42557,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to search phone numbers that can be ordered from the carrier", - "privilege": "SearchAvailablePhoneNumbers", + "access_level": "List", + "description": "Grants permission to list the SCIM access keys defined for your Amazon Chime account and Okta configuration", + "privilege": "ListApiKeys", "resource_types": [ { "condition_keys": [], @@ -38928,9 +42570,14 @@ }, { "access_level": "List", - "description": "Grants permission to search channels that an AppInstanceUser belongs to, or search channels across the AppInstance for an AppInstaceAdmin", - "privilege": "SearchChannels", + "description": "Grants permission to list administrators in the app instance", + "privilege": "ListAppInstanceAdmins", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-instance*" + }, { "condition_keys": [], "dependent_actions": [], @@ -38944,89 +42591,81 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to send a message to a particular channel that the member is a part of", - "privilege": "SendChannelMessage", + "access_level": "List", + "description": "Grants permission to list all AppInstanceBots created under a single app instance", + "privilege": "ListAppInstanceBots", "resource_types": [ { "condition_keys": [], "dependent_actions": [], "resource_type": "app-instance-bot*" - }, + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the endpoints registered for an app instance user", + "privilege": "ListAppInstanceUserEndpoints", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], "resource_type": "app-instance-user*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "channel*" } ] }, { - "access_level": "Write", - "description": "Grants permission to submit the \"Request attachments\" request", - "privilege": "StartDataExport", + "access_level": "List", + "description": "Grants permission to list all AppInstanceUsers created under a single app instance", + "privilege": "ListAppInstanceUsers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "app-instance-user*" } ] }, { - "access_level": "Write", - "description": "Grants permission to start transcription for a meeting", - "privilege": "StartMeetingTranscription", + "access_level": "List", + "description": "Grants permission to list all Amazon Chime app instances created under a single AWS account", + "privilege": "ListAppInstances", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "app-instance*" } ] }, { - "access_level": "Write", - "description": "Grants permission to start a speaker search task on the specified Amazon Chime resource", - "privilege": "StartSpeakerSearchTask", + "access_level": "List", + "description": "Grants permission to list the tags applied to an Amazon Chime SDK attendee resource", + "privilege": "ListAttendeeTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "media-pipeline" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "voice-connector" + "resource_type": "meeting*" } ] }, { - "access_level": "Write", - "description": "Grants permission to start a voice tone analysis task on the specified Amazon Chime resource", - "privilege": "StartVoiceToneAnalysisTask", + "access_level": "List", + "description": "Grants permission to list up to 100 attendees for a specified Amazon Chime SDK meeting", + "privilege": "ListAttendees", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "media-pipeline" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "voice-connector" + "resource_type": "meeting*" } ] }, { - "access_level": "Write", - "description": "Grants permission to stop transcription for a meeting", - "privilege": "StopMeetingTranscription", + "access_level": "List", + "description": "Grants permission to list the available AWS Regions in which you can create an Amazon Chime SDK Voice Connector", + "privilege": "ListAvailableVoiceConnectorRegions", "resource_types": [ { "condition_keys": [], @@ -39036,43 +42675,36 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to stop a speaker search task on the specified Amazon Chime resource", - "privilege": "StopSpeakerSearchTask", + "access_level": "List", + "description": "Grants permission to list the bots associated with the administrator's Amazon Chime Enterprise account", + "privilege": "ListBots", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "media-pipeline" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "voice-connector" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to stop a voice tone analysis task on the specified Amazon Chime resource", - "privilege": "StopVoiceToneAnalysisTask", + "access_level": "List", + "description": "Grants permission to list Call Detail Record S3 buckets", + "privilege": "ListCDRBucket", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "media-pipeline" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "voice-connector" + "dependent_actions": [ + "s3:ListAllMyBuckets", + "s3:ListBucket" + ], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to submit a customer service support request", - "privilege": "SubmitSupportRequest", + "access_level": "List", + "description": "Grants permission to list the calling regions available for the administrator's AWS account", + "privilege": "ListCallingRegions", "resource_types": [ { "condition_keys": [], @@ -39082,130 +42714,172 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to suspend users from an Amazon Chime Enterprise account", - "privilege": "SuspendUsers", + "access_level": "List", + "description": "Grants permission to list all the users and bots banned from a particular channel", + "privilege": "ListChannelBans", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "app-instance-bot*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-instance-user*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to apply the specified tags to the specified Amazon Chime SDK attendee", - "privilege": "TagAttendee", + "access_level": "List", + "description": "Grants permission to list all the Channel Flows created under a single Chime AppInstance", + "privilege": "ListChannelFlows", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "meeting*" + "resource_type": "channel-flow*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to apply the specified tags to the specified Amazon Chime SDK meeting", - "privilege": "TagMeeting", + "access_level": "List", + "description": "Grants permission to list all channel memberships in a channel", + "privilege": "ListChannelMemberships", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "meeting*" + "resource_type": "app-instance-bot*" }, { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "app-instance-user*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to apply the specified tags to the specified resource (tag-based access controls are only supported on *-chime..amazonaws.com endpoints)", - "privilege": "TagResource", + "access_level": "List", + "description": "Grants permission to list all channels that a particular user or bot is a part of", + "privilege": "ListChannelMembershipsForAppInstanceUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance" + "resource_type": "app-instance-bot*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot" - }, + "resource_type": "app-instance-user*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list all the messages in a channel", + "privilege": "ListChannelMessages", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-user" + "resource_type": "app-instance-bot*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel" + "resource_type": "app-instance-user*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel-flow" - }, + "resource_type": "channel*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all the moderators for a channel", + "privilege": "ListChannelModerators", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "media-insights-pipeline-configuration" + "resource_type": "app-instance-bot*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "media-pipeline" + "resource_type": "app-instance-user*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "media-pipeline-kinesis-video-stream-pool" - }, + "resource_type": "channel*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all the Channels created under a single Chime AppInstance", + "privilege": "ListChannels", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "meeting" + "resource_type": "app-instance-bot*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "sip-media-application" - }, + "resource_type": "app-instance-user*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all the Channels associated with a single Chime Channel Flow", + "privilege": "ListChannelsAssociatedWithChannelFlow", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector" - }, + "resource_type": "channel-flow*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all channels moderated by a user or bot", + "privilege": "ListChannelsModeratedByAppInstanceUser", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-profile-domain" + "resource_type": "app-instance-bot*" }, { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "app-instance-user*" } ] }, { - "access_level": "Write", - "description": "Grants permission to unauthorize an Active Directory from your Amazon Chime Enterprise account", - "privilege": "UnauthorizeDirectory", + "access_level": "List", + "description": "Grants permission to list account delegate information associated with your Amazon Chime account", + "privilege": "ListDelegates", "resource_types": [ { "condition_keys": [], @@ -39215,107 +42889,93 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag the specified tags from the specified Amazon Chime SDK attendee", - "privilege": "UntagAttendee", + "access_level": "List", + "description": "Grants permission to list active Active Directories hosted in the Directory Service of your AWS account", + "privilege": "ListDirectories", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "meeting*" + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag the specified tags from the specified Amazon Chime SDK meeting", - "privilege": "UntagMeeting", + "access_level": "List", + "description": "Grants permission to list domains associated with your Amazon Chime account", + "privilege": "ListDomains", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "meeting*" + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag the specified tags from the specified resource (tag-based access controls are only supported on *-chime..amazonaws.com endpoints)", - "privilege": "UntagResource", + "access_level": "List", + "description": "Grants permission to list Active Directory or Okta user groups associated with your Amazon Chime Enterprise account", + "privilege": "ListGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-bot" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-user" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "channel" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "channel-flow" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "media-insights-pipeline-configuration" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "media-pipeline" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "media-pipeline-kinesis-video-stream-pool" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list media capture pipelines", + "privilege": "ListMediaCapturePipelines", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "meeting" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all media insights pipeline configurations", + "privilege": "ListMediaInsightsPipelineConfigurations", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sip-media-application" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list media pipelines", + "privilege": "ListMediaPipelineKinesisVideoStreamPools", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list media pipelines", + "privilege": "ListMediaPipelines", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-profile-domain" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update account details for the specified Amazon Chime account", - "privilege": "UpdateAccount", + "access_level": "List", + "description": "Grants permission to list all events that occurred for a specified meeting", + "privilege": "ListMeetingEvents", "resource_types": [ { "condition_keys": [], @@ -39325,21 +42985,21 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update the OpenIdConfig attributes for your Amazon Chime account", - "privilege": "UpdateAccountOpenIdConfig", + "access_level": "List", + "description": "Grants permission to list the tags applied to an Amazon Chime SDK meeting resource", + "privilege": "ListMeetingTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "meeting*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the account resource in your Amazon Chime account", - "privilege": "UpdateAccountResource", + "access_level": "List", + "description": "Grants permission to list up to 100 active Amazon Chime SDK meetings", + "privilege": "ListMeetings", "resource_types": [ { "condition_keys": [], @@ -39349,9 +43009,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update the settings for the specified Amazon Chime account", - "privilege": "UpdateAccountSettings", + "access_level": "List", + "description": "Grants permission to list meetings ended during the specified date range", + "privilege": "ListMeetingsReportData", "resource_types": [ { "condition_keys": [], @@ -39361,69 +43021,69 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update AppInstance metadata", - "privilege": "UpdateAppInstance", + "access_level": "List", + "description": "Grants permission to list the phone number orders under the administrator's AWS account", + "privilege": "ListPhoneNumberOrders", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the details for an AppInstanceBot", - "privilege": "UpdateAppInstanceBot", + "access_level": "List", + "description": "Grants permission to list the phone numbers under the administrator's AWS account", + "privilege": "ListPhoneNumbers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the details for an AppInstanceUser", - "privilege": "UpdateAppInstanceUser", + "access_level": "List", + "description": "Grants permission to list proxy sessions for the specified Amazon Chime Voice Connector", + "privilege": "ListProxySessions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-user*" + "resource_type": "voice-connector*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update an endpoint registered for an app instance user", - "privilege": "UpdateAppInstanceUserEndpoint", + "access_level": "List", + "description": "Grants permission to list all room members", + "privilege": "ListRoomMemberships", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-user*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to the capabilties that you want to update", - "privilege": "UpdateAttendeeCapabilities", + "access_level": "List", + "description": "Grants permission to list rooms", + "privilege": "ListRooms", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "meeting*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the status of the specified bot", - "privilege": "UpdateBot", + "access_level": "List", + "description": "Grants permission to list all Amazon Chime SIP media applications under the administrator's AWS account", + "privilege": "ListSipMediaApplications", "resource_types": [ { "condition_keys": [], @@ -39433,25 +43093,21 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update your Call Detail Record S3 bucket", - "privilege": "UpdateCDRSettings", + "access_level": "List", + "description": "Grants permission to list all Amazon Chime SIP rules under the administrator's AWS account", + "privilege": "ListSipRules", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "s3:CreateBucket", - "s3:DeleteBucket", - "s3:ListAllMyBuckets" - ], - "resource_type": "" + "dependent_actions": [], + "resource_type": "sip-media-application" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a channel's attributes", - "privilege": "UpdateChannel", + "access_level": "List", + "description": "Grants permission to list all the SubChannels under a single Channel", + "privilege": "ListSubChannels", "resource_types": [ { "condition_keys": [], @@ -39471,65 +43127,88 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update a channel flow", - "privilege": "UpdateChannelFlow", + "access_level": "List", + "description": "Grants permission to list the phone number countries supported by the AWS account", + "privilege": "ListSupportedPhoneNumberCountries", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel-flow*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the content of a message", - "privilege": "UpdateChannelMessage", + "access_level": "Read", + "description": "Grants permission to list the tags applied to an Amazon Chime resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" + "resource_type": "app-instance" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-user*" + "resource_type": "app-instance-bot" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to set the timestamp to the point when a user last read messages in a channel", - "privilege": "UpdateChannelReadMarker", - "resource_types": [ + "resource_type": "app-instance-user" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" + "resource_type": "channel" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-user*" + "resource_type": "channel-flow" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "media-insights-pipeline-configuration" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "media-pipeline" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "media-pipeline-kinesis-video-stream-pool" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "meeting" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "sip-media-application" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "voice-connector" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "voice-profile-domain" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the global settings related to Amazon Chime for the AWS account", - "privilege": "UpdateGlobalSettings", + "access_level": "List", + "description": "Grants permission to list the users that belong to the specified Amazon Chime account", + "privilege": "ListUsers", "resource_types": [ { "condition_keys": [], @@ -39539,50 +43218,45 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update the status of a media insights pipeline configuration", - "privilege": "UpdateMediaInsightsPipelineConfiguration", + "access_level": "List", + "description": "Grants permission to list the Amazon Chime Voice Connector Groups under the administrator's AWS account", + "privilege": "ListVoiceConnectorGroups", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "chime:ListVoiceConnectors", - "iam:PassRole", - "kinesis:DescribeStream", - "s3:ListBucket" - ], - "resource_type": "media-insights-pipeline-configuration*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the status of a media insights pipeline", - "privilege": "UpdateMediaInsightsPipelineStatus", + "access_level": "List", + "description": "Grants permission to list the SIP termination credentials for the specified Amazon Chime Voice Connector", + "privilege": "ListVoiceConnectorTerminationCredentials", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "media-pipeline*" + "resource_type": "voice-connector*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update kinesis video stream pool", - "privilege": "UpdateMediaPipelineKinesisVideoStreamPool", + "access_level": "List", + "description": "Grants permission to list the Amazon Chime Voice Connectors under the administrator's AWS account", + "privilege": "ListVoiceConnectors", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "media-pipeline-kinesis-video-stream-pool*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update phone number details for the specified phone number", - "privilege": "UpdatePhoneNumber", + "access_level": "List", + "description": "Grants permission to list voice profile domains", + "privilege": "ListVoiceProfileDomains", "resource_types": [ { "condition_keys": [], @@ -39592,93 +43266,108 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update phone number settings related to Amazon Chime for the AWS account", - "privilege": "UpdatePhoneNumberSettings", + "access_level": "List", + "description": "Grants permission to list voice profiles", + "privilege": "ListVoiceProfiles", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "voice-profile-domain*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a proxy session for the specified Amazon Chime Voice Connector", - "privilege": "UpdateProxySession", + "description": "Grants permission to log out the specified user from all of the devices they are currently logged into", + "privilege": "LogoutUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a room", - "privilege": "UpdateRoom", + "description": "Grants permission to enable data retention for the app instance", + "privilege": "PutAppInstanceRetentionSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "app-instance*" } ] }, { "access_level": "Write", - "description": "Grants permission to update room membership role", - "privilege": "UpdateRoomMembership", + "description": "Grants permission to configure data streaming for the app instance", + "privilege": "PutAppInstanceStreamingConfigurations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "app-instance*" } ] }, { "access_level": "Write", - "description": "Grants permission to update properties of Amazon Chime SIP media application under the administrator's AWS account", - "privilege": "UpdateSipMediaApplication", + "description": "Grants permission to put expiration settings for an AppInstanceUser", + "privilege": "PutAppInstanceUserExpirationSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sip-media-application*" + "resource_type": "app-instance-user*" } ] }, { "access_level": "Write", - "description": "Grants permission to update an Amazon Chime SIP media application call under the administrator's AWS account", - "privilege": "UpdateSipMediaApplicationCall", + "description": "Grants permission to put expiration settings for a channel", + "privilege": "PutChannelExpirationSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sip-media-application*" + "resource_type": "app-instance-user*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Grants permission to update properties of Amazon Chime SIP rule under the administrator's AWS account", - "privilege": "UpdateSipRule", + "description": "Grants permission to put the preferences for a channel membership", + "privilege": "PutChannelMembershipPreferences", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sip-media-application" + "resource_type": "app-instance-bot*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-instance-user*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the supported license tiers available for users in your Amazon Chime account", - "privilege": "UpdateSupportedLicenses", + "description": "Grants permission to update details for an events configuration for a bot to receive outgoing events", + "privilege": "PutEventsConfiguration", "resource_types": [ { "condition_keys": [], @@ -39689,20 +43378,20 @@ }, { "access_level": "Write", - "description": "Grants permission to update user details for a specified user ID", - "privilege": "UpdateUser", + "description": "Grants permission to put the data streaming configurations of an AppInstance", + "privilege": "PutMessagingStreamingConfigurations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "app-instance*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the licenses for your Amazon Chime users", - "privilege": "UpdateUserLicenses", + "description": "Grants permission to create or update retention settings for the specified Amazon Chime account", + "privilege": "PutRetentionSettings", "resource_types": [ { "condition_keys": [], @@ -39713,1058 +43402,720 @@ }, { "access_level": "Write", - "description": "Grants permission to update user settings related to the specified Amazon Chime user", - "privilege": "UpdateUserSettings", + "description": "Grants permission to update Alexa Skill configuration settings for Amazon Chime SIP media application under the administrator's AWS account", + "privilege": "PutSipMediaApplicationAlexaSkillConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "sip-media-application*" } ] }, { "access_level": "Write", - "description": "Grants permission to update Amazon Chime Voice Connector details for the specified Amazon Chime Voice Connector", - "privilege": "UpdateVoiceConnector", + "description": "Grants permission to update logging configuration settings for Amazon Chime SIP media application under the administrator's AWS account", + "privilege": "PutSipMediaApplicationLoggingConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" + "resource_type": "sip-media-application*" } ] }, { "access_level": "Write", - "description": "Grants permission to update Amazon Chime Voice Connector Group details for the specified Amazon Chime Voice Connector Group", - "privilege": "UpdateVoiceConnectorGroup", + "description": "Grants permission to add emergency calling configuration for the specified Amazon Chime Voice Connector", + "privilege": "PutVoiceConnectorEmergencyCallingConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector" + "resource_type": "voice-connector*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a voice profile", - "privilege": "UpdateVoiceProfile", + "description": "Grants permission to update the configuration of the external system that is connected with the specified Amazon Chime Voice Connector", + "privilege": "PutVoiceConnectorExternalSystemsConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-profile*" + "resource_type": "voice-connector*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a voice profile domain", - "privilege": "UpdateVoiceProfileDomain", + "description": "Grants permission to add logging configuration for the specified Amazon Chime Voice Connector", + "privilege": "PutVoiceConnectorLoggingConfiguration", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "voice-profile-domain*" + "dependent_actions": [ + "logs:CreateLogDelivery", + "logs:CreateLogGroup", + "logs:DeleteLogDelivery", + "logs:DescribeLogGroups", + "logs:GetLogDelivery", + "logs:ListLogDeliveries" + ], + "resource_type": "voice-connector*" } ] }, { - "access_level": "Read", - "description": "Grants permission to validate the account resource in your Amazon Chime account", - "privilege": "ValidateAccountResource", + "access_level": "Write", + "description": "Grants permission to update the origination settings for the specified Amazon Chime Voice Connector", + "privilege": "PutVoiceConnectorOrigination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "voice-connector*" } ] }, { - "access_level": "Read", - "description": "Grants permission to validate an address to be used for 911 calls made with Amazon Chime Voice Connectors", - "privilege": "ValidateE911Address", + "access_level": "Write", + "description": "Grants permission to add proxy configuration for the specified Amazon Chime Voice Connector", + "privilege": "PutVoiceConnectorProxy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "voice-connector*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:chime::${AccountId}:meeting/${MeetingId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "meeting" - }, - { - "arn": "arn:${Partition}:chime:${Region}:${AccountId}:app-instance/${AppInstanceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "app-instance" - }, - { - "arn": "arn:${Partition}:chime:${Region}:${AccountId}:app-instance/${AppInstanceId}/user/${AppInstanceUserId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "app-instance-user" - }, - { - "arn": "arn:${Partition}:chime:${Region}:${AccountId}:app-instance/${AppInstanceId}/bot/${AppInstanceBotId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "app-instance-bot" - }, - { - "arn": "arn:${Partition}:chime:${Region}:${AccountId}:app-instance/${AppInstanceId}/channel/${ChannelId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "channel" - }, - { - "arn": "arn:${Partition}:chime:${Region}:${AccountId}:app-instance/${AppInstanceId}/channel-flow/${ChannelFlowId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "channel-flow" - }, - { - "arn": "arn:${Partition}:chime:${Region}:${AccountId}:media-pipeline/${MediaPipelineId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "media-pipeline" - }, - { - "arn": "arn:${Partition}:chime:${Region}:${AccountId}:media-insights-pipeline-configuration/${ConfigurationName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "media-insights-pipeline-configuration" - }, - { - "arn": "arn:${Partition}:chime:${Region}:${AccountId}:media-pipeline-kinesis-video-stream-pool/${PoolName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "media-pipeline-kinesis-video-stream-pool" - }, - { - "arn": "arn:${Partition}:chime:${Region}:${AccountId}:voice-profile-domain/${VoiceProfileDomainId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "voice-profile-domain" - }, - { - "arn": "arn:${Partition}:chime:${Region}:${AccountId}:voice-profile/${VoiceProfileId}", - "condition_keys": [], - "resource": "voice-profile" - }, - { - "arn": "arn:${Partition}:chime:${Region}:${AccountId}:vc/${VoiceConnectorId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "voice-connector" - }, - { - "arn": "arn:${Partition}:chime:${Region}:${AccountId}:sma/${SipMediaApplicationId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "sip-media-application" - } - ], - "service_name": "Amazon Chime" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", - "type": "String" }, { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", - "type": "ArrayOfString" - } - ], - "prefix": "cleanrooms", - "privileges": [ - { - "access_level": "Read", - "description": "Grants permission to view details of analysisTemplates associated to the collaboration", - "privilege": "BatchGetCollaborationAnalysisTemplate", + "access_level": "Write", + "description": "Grants permission to add streaming configuration for the specified Amazon Chime Voice Connector", + "privilege": "PutVoiceConnectorStreamingConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "cleanrooms:GetCollaborationAnalysisTemplate" + "chime:GetMediaInsightsPipelineConfiguration" ], - "resource_type": "analysistemplate*" + "resource_type": "voice-connector*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "collaboration*" + "resource_type": "media-insights-pipeline-configuration" } ] }, { - "access_level": "Read", - "description": "Grants permission to view details for schemas", - "privilege": "BatchGetSchema", + "access_level": "Write", + "description": "Grants permission to update the termination settings for the specified Amazon Chime Voice Connector", + "privilege": "PutVoiceConnectorTermination", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "cleanrooms:GetSchema" - ], - "resource_type": "collaboration*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuredtableassociation" - }, + "resource_type": "voice-connector*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to add SIP termination credentials for the specified Amazon Chime Voice Connector", + "privilege": "PutVoiceConnectorTerminationCredentials", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "idmappingtable" + "resource_type": "voice-connector*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view analysis rules associated with schemas", - "privilege": "BatchGetSchemaAnalysisRule", + "access_level": "Write", + "description": "Grants permission to redact message content", + "privilege": "RedactChannelMessage", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "cleanrooms:GetSchema" - ], - "resource_type": "collaboration*" + "dependent_actions": [], + "resource_type": "app-instance-bot*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuredtableassociation" + "resource_type": "app-instance-user*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "idmappingtable" + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new analysis template", - "privilege": "CreateAnalysisTemplate", + "description": "Grants permission to redact the specified Chime conversation Message", + "privilege": "RedactConversationMessage", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "analysistemplate*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "membership*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new collaboration, a shared data collaboration environment", - "privilege": "CreateCollaboration", + "description": "Grants permission to redacts the specified Chime room Message", + "privilege": "RedactRoomMessage", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "collaboration*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to link a Cleanrooms ML configured audience model with a collaboration by creating a new association", - "privilege": "CreateConfiguredAudienceModelAssociation", + "description": "Grants permission to regenerate the security token for the specified bot", + "privilege": "RegenerateSecurityToken", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "cleanrooms-ml:GetConfiguredAudienceModel", - "cleanrooms-ml:GetConfiguredAudienceModelPolicy", - "cleanrooms-ml:PutConfiguredAudienceModelPolicy" - ], - "resource_type": "configuredaudiencemodelassociation*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "membership*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new configured table", - "privilege": "CreateConfiguredTable", + "description": "Grants permission to register an endpoint for an app instance user", + "privilege": "RegisterAppInstanceUserEndpoint", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [ - "athena:GetTableMetadata", - "glue:BatchGetPartition", - "glue:GetDatabase", - "glue:GetDatabases", - "glue:GetPartition", - "glue:GetPartitions", - "glue:GetSchemaVersion", - "glue:GetTable", - "glue:GetTables" + "mobiletargeting:GetApp" ], - "resource_type": "configuredtable*" + "resource_type": "app-instance-user*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a analysis rule for a configured table", - "privilege": "CreateConfiguredTableAnalysisRule", + "description": "Grants permission to modify the account name for your Amazon Chime Enterprise or Team account", + "privilege": "RenameAccount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuredtable*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to link a configured table with a collaboration by creating a new association", - "privilege": "CreateConfiguredTableAssociation", + "description": "Grants permission to renew the delegation request associated with an Amazon Chime account", + "privilege": "RenewDelegate", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "iam:PassRole" - ], - "resource_type": "configuredtable*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "configuredtableassociation*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "membership*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create an analysis rule for a configured table association", - "privilege": "CreateConfiguredTableAssociationAnalysisRule", + "description": "Grants permission to reset the account resource in your Amazon Chime account", + "privilege": "ResetAccountResource", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "configuredtableassociation*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to link an id mapping workflow with a collaboration by creating a new id mapping table", - "privilege": "CreateIdMappingTable", + "description": "Grants permission to reset the personal meeting PIN for the specified user on an Amazon Chime account", + "privilege": "ResetPersonalPIN", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "entityresolution:AddPolicyStatement", - "entityresolution:GetIdMappingWorkflow" - ], - "resource_type": "idmappingtable*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "membership*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to link an AWS Entity Resolution Id Namespace with a collaboration by creating a new association", - "privilege": "CreateIdNamespaceAssociation", + "description": "Grants permission to restore the specified phone number from the deltion queue back to the phone number inventory", + "privilege": "RestorePhoneNumber", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "entityresolution:AddPolicyStatement", - "entityresolution:GetIdNamespace" - ], - "resource_type": "idnamespaceassociation*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "membership*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to join collaborations by creating a membership", - "privilege": "CreateMembership", + "access_level": "Read", + "description": "Grants permission to download the file containing links to all user attachments returned as part of the \"Request attachments\" action", + "privilege": "RetrieveDataExports", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "iam:PassRole", - "logs:CreateLogDelivery", - "logs:CreateLogGroup", - "logs:DeleteLogDelivery", - "logs:DescribeLogGroups", - "logs:DescribeResourcePolicies", - "logs:GetLogDelivery", - "logs:ListLogDeliveries", - "logs:PutResourcePolicy", - "logs:UpdateLogDelivery", - "s3:GetBucketLocation" - ], - "resource_type": "collaboration*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "membership*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new privacy budget template", - "privilege": "CreatePrivacyBudgetTemplate", + "access_level": "Read", + "description": "Grants permission to search phone numbers that can be ordered from the carrier", + "privilege": "SearchAvailablePhoneNumbers", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "membership*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "privacybudgettemplate*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an existing analysis template", - "privilege": "DeleteAnalysisTemplate", + "access_level": "List", + "description": "Grants permission to search channels that an AppInstanceUser belongs to, or search channels across the AppInstance for an AppInstaceAdmin", + "privilege": "SearchChannels", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "analysistemplate*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete an existing collaboration", - "privilege": "DeleteCollaboration", - "resource_types": [ + "resource_type": "app-instance-bot*" + }, { "condition_keys": [], - "dependent_actions": [ - "cleanrooms-ml:DeleteConfiguredAudienceModelPolicy", - "cleanrooms-ml:GetConfiguredAudienceModelPolicy", - "cleanrooms-ml:PutConfiguredAudienceModelPolicy" - ], - "resource_type": "collaboration*" + "dependent_actions": [], + "resource_type": "app-instance-user*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an existing configured audience model association", - "privilege": "DeleteConfiguredAudienceModelAssociation", + "description": "Grants permission to send a message to a particular channel that the member is a part of", + "privilege": "SendChannelMessage", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "cleanrooms-ml:DeleteConfiguredAudienceModelPolicy", - "cleanrooms-ml:GetConfiguredAudienceModelPolicy", - "cleanrooms-ml:PutConfiguredAudienceModelPolicy" - ], - "resource_type": "configuredaudiencemodelassociation*" + "dependent_actions": [], + "resource_type": "app-instance-bot*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-instance-user*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a configured table", - "privilege": "DeleteConfiguredTable", + "description": "Grants permission to submit the \"Request attachments\" request", + "privilege": "StartDataExport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuredtable*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an existing analysis rule", - "privilege": "DeleteConfiguredTableAnalysisRule", + "description": "Grants permission to start transcription for a meeting", + "privilege": "StartMeetingTranscription", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuredtable*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to remove a configured table association from a collaboration", - "privilege": "DeleteConfiguredTableAssociation", + "description": "Grants permission to start a speaker search task on the specified Amazon Chime resource", + "privilege": "StartSpeakerSearchTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuredtableassociation*" + "resource_type": "media-pipeline" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "voice-connector" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an existing configured table association analysis rule", - "privilege": "DeleteConfiguredTableAssociationAnalysisRule", + "description": "Grants permission to start a voice tone analysis task on the specified Amazon Chime resource", + "privilege": "StartVoiceToneAnalysisTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuredtableassociation*" + "resource_type": "media-pipeline" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "voice-connector" } ] }, { "access_level": "Write", - "description": "Grants permission to remove an id mapping table from a collaboration", - "privilege": "DeleteIdMappingTable", + "description": "Grants permission to stop transcription for a meeting", + "privilege": "StopMeetingTranscription", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "entityresolution:DeletePolicyStatement" - ], - "resource_type": "idmappingtable*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "membership*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to remove an Id Namespace Association from a collaboration", - "privilege": "DeleteIdNamespaceAssociation", + "description": "Grants permission to stop a speaker search task on the specified Amazon Chime resource", + "privilege": "StopSpeakerSearchTask", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "entityresolution:DeletePolicyStatement" - ], - "resource_type": "idnamespaceassociation*" + "dependent_actions": [], + "resource_type": "media-pipeline" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "membership*" + "resource_type": "voice-connector" } ] }, { "access_level": "Write", - "description": "Grants permission to delete members from a collaboration", - "privilege": "DeleteMember", + "description": "Grants permission to stop a voice tone analysis task on the specified Amazon Chime resource", + "privilege": "StopVoiceToneAnalysisTask", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "cleanrooms-ml:DeleteConfiguredAudienceModelPolicy", - "cleanrooms-ml:GetConfiguredAudienceModelPolicy", - "cleanrooms-ml:PutConfiguredAudienceModelPolicy" - ], - "resource_type": "collaboration*" + "dependent_actions": [], + "resource_type": "media-pipeline" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "voice-connector" } ] }, { "access_level": "Write", - "description": "Grants permission to leave collaborations by deleting a membership", - "privilege": "DeleteMembership", + "description": "Grants permission to submit a customer service support request", + "privilege": "SubmitSupportRequest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "membership*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an existing privacy budget template", - "privilege": "DeletePrivacyBudgetTemplate", + "description": "Grants permission to suspend users from an Amazon Chime Enterprise account", + "privilege": "SuspendUsers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "privacybudgettemplate*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view details for an analysis template", - "privilege": "GetAnalysisTemplate", + "access_level": "Tagging", + "description": "Grants permission to apply the specified tags to the specified Amazon Chime SDK attendee", + "privilege": "TagAttendee", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "analysistemplate*" + "resource_type": "meeting*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view details for a collaboration", - "privilege": "GetCollaboration", + "access_level": "Tagging", + "description": "Grants permission to apply the specified tags to the specified Amazon Chime SDK meeting", + "privilege": "TagMeeting", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "collaboration*" + "resource_type": "meeting*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view details for an analysis template within a collaboration", - "privilege": "GetCollaborationAnalysisTemplate", + "access_level": "Tagging", + "description": "Grants permission to apply the specified tags to the specified resource (tag-based access controls are only supported on *-chime..amazonaws.com endpoints)", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "analysistemplate*" + "resource_type": "app-instance" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "collaboration*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to view details for a configured audience model association within a collaboration", - "privilege": "GetCollaborationConfiguredAudienceModelAssociation", - "resource_types": [ + "resource_type": "app-instance-bot" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "collaboration*" + "resource_type": "app-instance-user" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuredaudiencemodelassociation*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get id namespace association within a collaboration", - "privilege": "GetCollaborationIdNamespaceAssociation", - "resource_types": [ + "resource_type": "channel" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "collaboration*" + "resource_type": "channel-flow" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "idnamespaceassociation*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to view details for a privacy budget template within a collaboration", - "privilege": "GetCollaborationPrivacyBudgetTemplate", - "resource_types": [ + "resource_type": "media-insights-pipeline-configuration" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "collaboration*" + "resource_type": "media-pipeline" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "privacybudgettemplate*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to view details for a configured audience model association", - "privilege": "GetConfiguredAudienceModelAssociation", - "resource_types": [ + "resource_type": "media-pipeline-kinesis-video-stream-pool" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuredaudiencemodelassociation*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to view details for a configured table", - "privilege": "GetConfiguredTable", - "resource_types": [ + "resource_type": "meeting" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuredtable*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to view analysis rules for a configured table", - "privilege": "GetConfiguredTableAnalysisRule", - "resource_types": [ + "resource_type": "sip-media-application" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuredtable*" + "resource_type": "voice-connector" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "voice-profile-domain" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view details for a configured table association", - "privilege": "GetConfiguredTableAssociation", + "access_level": "Write", + "description": "Grants permission to unauthorize an Active Directory from your Amazon Chime Enterprise account", + "privilege": "UnauthorizeDirectory", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuredtableassociation*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view analysis rules for a configured table association", - "privilege": "GetConfiguredTableAssociationAnalysisRule", + "access_level": "Tagging", + "description": "Grants permission to untag the specified tags from the specified Amazon Chime SDK attendee", + "privilege": "UntagAttendee", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuredtableassociation*" + "resource_type": "meeting*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view details of an id mapping table", - "privilege": "GetIdMappingTable", + "access_level": "Tagging", + "description": "Grants permission to untag the specified tags from the specified Amazon Chime SDK meeting", + "privilege": "UntagMeeting", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "idmappingtable*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "membership*" + "resource_type": "meeting*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view details of an id namespace association", - "privilege": "GetIdNamespaceAssociation", + "access_level": "Tagging", + "description": "Grants permission to untag the specified tags from the specified resource (tag-based access controls are only supported on *-chime..amazonaws.com endpoints)", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "entityresolution:GetIdNamespace" - ], - "resource_type": "idnamespaceassociation*" + "dependent_actions": [], + "resource_type": "app-instance" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "membership*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to view details about a membership", - "privilege": "GetMembership", - "resource_types": [ + "resource_type": "app-instance-bot" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "membership*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to view details for a privacy budget template", - "privilege": "GetPrivacyBudgetTemplate", - "resource_types": [ + "resource_type": "app-instance-user" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "privacybudgettemplate*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to view a protected query", - "privilege": "GetProtectedQuery", - "resource_types": [ + "resource_type": "channel" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "membership*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to view details for a schema", - "privilege": "GetSchema", - "resource_types": [ + "resource_type": "channel-flow" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "collaboration*" + "resource_type": "media-insights-pipeline-configuration" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuredtableassociation*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to view analysis rules associated with a schema", - "privilege": "GetSchemaAnalysisRule", - "resource_types": [ + "resource_type": "media-pipeline" + }, { "condition_keys": [], - "dependent_actions": [ - "cleanrooms:GetSchema" - ], - "resource_type": "collaboration*" + "dependent_actions": [], + "resource_type": "media-pipeline-kinesis-video-stream-pool" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuredtableassociation*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list available analysis templates", - "privilege": "ListAnalysisTemplates", - "resource_types": [ + "resource_type": "meeting" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "analysistemplate*" + "resource_type": "sip-media-application" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "membership*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list available analysis templates within a collaboration", - "privilege": "ListCollaborationAnalysisTemplates", - "resource_types": [ + "resource_type": "voice-connector" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "collaboration*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list available configured audience model association within a collaboration", - "privilege": "ListCollaborationConfiguredAudienceModelAssociations", - "resource_types": [ + "resource_type": "voice-profile-domain" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "collaboration*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list id namespace within a collaboration", - "privilege": "ListCollaborationIdNamespaceAssociations", + "access_level": "Write", + "description": "Grants permission to update account details for the specified Amazon Chime account", + "privilege": "UpdateAccount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "collaboration*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list available privacy budget templates within a collaboration", - "privilege": "ListCollaborationPrivacyBudgetTemplates", + "access_level": "Write", + "description": "Grants permission to update the OpenIdConfig attributes for your Amazon Chime account", + "privilege": "UpdateAccountOpenIdConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "collaboration*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list privacy budgets within a collaboration", - "privilege": "ListCollaborationPrivacyBudgets", + "access_level": "Write", + "description": "Grants permission to update the account resource in your Amazon Chime account", + "privilege": "UpdateAccountResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "collaboration*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list available collaborations", - "privilege": "ListCollaborations", + "access_level": "Write", + "description": "Grants permission to update the settings for the specified Amazon Chime account", + "privilege": "UpdateAccountSettings", "resource_types": [ { "condition_keys": [], @@ -40774,1458 +44125,1462 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list available configured audience model associations for a membership", - "privilege": "ListConfiguredAudienceModelAssociations", + "access_level": "Write", + "description": "Grants permission to update AppInstance metadata", + "privilege": "UpdateAppInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuredaudiencemodelassociation*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "membership*" + "resource_type": "app-instance*" } ] }, { - "access_level": "List", - "description": "Grants permission to list available configured table associations for a membership", - "privilege": "ListConfiguredTableAssociations", + "access_level": "Write", + "description": "Grants permission to update the details for an AppInstanceBot", + "privilege": "UpdateAppInstanceBot", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuredtableassociation*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "membership*" + "resource_type": "app-instance-bot*" } ] }, { - "access_level": "List", - "description": "Grants permission to list available configured tables", - "privilege": "ListConfiguredTables", + "access_level": "Write", + "description": "Grants permission to update the details for an AppInstanceUser", + "privilege": "UpdateAppInstanceUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "app-instance-user*" } ] }, { - "access_level": "List", - "description": "Grants permission to list available id mapping tables for a membership", - "privilege": "ListIdMappingTables", + "access_level": "Write", + "description": "Grants permission to update an endpoint registered for an app instance user", + "privilege": "UpdateAppInstanceUserEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "idmappingtable*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "membership*" + "resource_type": "app-instance-user*" } ] }, { - "access_level": "List", - "description": "Grants permission to list entity resolution data associations for a membership", - "privilege": "ListIdNamespaceAssociations", + "access_level": "Write", + "description": "Grants permission to the capabilties that you want to update", + "privilege": "UpdateAttendeeCapabilities", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "idnamespaceassociation*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "membership*" + "resource_type": "meeting*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the members of a collaboration", - "privilege": "ListMembers", + "access_level": "Write", + "description": "Grants permission to update the status of the specified bot", + "privilege": "UpdateBot", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "collaboration*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list available memberships", - "privilege": "ListMemberships", + "access_level": "Write", + "description": "Grants permission to update your Call Detail Record S3 bucket", + "privilege": "UpdateCDRSettings", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "s3:CreateBucket", + "s3:DeleteBucket", + "s3:ListAllMyBuckets" + ], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list available privacy budget templates", - "privilege": "ListPrivacyBudgetTemplates", + "access_level": "Write", + "description": "Grants permission to update a channel's attributes", + "privilege": "UpdateChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "membership*" + "resource_type": "app-instance-bot*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "privacybudgettemplate*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list available privacy budgets", - "privilege": "ListPrivacyBudgets", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "membership*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list protected queries", - "privilege": "ListProtectedQueries", - "resource_types": [ + "resource_type": "app-instance-user*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "membership*" + "resource_type": "channel*" } ] }, { - "access_level": "List", - "description": "Grants permission to view available schemas for a collaboration", - "privilege": "ListSchemas", + "access_level": "Write", + "description": "Grants permission to update a channel flow", + "privilege": "UpdateChannelFlow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "collaboration*" + "resource_type": "channel-flow*" } ] }, { - "access_level": "List", - "description": "Grants permission to list tags for a resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to update the content of a message", + "privilege": "UpdateChannelMessage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "analysistemplate" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "collaboration" + "resource_type": "app-instance-bot*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuredaudiencemodelassociation" + "resource_type": "app-instance-user*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuredtable" - }, + "resource_type": "channel*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to set the timestamp to the point when a user last read messages in a channel", + "privilege": "UpdateChannelReadMarker", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuredtableassociation" + "resource_type": "app-instance-bot*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "membership" + "resource_type": "app-instance-user*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "privacybudgettemplate" + "resource_type": "channel*" } ] }, { - "access_level": "Read", - "description": "Grants permission to access a collaboration in the context of Clean Rooms ML custom models", - "privilege": "PassCollaboration", + "access_level": "Write", + "description": "Grants permission to update the global settings related to Amazon Chime for the AWS account", + "privilege": "UpdateGlobalSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "collaboration*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to access a membership in the context of Clean Rooms ML custom models", - "privilege": "PassMembership", + "access_level": "Write", + "description": "Grants permission to update the status of a media insights pipeline configuration", + "privilege": "UpdateMediaInsightsPipelineConfiguration", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "membership*" + "dependent_actions": [ + "chime:ListVoiceConnectors", + "iam:PassRole", + "kinesis:DescribeStream", + "s3:ListBucket" + ], + "resource_type": "media-insights-pipeline-configuration*" } ] }, { "access_level": "Write", - "description": "Grants permission to start an Id Mapping Job in AWS Entity Resolution to generate id mapping results in cleanrooms collaboration.", - "privilege": "PopulateIdMappingTable", + "description": "Grants permission to update the status of a media insights pipeline", + "privilege": "UpdateMediaInsightsPipelineStatus", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "entityresolution:GetIdMappingWorkflow" - ], - "resource_type": "idmappingtable*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "membership*" + "resource_type": "media-pipeline*" } ] }, { - "access_level": "Read", - "description": "Grants permission to preview privacy budget template settings", - "privilege": "PreviewPrivacyImpact", + "access_level": "Write", + "description": "Grants permission to update kinesis video stream pool", + "privilege": "UpdateMediaPipelineKinesisVideoStreamPool", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "membership*" + "resource_type": "media-pipeline-kinesis-video-stream-pool*" } ] }, { "access_level": "Write", - "description": "Grants permission to start protected queries", - "privilege": "StartProtectedQuery", + "description": "Grants permission to update phone number details for the specified phone number", + "privilege": "UpdatePhoneNumber", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "cleanrooms:GetCollaborationAnalysisTemplate", - "cleanrooms:GetSchema", - "s3:GetBucketLocation", - "s3:ListBucket", - "s3:PutObject" - ], - "resource_type": "membership*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "analysistemplate" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "configuredtableassociation" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "idmappingtable" + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag a resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to update phone number settings related to Amazon Chime for the AWS account", + "privilege": "UpdatePhoneNumberSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "analysistemplate" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "collaboration" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "configuredaudiencemodelassociation" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "configuredtable" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "configuredtableassociation" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "idmappingtable" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "idnamespaceassociation" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "membership" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "privacybudgettemplate" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag a resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to update a proxy session for the specified Amazon Chime Voice Connector", + "privilege": "UpdateProxySession", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "analysistemplate" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "collaboration" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "configuredaudiencemodelassociation" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "configuredtable" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "configuredtableassociation" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "idmappingtable" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "idnamespaceassociation" - }, + "resource_type": "voice-connector*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a room", + "privilege": "UpdateRoom", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "membership" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update room membership role", + "privilege": "UpdateRoomMembership", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "privacybudgettemplate" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update details of the analysis template", - "privilege": "UpdateAnalysisTemplate", + "description": "Grants permission to update properties of Amazon Chime SIP media application under the administrator's AWS account", + "privilege": "UpdateSipMediaApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "analysistemplate*" + "resource_type": "sip-media-application*" } ] }, { "access_level": "Write", - "description": "Grants permission to update details of the collaboration", - "privilege": "UpdateCollaboration", + "description": "Grants permission to update an Amazon Chime SIP media application call under the administrator's AWS account", + "privilege": "UpdateSipMediaApplicationCall", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "collaboration*" + "resource_type": "sip-media-application*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a configured audience model association", - "privilege": "UpdateConfiguredAudienceModelAssociation", + "description": "Grants permission to update properties of Amazon Chime SIP rule under the administrator's AWS account", + "privilege": "UpdateSipRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuredaudiencemodelassociation*" + "resource_type": "sip-media-application" } ] }, { "access_level": "Write", - "description": "Grants permission to update an existing configured table", - "privilege": "UpdateConfiguredTable", + "description": "Grants permission to update the supported license tiers available for users in your Amazon Chime account", + "privilege": "UpdateSupportedLicenses", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuredtable*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update analysis rules for a configured table", - "privilege": "UpdateConfiguredTableAnalysisRule", + "description": "Grants permission to update user details for a specified user ID", + "privilege": "UpdateUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuredtable*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a configured table association", - "privilege": "UpdateConfiguredTableAssociation", + "description": "Grants permission to update the licenses for your Amazon Chime users", + "privilege": "UpdateUserLicenses", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:PassRole" - ], - "resource_type": "configuredtableassociation*" + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update analysis rules for a configured table association", - "privilege": "UpdateConfiguredTableAssociationAnalysisRule", + "description": "Grants permission to update user settings related to the specified Amazon Chime user", + "privilege": "UpdateUserSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuredtableassociation*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update an id mapping table", - "privilege": "UpdateIdMappingTable", + "description": "Grants permission to update Amazon Chime Voice Connector details for the specified Amazon Chime Voice Connector", + "privilege": "UpdateVoiceConnector", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "idmappingtable*" - }, + "resource_type": "voice-connector*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update Amazon Chime Voice Connector Group details for the specified Amazon Chime Voice Connector Group", + "privilege": "UpdateVoiceConnectorGroup", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "membership*" + "resource_type": "voice-connector" } ] }, { "access_level": "Write", - "description": "Grants permission to update a entity resolution input association", - "privilege": "UpdateIdNamespaceAssociation", + "description": "Grants permission to update a voice profile", + "privilege": "UpdateVoiceProfile", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "entityresolution:GetIdNamespace" - ], - "resource_type": "idnamespaceassociation*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "membership*" + "resource_type": "voice-profile*" } ] }, { "access_level": "Write", - "description": "Grants permission to update details of a membership", - "privilege": "UpdateMembership", + "description": "Grants permission to update a voice profile domain", + "privilege": "UpdateVoiceProfileDomain", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:PassRole", - "logs:CreateLogDelivery", - "logs:CreateLogGroup", - "logs:DeleteLogDelivery", - "logs:DescribeLogGroups", - "logs:DescribeResourcePolicies", - "logs:GetLogDelivery", - "logs:ListLogDeliveries", - "logs:PutResourcePolicy", - "logs:UpdateLogDelivery", - "s3:GetBucketLocation" - ], - "resource_type": "membership*" + "dependent_actions": [], + "resource_type": "voice-profile-domain*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update details of the privacy budget template", - "privilege": "UpdatePrivacyBudgetTemplate", + "access_level": "Read", + "description": "Grants permission to validate the account resource in your Amazon Chime account", + "privilege": "ValidateAccountResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "privacybudgettemplate*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update protected queries", - "privilege": "UpdateProtectedQuery", + "access_level": "Read", + "description": "Grants permission to validate an address to be used for 911 calls made with Amazon Chime Voice Connectors", + "privilege": "ValidateE911Address", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "membership*" + "resource_type": "" } ] } ], "resources": [ { - "arn": "arn:${Partition}:cleanrooms:${Region}:${Account}:membership/${MembershipId}/analysistemplate/${AnalysisTemplateId}", + "arn": "arn:${Partition}:chime::${AccountId}:meeting/${MeetingId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "analysistemplate" + "resource": "meeting" }, { - "arn": "arn:${Partition}:cleanrooms:${Region}:${Account}:collaboration/${CollaborationId}", + "arn": "arn:${Partition}:chime:${Region}:${AccountId}:app-instance/${AppInstanceId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "collaboration" + "resource": "app-instance" }, { - "arn": "arn:${Partition}:cleanrooms:${Region}:${Account}:membership/${MembershipId}/configuredaudiencemodelassociation/${ConfiguredAudienceModelAssociationId}", + "arn": "arn:${Partition}:chime:${Region}:${AccountId}:app-instance/${AppInstanceId}/user/${AppInstanceUserId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "configuredaudiencemodelassociation" + "resource": "app-instance-user" }, { - "arn": "arn:${Partition}:cleanrooms:${Region}:${Account}:configuredtable/${ConfiguredTableId}", + "arn": "arn:${Partition}:chime:${Region}:${AccountId}:app-instance/${AppInstanceId}/bot/${AppInstanceBotId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "configuredtable" + "resource": "app-instance-bot" }, { - "arn": "arn:${Partition}:cleanrooms:${Region}:${Account}:membership/${MembershipId}/configuredtableassociation/${ConfiguredTableAssociationId}", + "arn": "arn:${Partition}:chime:${Region}:${AccountId}:app-instance/${AppInstanceId}/channel/${ChannelId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "configuredtableassociation" + "resource": "channel" }, { - "arn": "arn:${Partition}:cleanrooms:${Region}:${Account}:membership/${MembershipId}/idmappingtable/${IdMappingTableId}", + "arn": "arn:${Partition}:chime:${Region}:${AccountId}:app-instance/${AppInstanceId}/channel-flow/${ChannelFlowId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "idmappingtable" + "resource": "channel-flow" }, { - "arn": "arn:${Partition}:cleanrooms:${Region}:${Account}:membership/${MembershipId}/idnamespaceassociation/${IdNamespaceAssociationId}", + "arn": "arn:${Partition}:chime:${Region}:${AccountId}:media-pipeline/${MediaPipelineId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "idnamespaceassociation" + "resource": "media-pipeline" }, { - "arn": "arn:${Partition}:cleanrooms:${Region}:${Account}:membership/${MembershipId}", + "arn": "arn:${Partition}:chime:${Region}:${AccountId}:media-insights-pipeline-configuration/${ConfigurationName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "membership" + "resource": "media-insights-pipeline-configuration" }, { - "arn": "arn:${Partition}:cleanrooms:${Region}:${Account}:membership/${MembershipId}/privacybudgettemplate/${PrivacyBudgetTemplateId}", + "arn": "arn:${Partition}:chime:${Region}:${AccountId}:media-pipeline-kinesis-video-stream-pool/${PoolName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "privacybudgettemplate" + "resource": "media-pipeline-kinesis-video-stream-pool" + }, + { + "arn": "arn:${Partition}:chime:${Region}:${AccountId}:voice-profile-domain/${VoiceProfileDomainId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "voice-profile-domain" + }, + { + "arn": "arn:${Partition}:chime:${Region}:${AccountId}:voice-profile/${VoiceProfileId}", + "condition_keys": [], + "resource": "voice-profile" + }, + { + "arn": "arn:${Partition}:chime:${Region}:${AccountId}:vc/${VoiceConnectorId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "voice-connector" + }, + { + "arn": "arn:${Partition}:chime:${Region}:${AccountId}:sma/${SipMediaApplicationId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "sip-media-application" } ], - "service_name": "AWS Clean Rooms" + "service_name": "Amazon Chime" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request", + "description": "Filters access by the tags that are passed in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tag key-value pairs attached to the resource", + "description": "Filters access by the tags associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by the presence of tag keys in the request", + "description": "Filters access by the tag keys that are passed in the request", "type": "ArrayOfString" - }, - { - "condition": "cleanrooms-ml:CollaborationId", - "description": "Filters access by Clean rooms collaboration id", - "type": "String" } ], - "prefix": "cleanrooms-ml", + "prefix": "cleanrooms", "privileges": [ { - "access_level": "Write", - "description": "Grants permission to cancel a trained model", - "privilege": "CancelTrainedModel", + "access_level": "Read", + "description": "Grants permission to view details of analysisTemplates associated to the collaboration", + "privilege": "BatchGetCollaborationAnalysisTemplate", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "TrainedModel*" + "dependent_actions": [ + "cleanrooms:GetCollaborationAnalysisTemplate" + ], + "resource_type": "analysistemplate*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "collaboration*" } ] }, { - "access_level": "Write", - "description": "Grants permission to cancel a trained model inference job", - "privilege": "CancelTrainedModelInferenceJob", + "access_level": "Read", + "description": "Grants permission to view details for schemas", + "privilege": "BatchGetSchema", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "cleanrooms:GetSchema" + ], + "resource_type": "collaboration*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "TrainedModelInferenceJob*" + "resource_type": "configuredtableassociation" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "idmappingtable" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an audience model", - "privilege": "CreateAudienceModel", + "access_level": "Read", + "description": "Grants permission to view analysis rules associated with schemas", + "privilege": "BatchGetSchemaAnalysisRule", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "cleanrooms:GetSchema" + ], + "resource_type": "collaboration*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "trainingdataset*" + "resource_type": "configuredtableassociation" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "idmappingtable" } ] }, { "access_level": "Write", - "description": "Grants permission to create a configured audience model", - "privilege": "CreateConfiguredAudienceModel", + "description": "Grants permission to create a new analysis template", + "privilege": "CreateAnalysisTemplate", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "audiencemodel*" + "resource_type": "analysistemplate*" }, { "condition_keys": [ "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], - "resource_type": "" + "resource_type": "membership*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a configured model algorithm", - "privilege": "CreateConfiguredModelAlgorithm", + "description": "Grants permission to create a new collaboration, a shared data collaboration environment", + "privilege": "CreateCollaboration", "resource_types": [ { "condition_keys": [ "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], - "resource_type": "" + "resource_type": "collaboration*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a configured model algorithm association", - "privilege": "CreateConfiguredModelAlgorithmAssociation", + "description": "Grants permission to create a change request in a collaboration", + "privilege": "CreateCollaborationChangeRequest", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ConfiguredModelAlgorithm*" - }, { "condition_keys": [ "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], - "resource_type": "" + "resource_type": "collaboration*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an ML input channel", - "privilege": "CreateMLInputChannel", + "description": "Grants permission to link a Cleanrooms ML configured audience model with a collaboration by creating a new association", + "privilege": "CreateConfiguredAudienceModelAssociation", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ConfiguredModelAlgorithmAssociation*" - }, { "condition_keys": [ "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a trained model", - "privilege": "CreateTrainedModel", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ConfiguredModelAlgorithmAssociation*" + "dependent_actions": [ + "cleanrooms-ml:GetConfiguredAudienceModel", + "cleanrooms-ml:GetConfiguredAudienceModelPolicy", + "cleanrooms-ml:PutConfiguredAudienceModelPolicy" + ], + "resource_type": "configuredaudiencemodelassociation*" }, { "condition_keys": [ "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], - "resource_type": "" + "resource_type": "membership*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a training dataset, or seed audience. In Clean Rooms ML, the TrainingDataset is metadata that points to a Glue table, which is read only during AudienceModel creation", - "privilege": "CreateTrainingDataset", + "description": "Grants permission to create a new configured table", + "privilege": "CreateConfiguredTable", "resource_types": [ { "condition_keys": [ "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "athena:GetTableMetadata", + "glue:BatchGetPartition", + "glue:GetDatabase", + "glue:GetDatabases", + "glue:GetPartition", + "glue:GetPartitions", + "glue:GetSchemaVersion", + "glue:GetTable", + "glue:GetTables" + ], + "resource_type": "configuredtable*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the specified audience generation job, and removes all data associated with the job", - "privilege": "DeleteAudienceGenerationJob", + "description": "Grants permission to create a analysis rule for a configured table", + "privilege": "CreateConfiguredTableAnalysisRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "audiencegenerationjob*" + "resource_type": "configuredtable*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to link a configured table with a collaboration by creating a new association", + "privilege": "CreateConfiguredTableAssociation", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "configuredtable*" }, { "condition_keys": [ "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], - "resource_type": "" + "resource_type": "configuredtableassociation*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "membership*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the specified audience generation job, and removes all data associated with the job", - "privilege": "DeleteAudienceModel", + "description": "Grants permission to create an analysis rule for a configured table association", + "privilege": "CreateConfiguredTableAssociationAnalysisRule", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "audiencemodel*" - }, { "condition_keys": [ "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], - "resource_type": "" + "resource_type": "configuredtableassociation*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the specified configured audience model", - "privilege": "DeleteConfiguredAudienceModel", + "description": "Grants permission to link an id mapping workflow with a collaboration by creating a new id mapping table", + "privilege": "CreateIdMappingTable", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "configuredaudiencemodel*" + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "entityresolution:AddPolicyStatement", + "entityresolution:GetIdMappingWorkflow" + ], + "resource_type": "idmappingtable*" }, { "condition_keys": [ "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], - "resource_type": "" + "resource_type": "membership*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the specified configured audience model policy", - "privilege": "DeleteConfiguredAudienceModelPolicy", + "description": "Grants permission to link an AWS Entity Resolution Id Namespace with a collaboration by creating a new association", + "privilege": "CreateIdNamespaceAssociation", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "configuredaudiencemodel*" + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "entityresolution:AddPolicyStatement", + "entityresolution:GetIdNamespace" + ], + "resource_type": "idnamespaceassociation*" }, { "condition_keys": [ "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], - "resource_type": "" + "resource_type": "membership*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a configured model algorithm", - "privilege": "DeleteConfiguredModelAlgorithm", + "description": "Grants permission to join collaborations by creating a membership", + "privilege": "CreateMembership", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ConfiguredModelAlgorithm*" + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "iam:PassRole", + "logs:CreateLogDelivery", + "logs:CreateLogGroup", + "logs:DeleteLogDelivery", + "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", + "logs:GetLogDelivery", + "logs:ListLogDeliveries", + "logs:PutResourcePolicy", + "logs:UpdateLogDelivery", + "s3:GetBucketLocation" + ], + "resource_type": "collaboration*" }, { "condition_keys": [ "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], - "resource_type": "" + "resource_type": "membership*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a configured model algorithm association", - "privilege": "DeleteConfiguredModelAlgorithmAssociation", + "description": "Grants permission to create a new privacy budget template", + "privilege": "CreatePrivacyBudgetTemplate", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "ConfiguredModelAlgorithmAssociation*" + "resource_type": "membership*" }, { "condition_keys": [ "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], - "resource_type": "" + "resource_type": "privacybudgettemplate*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an ML configuration", - "privilege": "DeleteMLConfiguration", + "description": "Grants permission to delete an existing analysis template", + "privilege": "DeleteAnalysisTemplate", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "analysistemplate*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete all data associated with the ML input channel", - "privilege": "DeleteMLInputChannelData", + "description": "Grants permission to delete an existing collaboration", + "privilege": "DeleteCollaboration", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "MLInputChannel*" - }, + "dependent_actions": [ + "cleanrooms-ml:DeleteConfiguredAudienceModelPolicy", + "cleanrooms-ml:GetConfiguredAudienceModelPolicy", + "cleanrooms-ml:PutConfiguredAudienceModelPolicy" + ], + "resource_type": "collaboration*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an existing configured audience model association", + "privilege": "DeleteConfiguredAudienceModelAssociation", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "condition_keys": [], + "dependent_actions": [ + "cleanrooms-ml:DeleteConfiguredAudienceModelPolicy", + "cleanrooms-ml:GetConfiguredAudienceModelPolicy", + "cleanrooms-ml:PutConfiguredAudienceModelPolicy" ], + "resource_type": "configuredaudiencemodelassociation*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a configured table", + "privilege": "DeleteConfiguredTable", + "resource_types": [ + { + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "configuredtable*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete all output associated with the trained model", - "privilege": "DeleteTrainedModelOutput", + "description": "Grants permission to delete an existing analysis rule", + "privilege": "DeleteConfiguredTableAnalysisRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "TrainedModel*" - }, + "resource_type": "configuredtable*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to remove a configured table association from a collaboration", + "privilege": "DeleteConfiguredTableAssociation", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "configuredtableassociation*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a training dataset", - "privilege": "DeleteTrainingDataset", + "description": "Grants permission to delete an existing configured table association analysis rule", + "privilege": "DeleteConfiguredTableAssociationAnalysisRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "trainingdataset*" - }, + "resource_type": "configuredtableassociation*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to remove an id mapping table from a collaboration", + "privilege": "DeleteIdMappingTable", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "condition_keys": [], + "dependent_actions": [ + "entityresolution:DeletePolicyStatement" ], + "resource_type": "idmappingtable*" + }, + { + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "membership*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return information about an audience generation job", - "privilege": "GetAudienceGenerationJob", + "access_level": "Write", + "description": "Grants permission to remove an Id Namespace Association from a collaboration", + "privilege": "DeleteIdNamespaceAssociation", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "audiencegenerationjob*" + "dependent_actions": [ + "entityresolution:DeletePolicyStatement" + ], + "resource_type": "idnamespaceassociation*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "membership*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return information about an audience model", - "privilege": "GetAudienceModel", + "access_level": "Write", + "description": "Grants permission to delete members from a collaboration", + "privilege": "DeleteMember", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "cleanrooms-ml:DeleteConfiguredAudienceModelPolicy", + "cleanrooms-ml:GetConfiguredAudienceModelPolicy", + "cleanrooms-ml:PutConfiguredAudienceModelPolicy" + ], + "resource_type": "collaboration*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to leave collaborations by deleting a membership", + "privilege": "DeleteMembership", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "audiencemodel*" - }, + "resource_type": "membership*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an existing privacy budget template", + "privilege": "DeletePrivacyBudgetTemplate", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "privacybudgettemplate*" } ] }, { "access_level": "Read", - "description": "Grants permission to return information about a configured model algorithm association created by any member in the collaboration", - "privilege": "GetCollaborationConfiguredModelAlgorithmAssociation", + "description": "Grants permission to view details for an analysis template", + "privilege": "GetAnalysisTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfiguredModelAlgorithmAssociation*" - }, + "resource_type": "analysistemplate*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to view details for a collaboration", + "privilege": "GetCollaboration", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "cleanrooms-ml:CollaborationId" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "collaboration*" } ] }, { "access_level": "Read", - "description": "Grants permission to return information about an ML input channel created by any member in the collaboration", - "privilege": "GetCollaborationMLInputChannel", + "description": "Grants permission to view details for an analysis template within a collaboration", + "privilege": "GetCollaborationAnalysisTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "MLInputChannel*" + "resource_type": "analysistemplate*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "cleanrooms-ml:CollaborationId" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "collaboration*" } ] }, { "access_level": "Read", - "description": "Grants permission to return information about a trained model created by any member in the collaboration", - "privilege": "GetCollaborationTrainedModel", + "description": "Grants permission to get a change request in a collaboration", + "privilege": "GetCollaborationChangeRequest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "TrainedModel*" + "resource_type": "collaboration*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to view details for a configured audience model association within a collaboration", + "privilege": "GetCollaborationConfiguredAudienceModelAssociation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "collaboration*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "cleanrooms-ml:CollaborationId" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "configuredaudiencemodelassociation*" } ] }, { "access_level": "Read", - "description": "Grants permission to return information about a configured audience model", - "privilege": "GetConfiguredAudienceModel", + "description": "Grants permission to get id namespace association within a collaboration", + "privilege": "GetCollaborationIdNamespaceAssociation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuredaudiencemodel*" + "resource_type": "collaboration*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "idnamespaceassociation*" } ] }, { "access_level": "Read", - "description": "Grants permission to return information about a configured audience model policy", - "privilege": "GetConfiguredAudienceModelPolicy", + "description": "Grants permission to view details for a privacy budget template within a collaboration", + "privilege": "GetCollaborationPrivacyBudgetTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuredaudiencemodel*" + "resource_type": "collaboration*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "privacybudgettemplate*" } ] }, { "access_level": "Read", - "description": "Grants permission to return information about a configured model algorithm", - "privilege": "GetConfiguredModelAlgorithm", + "description": "Grants permission to view details for a configured audience model association", + "privilege": "GetConfiguredAudienceModelAssociation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfiguredModelAlgorithm*" - }, + "resource_type": "configuredaudiencemodelassociation*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to view details for a configured table", + "privilege": "GetConfiguredTable", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "configuredtable*" } ] }, { "access_level": "Read", - "description": "Grants permission to return information about a configured model algorithm association", - "privilege": "GetConfiguredModelAlgorithmAssociation", + "description": "Grants permission to view analysis rules for a configured table", + "privilege": "GetConfiguredTableAnalysisRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfiguredModelAlgorithmAssociation*" - }, + "resource_type": "configuredtable*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to view details for a configured table association", + "privilege": "GetConfiguredTableAssociation", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "configuredtableassociation*" } ] }, { "access_level": "Read", - "description": "Grants permission to return information about an ML configuration", - "privilege": "GetMLConfiguration", + "description": "Grants permission to view analysis rules for a configured table association", + "privilege": "GetConfiguredTableAssociationAnalysisRule", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "configuredtableassociation*" } ] }, { "access_level": "Read", - "description": "Grants permission to return information about an ML input channel", - "privilege": "GetMLInputChannel", + "description": "Grants permission to view details of an id mapping table", + "privilege": "GetIdMappingTable", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "MLInputChannel*" + "resource_type": "idmappingtable*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "membership*" } ] }, { "access_level": "Read", - "description": "Grants permission to return information about a trained model", - "privilege": "GetTrainedModel", + "description": "Grants permission to view details of an id namespace association", + "privilege": "GetIdNamespaceAssociation", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "TrainedModel*" + "dependent_actions": [ + "entityresolution:GetIdNamespace" + ], + "resource_type": "idnamespaceassociation*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "membership*" } ] }, { "access_level": "Read", - "description": "Grants permission to return information about a trained model inference job", - "privilege": "GetTrainedModelInferenceJob", + "description": "Grants permission to view details about a membership", + "privilege": "GetMembership", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "TrainedModelInferenceJob*" - }, + "resource_type": "membership*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to view details for a privacy budget template", + "privilege": "GetPrivacyBudgetTemplate", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "privacybudgettemplate*" } ] }, { "access_level": "Read", - "description": "Grants permission to return information about a training dataset", - "privilege": "GetTrainingDataset", + "description": "Grants permission to view a protected job", + "privilege": "GetProtectedJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "trainingdataset*" - }, + "resource_type": "membership*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to view a protected query", + "privilege": "GetProtectedQuery", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "membership*" } ] }, { - "access_level": "List", - "description": "Grants permission to return a list of the audience export jobs", - "privilege": "ListAudienceExportJobs", + "access_level": "Read", + "description": "Grants permission to view details for a schema", + "privilege": "GetSchema", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "audiencegenerationjob" + "resource_type": "collaboration*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configuredtableassociation*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to view analysis rules associated with a schema", + "privilege": "GetSchemaAnalysisRule", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "cleanrooms:GetSchema" ], + "resource_type": "collaboration*" + }, + { + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "configuredtableassociation*" } ] }, { "access_level": "List", - "description": "Grants permission to return a list of audience generation jobs", - "privilege": "ListAudienceGenerationJobs", + "description": "Grants permission to list available analysis templates", + "privilege": "ListAnalysisTemplates", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuredaudiencemodel" + "resource_type": "analysistemplate*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "membership*" } ] }, { "access_level": "List", - "description": "Grants permission to return a list of audience models", - "privilege": "ListAudienceModels", + "description": "Grants permission to list available analysis templates within a collaboration", + "privilege": "ListCollaborationAnalysisTemplates", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "collaboration*" } ] }, { "access_level": "List", - "description": "Grants permission to return a list of configured model algorithms created by any member in the collaboration", - "privilege": "ListCollaborationConfiguredModelAlgorithmAssociations", + "description": "Grants permission to list change requests in a collaboration", + "privilege": "ListCollaborationChangeRequests", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "cleanrooms-ml:CollaborationId" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "collaboration*" } ] }, { "access_level": "List", - "description": "Grants permission to return a list of ML input channels created by any member in the collaboration", - "privilege": "ListCollaborationMLInputChannels", + "description": "Grants permission to list available configured audience model association within a collaboration", + "privilege": "ListCollaborationConfiguredAudienceModelAssociations", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "cleanrooms-ml:CollaborationId" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "collaboration*" } ] }, { "access_level": "List", - "description": "Grants permission to return a list of trained model export jobs started by any member in the collaboration", - "privilege": "ListCollaborationTrainedModelExportJobs", + "description": "Grants permission to list id namespace within a collaboration", + "privilege": "ListCollaborationIdNamespaceAssociations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "TrainedModel*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "cleanrooms-ml:CollaborationId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "collaboration*" } ] }, { "access_level": "List", - "description": "Grants permission to return a list of trained model inference jobs started by any member in the collaboration", - "privilege": "ListCollaborationTrainedModelInferenceJobs", + "description": "Grants permission to list available privacy budget templates within a collaboration", + "privilege": "ListCollaborationPrivacyBudgetTemplates", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "cleanrooms-ml:CollaborationId" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "collaboration*" } ] }, { "access_level": "List", - "description": "Grants permission to return a list of trained models created by any member in the collaboration", - "privilege": "ListCollaborationTrainedModels", + "description": "Grants permission to list privacy budgets within a collaboration", + "privilege": "ListCollaborationPrivacyBudgets", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "cleanrooms-ml:CollaborationId" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "collaboration*" } ] }, { "access_level": "List", - "description": "Grants permission to return a list of configured audience models", - "privilege": "ListConfiguredAudienceModels", + "description": "Grants permission to list available collaborations", + "privilege": "ListCollaborations", "resource_types": [ { "condition_keys": [], @@ -42236,44 +45591,45 @@ }, { "access_level": "List", - "description": "Grants permission to return a list of configured model algorithm associations", - "privilege": "ListConfiguredModelAlgorithmAssociations", + "description": "Grants permission to list available configured audience model associations for a membership", + "privilege": "ListConfiguredAudienceModelAssociations", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "configuredaudiencemodelassociation*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "membership*" } ] }, { "access_level": "List", - "description": "Grants permission to return a list of configured model algorithms", - "privilege": "ListConfiguredModelAlgorithms", + "description": "Grants permission to list available configured table associations for a membership", + "privilege": "ListConfiguredTableAssociations", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "configuredtableassociation*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "membership*" } ] }, { "access_level": "List", - "description": "Grants permission to return a list of ML input channels", - "privilege": "ListMLInputChannels", + "description": "Grants permission to list available configured tables", + "privilege": "ListConfiguredTables", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -42281,49 +45637,57 @@ }, { "access_level": "List", - "description": "Grants permission to return a list of tags for a provided resource", - "privilege": "ListTagsForResource", + "description": "Grants permission to list available id mapping tables for a membership", + "privilege": "ListIdMappingTables", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "audiencegenerationjob" + "resource_type": "idmappingtable*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "audiencemodel" - }, + "resource_type": "membership*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list entity resolution data associations for a membership", + "privilege": "ListIdNamespaceAssociations", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuredaudiencemodel" + "resource_type": "idnamespaceassociation*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "trainingdataset" - }, + "resource_type": "membership*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the members of a collaboration", + "privilege": "ListMembers", + "resource_types": [ { - "condition_keys": [ - "aws:TagKeys", - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "collaboration*" } ] }, { "access_level": "List", - "description": "Grants permission to return a list of trained model inference jobs", - "privilege": "ListTrainedModelInferenceJobs", + "description": "Grants permission to list available memberships", + "privilege": "ListMemberships", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -42331,204 +45695,278 @@ }, { "access_level": "List", - "description": "Grants permission to return a list of trained models", - "privilege": "ListTrainedModels", + "description": "Grants permission to list available privacy budget templates", + "privilege": "ListPrivacyBudgetTemplates", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "membership*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "privacybudgettemplate*" } ] }, { "access_level": "List", - "description": "Grants permission to return a list of training datasets", - "privilege": "ListTrainingDatasets", + "description": "Grants permission to list available privacy budgets", + "privilege": "ListPrivacyBudgets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "membership*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to create or update the resource policy for a configured audience model", - "privilege": "PutConfiguredAudienceModelPolicy", + "access_level": "List", + "description": "Grants permission to list protected jobs", + "privilege": "ListProtectedJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuredaudiencemodel*" + "resource_type": "membership*" } ] }, { - "access_level": "Write", - "description": "Grants permission to put an ML configuration", - "privilege": "PutMLConfiguration", + "access_level": "List", + "description": "Grants permission to list protected queries", + "privilege": "ListProtectedQueries", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "membership*" } ] }, { - "access_level": "Write", - "description": "Grants permission to export an audience of a specified size after you have generated an audience", - "privilege": "StartAudienceExportJob", + "access_level": "List", + "description": "Grants permission to view available schemas for a collaboration", + "privilege": "ListSchemas", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "audiencegenerationjob*" + "resource_type": "collaboration*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list tags for a resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "analysistemplate" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "collaboration" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configuredaudiencemodelassociation" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configuredtable" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configuredtableassociation" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "membership" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "privacybudgettemplate" } ] }, { - "access_level": "Write", - "description": "Grants permission to start the audience generation job", - "privilege": "StartAudienceGenerationJob", + "access_level": "Read", + "description": "Grants permission to access a collaboration in the context of Clean Rooms ML custom models", + "privilege": "PassCollaboration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuredaudiencemodel*" - }, + "resource_type": "collaboration*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to access a membership in the context of Clean Rooms ML custom models", + "privilege": "PassMembership", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "cleanrooms-ml:CollaborationId" + "condition_keys": [], + "dependent_actions": [], + "resource_type": "membership*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start an Id Mapping Job in AWS Entity Resolution to generate id mapping results in cleanrooms collaboration.", + "privilege": "PopulateIdMappingTable", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "entityresolution:GetIdMappingWorkflow" ], + "resource_type": "idmappingtable*" + }, + { + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "membership*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to preview privacy budget template settings", + "privilege": "PreviewPrivacyImpact", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "membership*" } ] }, { "access_level": "Write", - "description": "Grants permission to start a trained model export job", - "privilege": "StartTrainedModelExportJob", + "description": "Grants permission to start protected jobs", + "privilege": "StartProtectedJob", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "cleanrooms:GetCollaborationAnalysisTemplate", + "cleanrooms:GetSchema" + ], + "resource_type": "membership*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "TrainedModel*" + "resource_type": "analysistemplate" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "configuredtableassociation" } ] }, { "access_level": "Write", - "description": "Grants permission to start a trained model inference job", - "privilege": "StartTrainedModelInferenceJob", + "description": "Grants permission to start protected queries", + "privilege": "StartProtectedQuery", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "ConfiguredModelAlgorithmAssociation*" + "dependent_actions": [ + "cleanrooms:GetCollaborationAnalysisTemplate", + "cleanrooms:GetSchema", + "s3:GetBucketLocation", + "s3:ListBucket", + "s3:PutObject" + ], + "resource_type": "membership*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "MLInputChannel*" + "resource_type": "analysistemplate" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "TrainedModel*" + "resource_type": "configuredtableassociation" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "idmappingtable" } ] }, { "access_level": "Tagging", - "description": "Grants permission to tag a specific resource", + "description": "Grants permission to tag a resource", "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfiguredModelAlgorithm" + "resource_type": "analysistemplate" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfiguredModelAlgorithmAssociation" + "resource_type": "collaboration" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "MLInputChannel" + "resource_type": "configuredaudiencemodelassociation" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "TrainedModel" + "resource_type": "configuredtable" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "TrainedModelInferenceJob" + "resource_type": "configuredtableassociation" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "audiencegenerationjob" + "resource_type": "idmappingtable" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "audiencemodel" + "resource_type": "idnamespaceassociation" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuredaudiencemodel" + "resource_type": "membership" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "trainingdataset" + "resource_type": "privacybudgettemplate" }, { "condition_keys": [ "aws:TagKeys", - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -42537,58 +45975,57 @@ }, { "access_level": "Tagging", - "description": "Grants permission to untag a specific resource", - "privilege": "UnTagResource", + "description": "Grants permission to untag a resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfiguredModelAlgorithm" + "resource_type": "analysistemplate" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfiguredModelAlgorithmAssociation" + "resource_type": "collaboration" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "MLInputChannel" + "resource_type": "configuredaudiencemodelassociation" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "TrainedModel" + "resource_type": "configuredtable" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "TrainedModelInferenceJob" + "resource_type": "configuredtableassociation" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "audiencegenerationjob" + "resource_type": "idmappingtable" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "audiencemodel" + "resource_type": "idnamespaceassociation" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuredaudiencemodel" + "resource_type": "membership" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "trainingdataset" + "resource_type": "privacybudgettemplate" }, { "condition_keys": [ - "aws:TagKeys", - "aws:ResourceTag/${TagKey}" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -42597,96 +46034,289 @@ }, { "access_level": "Write", - "description": "Grants permission to update a configured audience model.", - "privilege": "UpdateConfiguredAudienceModel", + "description": "Grants permission to update details of the analysis template", + "privilege": "UpdateAnalysisTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuredaudiencemodel*" - }, + "resource_type": "analysistemplate*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update details of the collaboration", + "privilege": "UpdateCollaboration", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "audiencemodel" - }, + "resource_type": "collaboration*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a configured audience model association", + "privilege": "UpdateConfiguredAudienceModelAssociation", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "configuredaudiencemodelassociation*" } ] - } - ], - "resources": [ + }, { - "arn": "arn:${Partition}:cleanrooms-ml:${Region}:${Account}:training-dataset/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "trainingdataset" + "access_level": "Write", + "description": "Grants permission to update an existing configured table", + "privilege": "UpdateConfiguredTable", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "athena:GetTableMetadata", + "cleanrooms:UpdateConfiguredTableAllowedColumns", + "cleanrooms:UpdateConfiguredTableReference", + "glue:BatchGetPartition", + "glue:GetDatabase", + "glue:GetDatabases", + "glue:GetPartition", + "glue:GetPartitions", + "glue:GetSchemaVersion", + "glue:GetTable", + "glue:GetTables" + ], + "resource_type": "configuredtable*" + } + ] }, { - "arn": "arn:${Partition}:cleanrooms-ml:${Region}:${Account}:audience-model/${ResourceId}", + "access_level": "Write", + "description": "Grants permission to update the allowed columns of an existing configured table", + "privilege": "UpdateConfiguredTableAllowedColumns", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configuredtable*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update analysis rules for a configured table", + "privilege": "UpdateConfiguredTableAnalysisRule", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configuredtable*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a configured table association", + "privilege": "UpdateConfiguredTableAssociation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "configuredtableassociation*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update analysis rules for a configured table association", + "privilege": "UpdateConfiguredTableAssociationAnalysisRule", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configuredtableassociation*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the table reference of an existing configured table", + "privilege": "UpdateConfiguredTableReference", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configuredtable*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update an id mapping table", + "privilege": "UpdateIdMappingTable", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "idmappingtable*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "membership*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a entity resolution input association", + "privilege": "UpdateIdNamespaceAssociation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "entityresolution:GetIdNamespace" + ], + "resource_type": "idnamespaceassociation*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "membership*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update details of a membership", + "privilege": "UpdateMembership", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iam:PassRole", + "logs:CreateLogDelivery", + "logs:CreateLogGroup", + "logs:DeleteLogDelivery", + "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", + "logs:GetLogDelivery", + "logs:ListLogDeliveries", + "logs:PutResourcePolicy", + "logs:UpdateLogDelivery", + "s3:GetBucketLocation" + ], + "resource_type": "membership*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update details of the privacy budget template", + "privilege": "UpdatePrivacyBudgetTemplate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "privacybudgettemplate*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update protected jobs", + "privilege": "UpdateProtectedJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "membership*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update protected queries", + "privilege": "UpdateProtectedQuery", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "membership*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:cleanrooms:${Region}:${Account}:membership/${MembershipId}/analysistemplate/${AnalysisTemplateId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "audiencemodel" + "resource": "analysistemplate" }, { - "arn": "arn:${Partition}:cleanrooms-ml:${Region}:${Account}:configured-audience-model/${ResourceId}", + "arn": "arn:${Partition}:cleanrooms:${Region}:${Account}:collaboration/${CollaborationId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "configuredaudiencemodel" + "resource": "collaboration" }, { - "arn": "arn:${Partition}:cleanrooms-ml:${Region}:${Account}:audience-generation-job/${ResourceId}", + "arn": "arn:${Partition}:cleanrooms:${Region}:${Account}:membership/${MembershipId}/configuredaudiencemodelassociation/${ConfiguredAudienceModelAssociationId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "audiencegenerationjob" + "resource": "configuredaudiencemodelassociation" }, { - "arn": "arn:${Partition}:cleanrooms-ml:${Region}:${Account}:configured-model-algorithm/${ResourceId}", + "arn": "arn:${Partition}:cleanrooms:${Region}:${Account}:configuredtable/${ConfiguredTableId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "ConfiguredModelAlgorithm" + "resource": "configuredtable" }, { - "arn": "arn:${Partition}:cleanrooms-ml:${Region}:${Account}:membership/${MembershipId}/configured-model-algorithm-association/${ResourceId}", + "arn": "arn:${Partition}:cleanrooms:${Region}:${Account}:membership/${MembershipId}/configuredtableassociation/${ConfiguredTableAssociationId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "ConfiguredModelAlgorithmAssociation" + "resource": "configuredtableassociation" }, { - "arn": "arn:${Partition}:cleanrooms-ml:${Region}:${Account}:membership/${MembershipId}/ml-input-channel/${ResourceId}", + "arn": "arn:${Partition}:cleanrooms:${Region}:${Account}:membership/${MembershipId}/idmappingtable/${IdMappingTableId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "MLInputChannel" + "resource": "idmappingtable" }, { - "arn": "arn:${Partition}:cleanrooms-ml:${Region}:${Account}:membership/${MembershipId}/trained-model/${ResourceId}", + "arn": "arn:${Partition}:cleanrooms:${Region}:${Account}:membership/${MembershipId}/idnamespaceassociation/${IdNamespaceAssociationId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "TrainedModel" + "resource": "idnamespaceassociation" }, { - "arn": "arn:${Partition}:cleanrooms-ml:${Region}:${Account}:membership/${MembershipId}/trained-model-inference-job/${ResourceId}", + "arn": "arn:${Partition}:cleanrooms:${Region}:${Account}:membership/${MembershipId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "TrainedModelInferenceJob" + "resource": "membership" + }, + { + "arn": "arn:${Partition}:cleanrooms:${Region}:${Account}:membership/${MembershipId}/privacybudgettemplate/${PrivacyBudgetTemplateId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "privacybudgettemplate" } ], - "service_name": "AWS Clean Rooms ML" + "service_name": "AWS Clean Rooms" }, { "conditions": [ @@ -42706,94 +46336,47 @@ "type": "ArrayOfString" }, { - "condition": "cloud9:EnvironmentId", - "description": "Filters access by the AWS Cloud9 environment ID", - "type": "String" - }, - { - "condition": "cloud9:EnvironmentName", - "description": "Filters access by the AWS Cloud9 environment name", - "type": "String" - }, - { - "condition": "cloud9:InstanceType", - "description": "Filters access by the instance type of the AWS Cloud9 environment's Amazon EC2 instance", - "type": "String" - }, - { - "condition": "cloud9:OwnerArn", - "description": "Filters access by the owner ARN specified", - "type": "ARN" - }, - { - "condition": "cloud9:Permissions", - "description": "Filters access by the type of AWS Cloud9 permissions", - "type": "String" - }, - { - "condition": "cloud9:SubnetId", - "description": "Filters access by the subnet ID that the AWS Cloud9 environment will be created in", + "condition": "cleanrooms-ml:CollaborationId", + "description": "Filters access by Clean rooms collaboration id", "type": "String" - }, - { - "condition": "cloud9:UserArn", - "description": "Filters access by the user ARN specified", - "type": "ARN" } ], - "prefix": "cloud9", + "prefix": "cleanrooms-ml", "privileges": [ { "access_level": "Write", - "description": "Grants permission to start the Amazon EC2 instance that your AWS Cloud9 IDE connects to", - "privilege": "ActivateEC2Remote", + "description": "Grants permission to cancel a trained model", + "privilege": "CancelTrainedModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create an AWS Cloud9 development environment, launches an Amazon Elastic Compute Cloud (Amazon EC2) instance, and then hosts the environment on the instance", - "privilege": "CreateEnvironmentEC2", - "resource_types": [ + "resource_type": "TrainedModel*" + }, { "condition_keys": [ - "cloud9:EnvironmentName", - "cloud9:InstanceType", - "cloud9:SubnetId", - "cloud9:UserArn", - "cloud9:OwnerArn", "aws:RequestTag/${TagKey}", "aws:TagKeys" ], - "dependent_actions": [ - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "iam:CreateServiceLinkedRole" - ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to add an environment member to an AWS Cloud9 development environment", - "privilege": "CreateEnvironmentMembership", + "description": "Grants permission to cancel a trained model inference job", + "privilege": "CancelTrainedModelInferenceJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "TrainedModelInferenceJob*" }, { "condition_keys": [ - "cloud9:UserArn", - "cloud9:EnvironmentId", - "cloud9:Permissions" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -42802,13 +46385,16 @@ }, { "access_level": "Write", - "description": "Grants permission to create an AWS Cloud9 SSH development environment", - "privilege": "CreateEnvironmentSSH", + "description": "Grants permission to create an audience model", + "privilege": "CreateAudienceModel", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "trainingdataset*" + }, { "condition_keys": [ - "cloud9:EnvironmentName", - "cloud9:OwnerArn", "aws:RequestTag/${TagKey}", "aws:TagKeys" ], @@ -42818,69 +46404,94 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to create an authentication token that allows a connection between the AWS Cloud9 IDE and the user's environment", - "privilege": "CreateEnvironmentToken", + "access_level": "Write", + "description": "Grants permission to create a configured audience model", + "privilege": "CreateConfiguredAudienceModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "audiencemodel*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an AWS Cloud9 development environment. If the environment is hosted on an Amazon Elastic Compute Cloud (Amazon EC2) instance, also terminates the instance", - "privilege": "DeleteEnvironment", + "description": "Grants permission to create a configured model algorithm", + "privilege": "CreateConfiguredModelAlgorithm", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [ - "iam:CreateServiceLinkedRole" + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], - "resource_type": "environment*" + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an environment member from an AWS Cloud9 development environment", - "privilege": "DeleteEnvironmentMembership", + "description": "Grants permission to create a configured model algorithm association", + "privilege": "CreateConfiguredModelAlgorithmAssociation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "ConfiguredModelAlgorithm*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details about the connection to the EC2 development environment, including host, user, and port", - "privilege": "DescribeEC2Remote", + "access_level": "Write", + "description": "Grants permission to create an ML input channel", + "privilege": "CreateMLInputChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "ConfiguredModelAlgorithmAssociation*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about environment members for an AWS Cloud9 development environment", - "privilege": "DescribeEnvironmentMemberships", + "access_level": "Write", + "description": "Grants permission to create a trained model", + "privilege": "CreateTrainedModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "ConfiguredModelAlgorithmAssociation*" }, { "condition_keys": [ - "cloud9:UserArn", - "cloud9:EnvironmentId" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -42888,97 +46499,149 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get status information for an AWS Cloud9 development environment", - "privilege": "DescribeEnvironmentStatus", + "access_level": "Write", + "description": "Grants permission to create a training dataset, or seed audience. In Clean Rooms ML, the TrainingDataset is metadata that points to a Glue table, which is read only during AudienceModel creation", + "privilege": "CreateTrainingDataset", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about AWS Cloud9 development environments", - "privilege": "DescribeEnvironments", + "access_level": "Write", + "description": "Grants permission to delete the specified audience generation job, and removes all data associated with the job", + "privilege": "DeleteAudienceGenerationJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "audiencegenerationjob*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details about the connection to the SSH development environment, including host, user, and port", - "privilege": "DescribeSSHRemote", + "access_level": "Write", + "description": "Grants permission to delete the specified audience generation job, and removes all data associated with the job", + "privilege": "DeleteAudienceModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "audiencemodel*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get configuration information that's used to initialize the AWS Cloud9 IDE", - "privilege": "GetEnvironmentConfig", + "access_level": "Write", + "description": "Grants permission to delete the specified configured audience model", + "privilege": "DeleteConfiguredAudienceModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "configuredaudiencemodel*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the AWS Cloud9 IDE settings for a specified development environment", - "privilege": "GetEnvironmentSettings", + "access_level": "Write", + "description": "Grants permission to delete the specified configured audience model policy", + "privilege": "DeleteConfiguredAudienceModelPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "configuredaudiencemodel*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the AWS Cloud9 IDE settings for a specified environment member", - "privilege": "GetMembershipSettings", + "access_level": "Write", + "description": "Grants permission to delete a configured model algorithm", + "privilege": "DeleteConfiguredModelAlgorithm", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "ConfiguredModelAlgorithm*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the migration experience for a cloud9 user", - "privilege": "GetMigrationExperiences", + "access_level": "Write", + "description": "Grants permission to delete a configured model algorithm association", + "privilege": "DeleteConfiguredModelAlgorithmAssociation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "ConfiguredModelAlgorithmAssociation*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the user's public SSH key, which is used by AWS Cloud9 to connect to SSH development environments", - "privilege": "GetUserPublicKey", + "access_level": "Write", + "description": "Grants permission to delete an ML configuration", + "privilege": "DeleteMLConfiguration", "resource_types": [ { "condition_keys": [ - "cloud9:UserArn" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -42986,62 +46649,94 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get the AWS Cloud9 IDE settings for a specified user", - "privilege": "GetUserSettings", + "access_level": "Write", + "description": "Grants permission to delete all data associated with the ML input channel", + "privilege": "DeleteMLInputChannelData", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "MLInputChannel*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a list of AWS Cloud9 development environment identifiers", - "privilege": "ListEnvironments", + "access_level": "Write", + "description": "Grants permission to delete all output associated with the trained model", + "privilege": "DeleteTrainedModelOutput", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "TrainedModel*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list tags for a cloud9 environment", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to delete a training dataset", + "privilege": "DeleteTrainingDataset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "trainingdataset*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to set AWS managed temporary credentials on the Amazon EC2 instance that's used by the AWS Cloud9 integrated development environment (IDE)", - "privilege": "ModifyTemporaryCredentialsOnEnvironmentEC2", + "access_level": "Read", + "description": "Grants permission to return information about an audience generation job", + "privilege": "GetAudienceGenerationJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "audiencegenerationjob*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add tags to a cloud9 environment", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to return information about an audience model", + "privilege": "GetAudienceModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "audiencemodel*" }, { "condition_keys": [ @@ -43054,18 +46749,20 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from a cloud9 environment", - "privilege": "UntagResource", + "access_level": "Read", + "description": "Grants permission to return information about a configured model algorithm association created by any member in the collaboration", + "privilege": "GetCollaborationConfiguredModelAlgorithmAssociation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "ConfiguredModelAlgorithmAssociation*" }, { "condition_keys": [ - "aws:TagKeys" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "cleanrooms-ml:CollaborationId" ], "dependent_actions": [], "resource_type": "" @@ -43073,32 +46770,41 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to change the settings of an existing AWS Cloud9 development environment", - "privilege": "UpdateEnvironment", + "access_level": "Read", + "description": "Grants permission to return information about an ML input channel created by any member in the collaboration", + "privilege": "GetCollaborationMLInputChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "MLInputChannel*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "cleanrooms-ml:CollaborationId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to change the settings of an existing environment member for an AWS Cloud9 development environment", - "privilege": "UpdateEnvironmentMembership", + "access_level": "Read", + "description": "Grants permission to return information about a trained model created by any member in the collaboration", + "privilege": "GetCollaborationTrainedModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "TrainedModel*" }, { "condition_keys": [ - "cloud9:UserArn", - "cloud9:EnvironmentId", - "cloud9:Permissions" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "cleanrooms-ml:CollaborationId" ], "dependent_actions": [], "resource_type": "" @@ -43106,239 +46812,321 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update the AWS Cloud9 IDE settings for a specified development environment", - "privilege": "UpdateEnvironmentSettings", + "access_level": "Read", + "description": "Grants permission to return information about a configured audience model", + "privilege": "GetConfiguredAudienceModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "configuredaudiencemodel*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the AWS Cloud9 IDE settings for a specified environment member", - "privilege": "UpdateMembershipSettings", + "access_level": "Read", + "description": "Grants permission to return information about a configured audience model policy", + "privilege": "GetConfiguredAudienceModelPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "configuredaudiencemodel*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update details about the connection to the SSH development environment, including host, user, and port", - "privilege": "UpdateSSHRemote", + "access_level": "Read", + "description": "Grants permission to return information about a configured model algorithm", + "privilege": "GetConfiguredModelAlgorithm", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "ConfiguredModelAlgorithm*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update IDE-specific settings of an AWS Cloud9 user", - "privilege": "UpdateUserSettings", + "access_level": "Read", + "description": "Grants permission to return information about a configured model algorithm association", + "privilege": "GetConfiguredModelAlgorithmAssociation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "ConfiguredModelAlgorithmAssociation*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to validate the environment name during the process of creating an AWS Cloud9 development environment", - "privilege": "ValidateEnvironmentName", + "description": "Grants permission to return information about an ML configuration", + "privilege": "GetMLConfiguration", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:cloud9:${Region}:${Account}:environment:${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "environment" - } - ], - "service_name": "AWS Cloud9" - }, - { - "conditions": [], - "prefix": "clouddirectory", - "privileges": [ + }, { - "access_level": "Write", - "description": "Grants permission to add a new Facet to an object", - "privilege": "AddFacetToObject", + "access_level": "Read", + "description": "Grants permission to return information about an ML input channel", + "privilege": "GetMLInputChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "MLInputChannel*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to copy input published schema into Directory with same name and version as that of published schema", - "privilege": "ApplySchema", + "access_level": "Read", + "description": "Grants permission to return information about a trained model", + "privilege": "GetTrainedModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "TrainedModel*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "publishedSchema*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to attach an existing object to another existing object", - "privilege": "AttachObject", + "access_level": "Read", + "description": "Grants permission to return information about a trained model inference job", + "privilege": "GetTrainedModelInferenceJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "TrainedModelInferenceJob*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to attach a policy object to any other object", - "privilege": "AttachPolicy", + "access_level": "Read", + "description": "Grants permission to return information about a training dataset", + "privilege": "GetTrainingDataset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "trainingdataset*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to attach the specified object to the specified index", - "privilege": "AttachToIndex", + "access_level": "List", + "description": "Grants permission to return a list of the audience export jobs", + "privilege": "ListAudienceExportJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "audiencegenerationjob" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to attach a typed link b/w a source & target object reference", - "privilege": "AttachTypedLink", + "access_level": "List", + "description": "Grants permission to return a list of audience generation jobs", + "privilege": "ListAudienceGenerationJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "configuredaudiencemodel" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to perform all the read operations in a batch. Each individual operation inside BatchRead needs to be granted permissions explicitly", - "privilege": "BatchRead", + "access_level": "List", + "description": "Grants permission to return a list of audience models", + "privilege": "ListAudienceModels", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to perform all the write operations in a batch. Each individual operation inside BatchWrite needs to be granted permissions explicitly", - "privilege": "BatchWrite", + "access_level": "List", + "description": "Grants permission to return a list of configured model algorithms created by any member in the collaboration", + "privilege": "ListCollaborationConfiguredModelAlgorithmAssociations", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "cleanrooms-ml:CollaborationId" + ], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a Directory by copying the published schema into the directory", - "privilege": "CreateDirectory", + "access_level": "List", + "description": "Grants permission to return a list of ML input channels created by any member in the collaboration", + "privilege": "ListCollaborationMLInputChannels", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "cleanrooms-ml:CollaborationId" + ], "dependent_actions": [], - "resource_type": "publishedSchema*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new Facet in a schema", - "privilege": "CreateFacet", + "access_level": "List", + "description": "Grants permission to return a list of trained model export jobs started by any member in the collaboration", + "privilege": "ListCollaborationTrainedModelExportJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "appliedSchema*" + "resource_type": "TrainedModel*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "cleanrooms-ml:CollaborationId" + ], "dependent_actions": [], - "resource_type": "developmentSchema*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an index object", - "privilege": "CreateIndex", + "access_level": "List", + "description": "Grants permission to return a list of trained model inference jobs started by any member in the collaboration", + "privilege": "ListCollaborationTrainedModelInferenceJobs", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "cleanrooms-ml:CollaborationId" + ], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an object in a Directory", - "privilege": "CreateObject", + "access_level": "List", + "description": "Grants permission to return a list of trained models created by any member in the collaboration", + "privilege": "ListCollaborationTrainedModels", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "cleanrooms-ml:CollaborationId" + ], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new schema in a development state", - "privilege": "CreateSchema", + "access_level": "List", + "description": "Grants permission to return a list of configured audience models", + "privilege": "ListConfiguredAudienceModels", "resource_types": [ { "condition_keys": [], @@ -43348,593 +47136,795 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a new Typed Link facet in a schema", - "privilege": "CreateTypedLinkFacet", + "access_level": "List", + "description": "Grants permission to return a list of configured model algorithm associations", + "privilege": "ListConfiguredModelAlgorithmAssociations", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "appliedSchema*" - }, - { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "developmentSchema*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a directory. Only disabled directories can be deleted", - "privilege": "DeleteDirectory", + "access_level": "List", + "description": "Grants permission to return a list of configured model algorithms", + "privilege": "ListConfiguredModelAlgorithms", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a given Facet. All attributes and Rules associated with the facet will be deleted", - "privilege": "DeleteFacet", + "access_level": "List", + "description": "Grants permission to return a list of ML input channels", + "privilege": "ListMLInputChannels", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "developmentSchema*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an object and its associated attributes", - "privilege": "DeleteObject", + "access_level": "List", + "description": "Grants permission to return a list of tags for a provided resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a given schema", - "privilege": "DeleteSchema", - "resource_types": [ + "resource_type": "audiencegenerationjob" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "developmentSchema*" + "resource_type": "audiencemodel" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "publishedSchema*" + "resource_type": "configuredaudiencemodel" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "trainingdataset" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a given TypedLink Facet. All attributes and Rules associated with the facet will be deleted", - "privilege": "DeleteTypedLinkFacet", + "access_level": "List", + "description": "Grants permission to return a list of trained model inference jobs", + "privilege": "ListTrainedModelInferenceJobs", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "developmentSchema*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to detach the specified object from the specified index", - "privilege": "DetachFromIndex", + "access_level": "List", + "description": "Grants permission to return a list of trained model versions", + "privilege": "ListTrainedModelVersions", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to detach a given object from the parent object", - "privilege": "DetachObject", + "access_level": "List", + "description": "Grants permission to return a list of trained models", + "privilege": "ListTrainedModels", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to detach a policy from an object", - "privilege": "DetachPolicy", + "access_level": "List", + "description": "Grants permission to return a list of training datasets", + "privilege": "ListTrainingDatasets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to detach a given typed link b/w given source and target object reference", - "privilege": "DetachTypedLink", + "access_level": "Permissions management", + "description": "Grants permission to create or update the resource policy for a configured audience model", + "privilege": "PutConfiguredAudienceModelPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "configuredaudiencemodel*" } ] }, { "access_level": "Write", - "description": "Grants permission to disable the specified directory", - "privilege": "DisableDirectory", + "description": "Grants permission to put an ML configuration", + "privilege": "PutMLConfiguration", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to enable the specified directory", - "privilege": "EnableDirectory", + "description": "Grants permission to export an audience of a specified size after you have generated an audience", + "privilege": "StartAudienceExportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "audiencegenerationjob*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return current applied schema version ARN, including the minor version in use", - "privilege": "GetAppliedSchemaVersion", + "access_level": "Write", + "description": "Grants permission to start the audience generation job", + "privilege": "StartAudienceGenerationJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "appliedSchema*" + "resource_type": "configuredaudiencemodel*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "cleanrooms-ml:CollaborationId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve metadata about a directory", - "privilege": "GetDirectory", + "access_level": "Write", + "description": "Grants permission to start a trained model export job", + "privilege": "StartTrainedModelExportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "TrainedModel*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details of the Facet, such as Facet Name, Attributes, Rules, or ObjectType", - "privilege": "GetFacet", + "access_level": "Write", + "description": "Grants permission to start a trained model inference job", + "privilege": "StartTrainedModelInferenceJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "appliedSchema*" + "resource_type": "ConfiguredModelAlgorithmAssociation*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "developmentSchema*" + "resource_type": "MLInputChannel*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "publishedSchema*" + "resource_type": "TrainedModel*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve attributes that are associated with a typed link", - "privilege": "GetLinkAttributes", + "access_level": "Tagging", + "description": "Grants permission to tag a specific resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve attributes within a facet that are associated with an object", - "privilege": "GetObjectAttributes", - "resource_types": [ + "resource_type": "ConfiguredModelAlgorithm" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve metadata about an object", - "privilege": "GetObjectInformation", - "resource_types": [ + "resource_type": "ConfiguredModelAlgorithmAssociation" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve a JSON representation of the schema", - "privilege": "GetSchemaAsJson", - "resource_types": [ + "resource_type": "MLInputChannel" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "appliedSchema*" + "resource_type": "TrainedModel" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "developmentSchema*" + "resource_type": "TrainedModelInferenceJob" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "publishedSchema*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to return identity attributes order information associated with a given typed link facet", - "privilege": "GetTypedLinkFacetInformation", - "resource_types": [ + "resource_type": "audiencegenerationjob" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "appliedSchema*" + "resource_type": "audiencemodel" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "developmentSchema*" + "resource_type": "configuredaudiencemodel" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "publishedSchema*" + "resource_type": "trainingdataset" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list schemas applied to a directory", - "privilege": "ListAppliedSchemaArns", + "access_level": "Tagging", + "description": "Grants permission to untag a specific resource", + "privilege": "UnTagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list indices attached to an object", - "privilege": "ListAttachedIndices", - "resource_types": [ + "resource_type": "ConfiguredModelAlgorithm" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to retrieve the ARNs of schemas in the development state", - "privilege": "ListDevelopmentSchemaArns", - "resource_types": [ + "resource_type": "ConfiguredModelAlgorithmAssociation" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list directories created within an account", - "privilege": "ListDirectories", - "resource_types": [ + "resource_type": "MLInputChannel" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve attributes attached to the facet", - "privilege": "ListFacetAttributes", - "resource_types": [ + "resource_type": "TrainedModel" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "appliedSchema*" + "resource_type": "TrainedModelInferenceJob" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "developmentSchema*" + "resource_type": "audiencegenerationjob" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "publishedSchema*" + "resource_type": "audiencemodel" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configuredaudiencemodel" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "trainingdataset" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the names of facets that exist in a schema", - "privilege": "ListFacetNames", + "access_level": "Write", + "description": "Grants permission to update a configured audience model.", + "privilege": "UpdateConfiguredAudienceModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "appliedSchema*" + "resource_type": "configuredaudiencemodel*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "developmentSchema*" + "resource_type": "audiencemodel" }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "publishedSchema*" + "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:cleanrooms-ml:${Region}:${Account}:training-dataset/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "trainingdataset" }, { - "access_level": "Read", - "description": "Grants permission to return a paginated list of all incoming TypedLinks for a given object", - "privilege": "ListIncomingTypedLinks", + "arn": "arn:${Partition}:cleanrooms-ml:${Region}:${Account}:audience-model/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "audiencemodel" + }, + { + "arn": "arn:${Partition}:cleanrooms-ml:${Region}:${Account}:configured-audience-model/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "configuredaudiencemodel" + }, + { + "arn": "arn:${Partition}:cleanrooms-ml:${Region}:${Account}:audience-generation-job/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "audiencegenerationjob" + }, + { + "arn": "arn:${Partition}:cleanrooms-ml:${Region}:${Account}:configured-model-algorithm/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "ConfiguredModelAlgorithm" + }, + { + "arn": "arn:${Partition}:cleanrooms-ml:${Region}:${Account}:membership/${MembershipId}/configured-model-algorithm-association/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "ConfiguredModelAlgorithmAssociation" + }, + { + "arn": "arn:${Partition}:cleanrooms-ml:${Region}:${Account}:membership/${MembershipId}/ml-input-channel/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "MLInputChannel" + }, + { + "arn": "arn:${Partition}:cleanrooms-ml:${Region}:${Account}:membership/${MembershipId}/trained-model/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "TrainedModel" + }, + { + "arn": "arn:${Partition}:cleanrooms-ml:${Region}:${Account}:membership/${MembershipId}/trained-model-inference-job/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "TrainedModelInferenceJob" + } + ], + "service_name": "AWS Clean Rooms ML" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the presence of tag keys in the request", + "type": "ArrayOfString" + }, + { + "condition": "cloud9:EnvironmentId", + "description": "Filters access by the AWS Cloud9 environment ID", + "type": "String" + }, + { + "condition": "cloud9:EnvironmentName", + "description": "Filters access by the AWS Cloud9 environment name", + "type": "String" + }, + { + "condition": "cloud9:InstanceType", + "description": "Filters access by the instance type of the AWS Cloud9 environment's Amazon EC2 instance", + "type": "String" + }, + { + "condition": "cloud9:OwnerArn", + "description": "Filters access by the owner ARN specified", + "type": "ARN" + }, + { + "condition": "cloud9:Permissions", + "description": "Filters access by the type of AWS Cloud9 permissions", + "type": "String" + }, + { + "condition": "cloud9:SubnetId", + "description": "Filters access by the subnet ID that the AWS Cloud9 environment will be created in", + "type": "String" + }, + { + "condition": "cloud9:UserArn", + "description": "Filters access by the user ARN specified", + "type": "ARN" + } + ], + "prefix": "cloud9", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to start the Amazon EC2 instance that your AWS Cloud9 IDE connects to", + "privilege": "ActivateEC2Remote", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "environment*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list objects attached to the specified index", - "privilege": "ListIndex", + "access_level": "Write", + "description": "Grants permission to create an AWS Cloud9 development environment, launches an Amazon Elastic Compute Cloud (Amazon EC2) instance, and then hosts the environment on the instance", + "privilege": "CreateEnvironmentEC2", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "directory*" + "condition_keys": [ + "cloud9:EnvironmentName", + "cloud9:InstanceType", + "cloud9:SubnetId", + "cloud9:UserArn", + "cloud9:OwnerArn", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "iam:CreateServiceLinkedRole" + ], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the major version families of each managed schema. If a major version ARN is provided as SchemaArn, the minor version revisions in that family are listed instead", - "privilege": "ListManagedSchemaArns", + "access_level": "Write", + "description": "Grants permission to add an environment member to an AWS Cloud9 development environment", + "privilege": "CreateEnvironmentMembership", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "environment*" + }, + { + "condition_keys": [ + "cloud9:UserArn", + "cloud9:EnvironmentId", + "cloud9:Permissions" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list all attributes associated with an object", - "privilege": "ListObjectAttributes", + "access_level": "Write", + "description": "Grants permission to create an AWS Cloud9 SSH development environment", + "privilege": "CreateEnvironmentSSH", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "cloud9:EnvironmentName", + "cloud9:OwnerArn", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to return a paginated list of child objects associated with a given object", - "privilege": "ListObjectChildren", + "description": "Grants permission to create an authentication token that allows a connection between the AWS Cloud9 IDE and the user's environment", + "privilege": "CreateEnvironmentToken", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "environment*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve all available parent paths for any object type such as node, leaf node, policy node, and index node objects", - "privilege": "ListObjectParentPaths", + "access_level": "Write", + "description": "Grants permission to delete an AWS Cloud9 development environment. If the environment is hosted on an Amazon Elastic Compute Cloud (Amazon EC2) instance, also terminates the instance", + "privilege": "DeleteEnvironment", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "directory*" + "dependent_actions": [ + "iam:CreateServiceLinkedRole" + ], + "resource_type": "environment*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list parent objects associated with a given object in pagination fashion", - "privilege": "ListObjectParents", + "access_level": "Write", + "description": "Grants permission to delete an environment member from an AWS Cloud9 development environment", + "privilege": "DeleteEnvironmentMembership", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "environment*" + }, + { + "condition_keys": [ + "cloud9:UserArn", + "cloud9:EnvironmentId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to return policies attached to an object in pagination fashion", - "privilege": "ListObjectPolicies", + "description": "Grants permission to get details about the connection to the EC2 development environment, including host, user, and port", + "privilege": "DescribeEC2Remote", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "environment*" } ] }, { "access_level": "Read", - "description": "Grants permission to return a paginated list of all outgoing TypedLinks for a given object", - "privilege": "ListOutgoingTypedLinks", + "description": "Grants permission to get information about environment members for an AWS Cloud9 development environment", + "privilege": "DescribeEnvironmentMemberships", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "environment*" + }, + { + "condition_keys": [ + "cloud9:UserArn", + "cloud9:EnvironmentId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to return all of the ObjectIdentifiers to which a given policy is attached", - "privilege": "ListPolicyAttachments", + "description": "Grants permission to get status information for an AWS Cloud9 development environment", + "privilege": "DescribeEnvironmentStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "environment*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve published schema ARNs", - "privilege": "ListPublishedSchemaArns", + "access_level": "Read", + "description": "Grants permission to get information about AWS Cloud9 development environments", + "privilege": "DescribeEnvironments", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "environment*" } ] }, { "access_level": "Read", - "description": "Grants permission to return tags for a resource", - "privilege": "ListTagsForResource", + "description": "Grants permission to get details about the connection to the SSH development environment, including host, user, and port", + "privilege": "DescribeSSHRemote", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "environment*" } ] }, { "access_level": "Read", - "description": "Grants permission to return a paginated list of attributes associated with typed link facet", - "privilege": "ListTypedLinkFacetAttributes", + "description": "Grants permission to get configuration information that's used to initialize the AWS Cloud9 IDE", + "privilege": "GetEnvironmentConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "appliedSchema*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "developmentSchema*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "publishedSchema*" + "resource_type": "environment*" } ] }, { "access_level": "Read", - "description": "Grants permission to return a paginated list of typed link facet names that exist in a schema", - "privilege": "ListTypedLinkFacetNames", + "description": "Grants permission to get the AWS Cloud9 IDE settings for a specified development environment", + "privilege": "GetEnvironmentSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "appliedSchema*" - }, + "resource_type": "environment*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the AWS Cloud9 IDE settings for a specified environment member", + "privilege": "GetMembershipSettings", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "developmentSchema*" - }, + "resource_type": "environment*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the migration experience for a cloud9 user", + "privilege": "GetMigrationExperiences", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "publishedSchema*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to list all policies from the root of the Directory to the object specified", - "privilege": "LookupPolicy", + "description": "Grants permission to get the user's public SSH key, which is used by AWS Cloud9 to connect to SSH development environments", + "privilege": "GetUserPublicKey", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "cloud9:UserArn" + ], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to publish a development schema with a version", - "privilege": "PublishSchema", + "access_level": "Read", + "description": "Grants permission to get the AWS Cloud9 IDE settings for a specified user", + "privilege": "GetUserSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "developmentSchema*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a schema using JSON upload. Only available for development schemas", - "privilege": "PutSchemaFromJson", + "access_level": "Read", + "description": "Grants permission to get a list of AWS Cloud9 development environment identifiers", + "privilege": "ListEnvironments", "resource_types": [ { "condition_keys": [], @@ -43944,746 +47934,639 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to remove the specified facet from the specified object", - "privilege": "RemoveFacetFromObject", + "access_level": "Read", + "description": "Grants permission to list tags for a cloud9 environment", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "environment*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add tags to a resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to set AWS managed temporary credentials on the Amazon EC2 instance that's used by the AWS Cloud9 integrated development environment (IDE)", + "privilege": "ModifyTemporaryCredentialsOnEnvironmentEC2", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "environment*" } ] }, { "access_level": "Tagging", - "description": "Grants permission to remove tags from a resource", - "privilege": "UntagResource", + "description": "Grants permission to add tags to a cloud9 environment", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "environment*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to add/update/delete existing Attributes, Rules, or ObjectType of a Facet", - "privilege": "UpdateFacet", + "access_level": "Tagging", + "description": "Grants permission to remove tags from a cloud9 environment", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "appliedSchema*" + "resource_type": "environment*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "developmentSchema*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a given typed link's attributes. Attributes to be updated must not contribute to the typed link's identity, as defined by its IdentityAttributeOrder", - "privilege": "UpdateLinkAttributes", + "description": "Grants permission to change the settings of an existing AWS Cloud9 development environment", + "privilege": "UpdateEnvironment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "environment*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a given object's attributes", - "privilege": "UpdateObjectAttributes", + "description": "Grants permission to change the settings of an existing environment member for an AWS Cloud9 development environment", + "privilege": "UpdateEnvironmentMembership", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "environment*" + }, + { + "condition_keys": [ + "cloud9:UserArn", + "cloud9:EnvironmentId", + "cloud9:Permissions" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the schema name with a new name", - "privilege": "UpdateSchema", + "description": "Grants permission to update the AWS Cloud9 IDE settings for a specified development environment", + "privilege": "UpdateEnvironmentSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "developmentSchema*" + "resource_type": "environment*" } ] }, { "access_level": "Write", - "description": "Grants permission to add/update/delete existing Attributes, Rules, identity attribute order of a TypedLink Facet", - "privilege": "UpdateTypedLinkFacet", + "description": "Grants permission to update the AWS Cloud9 IDE settings for a specified environment member", + "privilege": "UpdateMembershipSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "developmentSchema*" + "resource_type": "environment*" } ] }, { "access_level": "Write", - "description": "Grants permission to upgrade a single directory in-place using the PublishedSchemaArn with schema updates found in MinorVersion. Backwards-compatible minor version upgrades are instantaneously available for readers on all objects in the directory", - "privilege": "UpgradeAppliedSchema", + "description": "Grants permission to update details about the connection to the SSH development environment, including host, user, and port", + "privilege": "UpdateSSHRemote", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "publishedSchema*" + "resource_type": "environment*" } ] }, { "access_level": "Write", - "description": "Grants permission to upgrade a published schema under a new minor version revision using the current contents of DevelopmentSchemaArn", - "privilege": "UpgradePublishedSchema", + "description": "Grants permission to update IDE-specific settings of an AWS Cloud9 user", + "privilege": "UpdateUserSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "developmentSchema*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "publishedSchema*" + "resource_type": "" } ] } ], "resources": [ { - "arn": "arn:${Partition}:clouddirectory:${Region}:${Account}:directory/${DirectoryId}/schema/${SchemaName}/${Version}", - "condition_keys": [], - "resource": "appliedSchema" - }, - { - "arn": "arn:${Partition}:clouddirectory:${Region}:${Account}:schema/development/${SchemaName}", - "condition_keys": [], - "resource": "developmentSchema" - }, - { - "arn": "arn:${Partition}:clouddirectory:${Region}:${Account}:directory/${DirectoryId}", - "condition_keys": [], - "resource": "directory" - }, - { - "arn": "arn:${Partition}:clouddirectory:${Region}:${Account}:schema/published/${SchemaName}/${Version}", - "condition_keys": [], - "resource": "publishedSchema" + "arn": "arn:${Partition}:cloud9:${Region}:${Account}:environment:${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "environment" } ], - "service_name": "Amazon Cloud Directory" + "service_name": "AWS Cloud9" }, { "conditions": [], - "prefix": "cloudformation", + "prefix": "clouddirectory", "privileges": [ { "access_level": "Write", - "description": "Grants permission to cancel resource requests in your account", - "privilege": "CancelResourceRequest", + "description": "Grants permission to add a new Facet to an object", + "privilege": "AddFacetToObject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { "access_level": "Write", - "description": "Grants permission to create resources in your account", - "privilege": "CreateResource", + "description": "Grants permission to copy input published schema into Directory with same name and version as that of published schema", + "privilege": "ApplySchema", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "publishedSchema*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete resources in your account", - "privilege": "DeleteResource", + "description": "Grants permission to attach an existing object to another existing object", + "privilege": "AttachObject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get resources in your account", - "privilege": "GetResource", + "access_level": "Write", + "description": "Grants permission to attach a policy object to any other object", + "privilege": "AttachPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get resource requests in your account", - "privilege": "GetResourceRequestStatus", + "access_level": "Write", + "description": "Grants permission to attach the specified object to the specified index", + "privilege": "AttachToIndex", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list resource requests in your account", - "privilege": "ListResourceRequests", + "access_level": "Write", + "description": "Grants permission to attach a typed link b/w a source & target object reference", + "privilege": "AttachTypedLink", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { "access_level": "Read", - "description": "Grants permission to list resources in your account", - "privilege": "ListResources", + "description": "Grants permission to perform all the read operations in a batch. Each individual operation inside BatchRead needs to be granted permissions explicitly", + "privilege": "BatchRead", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { "access_level": "Write", - "description": "Grants permission to update resources in your account", - "privilege": "UpdateResource", + "description": "Grants permission to perform all the write operations in a batch. Each individual operation inside BatchWrite needs to be granted permissions explicitly", + "privilege": "BatchWrite", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] - } - ], - "resources": [], - "service_name": "AWS Cloud Control API" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", - "type": "ArrayOfString" - }, - { - "condition": "cloudformation:ChangeSetName", - "description": "Filters access by an AWS CloudFormation change set name. Use to control which change sets IAM users can execute or delete", - "type": "String" - }, - { - "condition": "cloudformation:CreateAction", - "description": "Filters access by the name of a resource-mutating API action. Use to control which APIs IAM users can use to add or remove tags on a stack or stack set", - "type": "String" - }, - { - "condition": "cloudformation:ImportResourceTypes", - "description": "Filters access by the template resource types, such as AWS::EC2::Instance. Use to control which resource types IAM users can work with when they want to import a resource into a stack", - "type": "String" - }, - { - "condition": "cloudformation:ResourceTypes", - "description": "Filters access by the template resource types, such as AWS::EC2::Instance. Use to control which resource types IAM users can work with when they create or update a stack", - "type": "ArrayOfString" - }, - { - "condition": "cloudformation:RoleArn", - "description": "Filters access by the ARN of an IAM service role. Use to control which service role IAM users can use to work with stacks or change sets", - "type": "ARN" - }, - { - "condition": "cloudformation:StackPolicyUrl", - "description": "Filters access by an Amazon S3 stack policy URL. Use to control which stack policies IAM users can associate with a stack during a create or update stack action", - "type": "String" }, - { - "condition": "cloudformation:TargetRegion", - "description": "Filters access by stack set target region. Use to control which regions IAM users can use when they create or update stack sets", - "type": "ArrayOfString" - }, - { - "condition": "cloudformation:TemplateUrl", - "description": "Filters access by an Amazon S3 template URL. Use to control which templates IAM users can use when they create or update stacks", - "type": "String" - } - ], - "prefix": "cloudformation", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to activate trusted access between StackSets and Organizations. With trusted access between StackSets and Organizations activated, the management account has permissions to create and manage StackSets for your organization", - "privilege": "ActivateOrganizationsAccess", + "description": "Grants permission to create a Directory by copying the published schema into the directory", + "privilege": "CreateDirectory", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "publishedSchema*" } ] }, { "access_level": "Write", - "description": "Grants permission to activate a public third-party extension, making it available for use in stack templates", - "privilege": "ActivateType", + "description": "Grants permission to create a new Facet in a schema", + "privilege": "CreateFacet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "appliedSchema*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "developmentSchema*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return configuration data for the specified CloudFormation extensions", - "privilege": "BatchDescribeTypeConfigurations", + "access_level": "Write", + "description": "Grants permission to create an index object", + "privilege": "CreateIndex", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { "access_level": "Write", - "description": "Grants permission to cancel an update on the specified stack", - "privilege": "CancelUpdateStack", + "description": "Grants permission to create an object in a Directory", + "privilege": "CreateObject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack*" + "resource_type": "directory*" } ] }, { "access_level": "Write", - "description": "Grants permission to continue rolling back a stack that is in the UPDATE_ROLLBACK_FAILED state to the UPDATE_ROLLBACK_COMPLETE state", - "privilege": "ContinueUpdateRollback", + "description": "Grants permission to create a new schema in a development state", + "privilege": "CreateSchema", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack*" - }, - { - "condition_keys": [ - "cloudformation:RoleArn" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a list of changes for a stack", - "privilege": "CreateChangeSet", + "description": "Grants permission to create a new Typed Link facet in a schema", + "privilege": "CreateTypedLinkFacet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack*" + "resource_type": "appliedSchema*" }, { - "condition_keys": [ - "cloudformation:ChangeSetName", - "cloudformation:ResourceTypes", - "cloudformation:ImportResourceTypes", - "cloudformation:RoleArn", - "cloudformation:StackPolicyUrl", - "cloudformation:TemplateUrl", - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "developmentSchema*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a template from existing resources that are not already managed with CloudFormation", - "privilege": "CreateGeneratedTemplate", + "description": "Grants permission to delete a directory. Only disabled directories can be deleted", + "privilege": "DeleteDirectory", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a stack as specified in the template", - "privilege": "CreateStack", + "description": "Grants permission to delete a given Facet. All attributes and Rules associated with the facet will be deleted", + "privilege": "DeleteFacet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack*" - }, - { - "condition_keys": [ - "cloudformation:ResourceTypes", - "cloudformation:RoleArn", - "cloudformation:StackPolicyUrl", - "cloudformation:TemplateUrl", - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "developmentSchema*" } ] }, { "access_level": "Write", - "description": "Grants permission to create stack instances for the specified accounts, within the specified regions", - "privilege": "CreateStackInstances", + "description": "Grants permission to delete an object and its associated attributes", + "privilege": "DeleteObject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stackset*" - }, + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a given schema", + "privilege": "DeleteSchema", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stackset-target" + "resource_type": "developmentSchema*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "type" - }, - { - "condition_keys": [ - "aws:TagKeys", - "cloudformation:TargetRegion" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "publishedSchema*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a stack refactor", - "privilege": "CreateStackRefactor", + "description": "Grants permission to delete a given TypedLink Facet. All attributes and Rules associated with the facet will be deleted", + "privilege": "DeleteTypedLinkFacet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack*" + "resource_type": "developmentSchema*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a stackset as specified in the template", - "privilege": "CreateStackSet", + "description": "Grants permission to detach the specified object from the specified index", + "privilege": "DetachFromIndex", "resource_types": [ { - "condition_keys": [ - "cloudformation:RoleArn", - "cloudformation:TemplateUrl", - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { "access_level": "Write", - "description": "Grants permission to upload templates to Amazon S3 buckets. Used only by the AWS CloudFormation console and is not documented in the API reference", - "privilege": "CreateUploadBucket", + "description": "Grants permission to detach a given object from the parent object", + "privilege": "DetachObject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { "access_level": "Write", - "description": "Grants permission to deactivate trusted access between StackSets and Organizations. If trusted access is deactivated, the management account does not have permissions to create and manage service-managed StackSets for your organization", - "privilege": "DeactivateOrganizationsAccess", + "description": "Grants permission to detach a policy from an object", + "privilege": "DetachPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { "access_level": "Write", - "description": "Grants permission to deactivate a public extension that was previously activated in this account and region", - "privilege": "DeactivateType", + "description": "Grants permission to detach a given typed link b/w given source and target object reference", + "privilege": "DetachTypedLink", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the specified change set. Deleting change sets ensures that no one executes the wrong change set", - "privilege": "DeleteChangeSet", + "description": "Grants permission to disable the specified directory", + "privilege": "DisableDirectory", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack*" - }, - { - "condition_keys": [ - "cloudformation:ChangeSetName" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a generated template", - "privilege": "DeleteGeneratedTemplate", + "description": "Grants permission to enable the specified directory", + "privilege": "EnableDirectory", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a specified stack", - "privilege": "DeleteStack", + "access_level": "Read", + "description": "Grants permission to return current applied schema version ARN, including the minor version in use", + "privilege": "GetAppliedSchemaVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack*" - }, - { - "condition_keys": [ - "cloudformation:RoleArn" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "appliedSchema*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete stack instances for the specified accounts, in the specified regions", - "privilege": "DeleteStackInstances", + "access_level": "Read", + "description": "Grants permission to retrieve metadata about a directory", + "privilege": "GetDirectory", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stackset*" - }, + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get details of the Facet, such as Facet Name, Attributes, Rules, or ObjectType", + "privilege": "GetFacet", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stackset-target" + "resource_type": "appliedSchema*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "type" + "resource_type": "developmentSchema*" }, { - "condition_keys": [ - "cloudformation:TargetRegion" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "publishedSchema*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a specified stackset", - "privilege": "DeleteStackSet", + "access_level": "Read", + "description": "Grants permission to retrieve attributes that are associated with a typed link", + "privilege": "GetLinkAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stackset*" + "resource_type": "directory*" } ] }, { - "access_level": "Write", - "description": "Grants permission to deregister an existing CloudFormation type or type version", - "privilege": "DeregisterType", + "access_level": "Read", + "description": "Grants permission to retrieve attributes within a facet that are associated with an object", + "privilege": "GetObjectAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve your account's AWS CloudFormation limits", - "privilege": "DescribeAccountLimits", + "description": "Grants permission to retrieve metadata about an object", + "privilege": "GetObjectInformation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { "access_level": "Read", - "description": "Grants permission to return the description for the specified change set", - "privilege": "DescribeChangeSet", + "description": "Grants permission to retrieve a JSON representation of the schema", + "privilege": "GetSchemaAsJson", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack*" + "resource_type": "appliedSchema*" }, { - "condition_keys": [ - "cloudformation:ChangeSetName" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "developmentSchema*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "publishedSchema*" } ] }, { "access_level": "Read", - "description": "Grants permission to return the Hook invocation information for the specified change set", - "privilege": "DescribeChangeSetHooks", + "description": "Grants permission to return identity attributes order information associated with a given typed link facet", + "privilege": "GetTypedLinkFacetInformation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack*" + "resource_type": "appliedSchema*" }, { - "condition_keys": [ - "cloudformation:ChangeSetName" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe a generated template. The output includes details about the progress of the creation of a generated template", - "privilege": "DescribeGeneratedTemplate", - "resource_types": [ + "resource_type": "developmentSchema*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "publishedSchema*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return information about the account's OrganizationAccess status", - "privilege": "DescribeOrganizationsAccess", + "access_level": "List", + "description": "Grants permission to list schemas applied to a directory", + "privilege": "ListAppliedSchemaArns", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { "access_level": "Read", - "description": "Grants permission to return information about a CloudFormation extension publisher", - "privilege": "DescribePublisher", + "description": "Grants permission to list indices attached to an object", + "privilege": "ListAttachedIndices", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe details of a resource scan", - "privilege": "DescribeResourceScan", + "access_level": "List", + "description": "Grants permission to retrieve the ARNs of schemas in the development state", + "privilege": "ListDevelopmentSchemaArns", "resource_types": [ { "condition_keys": [], @@ -44693,9 +48576,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to return information about a stack drift detection operation", - "privilege": "DescribeStackDriftDetectionStatus", + "access_level": "List", + "description": "Grants permission to list directories created within an account", + "privilege": "ListDirectories", "resource_types": [ { "condition_keys": [], @@ -44706,307 +48589,264 @@ }, { "access_level": "Read", - "description": "Grants permission to return all stack related events for a specified stack", - "privilege": "DescribeStackEvents", + "description": "Grants permission to retrieve attributes attached to the facet", + "privilege": "ListFacetAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to return the stack instance that's associated with the specified stack set, AWS account, and region", - "privilege": "DescribeStackInstance", - "resource_types": [ + "resource_type": "appliedSchema*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "stackset*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to return the description for the specified stack refactor", - "privilege": "DescribeStackRefactor", - "resource_types": [ + "resource_type": "developmentSchema*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack*" + "resource_type": "publishedSchema*" } ] }, { "access_level": "Read", - "description": "Grants permission to return a description of the specified resource in the specified stack", - "privilege": "DescribeStackResource", + "description": "Grants permission to retrieve the names of facets that exist in a schema", + "privilege": "ListFacetNames", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to return drift information for the resources that have been checked for drift in the specified stack", - "privilege": "DescribeStackResourceDrifts", - "resource_types": [ + "resource_type": "appliedSchema*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to return AWS resource descriptions for running and deleted stacks", - "privilege": "DescribeStackResources", - "resource_types": [ + "resource_type": "developmentSchema*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack*" + "resource_type": "publishedSchema*" } ] }, { "access_level": "Read", - "description": "Grants permission to return the description of the specified stack set", - "privilege": "DescribeStackSet", + "description": "Grants permission to return a paginated list of all incoming TypedLinks for a given object", + "privilege": "ListIncomingTypedLinks", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stackset*" + "resource_type": "directory*" } ] }, { "access_level": "Read", - "description": "Grants permission to return the description of the specified stack set operation", - "privilege": "DescribeStackSetOperation", + "description": "Grants permission to list objects attached to the specified index", + "privilege": "ListIndex", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stackset*" + "resource_type": "directory*" } ] }, { "access_level": "List", - "description": "Grants permission to return the description for the specified stack, and to all stacks when used in combination with the ListStacks action", - "privilege": "DescribeStacks", + "description": "Grants permission to list the major version families of each managed schema. If a major version ARN is provided as SchemaArn, the minor version revisions in that family are listed instead", + "privilege": "ListManagedSchemaArns", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "cloudformation:ListStacks" - ], - "resource_type": "stack" + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to return information about the CloudFormation type requested", - "privilege": "DescribeType", + "description": "Grants permission to list all attributes associated with an object", + "privilege": "ListObjectAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { "access_level": "Read", - "description": "Grants permission to return information about the registration process for a CloudFormation type", - "privilege": "DescribeTypeRegistration", + "description": "Grants permission to return a paginated list of child objects associated with a given object", + "privilege": "ListObjectChildren", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { "access_level": "Read", - "description": "Grants permission to detects whether a stack's actual configuration differs, or has drifted, from it's expected configuration, as defined in the stack template and any values specified as template parameters", - "privilege": "DetectStackDrift", + "description": "Grants permission to retrieve all available parent paths for any object type such as node, leaf node, policy node, and index node objects", + "privilege": "ListObjectParentPaths", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack*" + "resource_type": "directory*" } ] }, { "access_level": "Read", - "description": "Grants permission to return information about whether a resource's actual configuration differs, or has drifted, from it's expected configuration, as defined in the stack template and any values specified as template parameters", - "privilege": "DetectStackResourceDrift", + "description": "Grants permission to list parent objects associated with a given object in pagination fashion", + "privilege": "ListObjectParents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack*" + "resource_type": "directory*" } ] }, { "access_level": "Read", - "description": "Grants permission to enable users to detect drift on a stack set and the stack instances that belong to that stack set", - "privilege": "DetectStackSetDrift", + "description": "Grants permission to return policies attached to an object in pagination fashion", + "privilege": "ListObjectPolicies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stackset*" + "resource_type": "directory*" } ] }, { "access_level": "Read", - "description": "Grants permission to return the estimated monthly cost of a template", - "privilege": "EstimateTemplateCost", + "description": "Grants permission to return a paginated list of all outgoing TypedLinks for a given object", + "privilege": "ListOutgoingTypedLinks", "resource_types": [ { - "condition_keys": [ - "cloudformation:TemplateUrl" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a stack using the input information that was provided when the specified change set was created", - "privilege": "ExecuteChangeSet", + "access_level": "Read", + "description": "Grants permission to return all of the ObjectIdentifiers to which a given policy is attached", + "privilege": "ListPolicyAttachments", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack*" - }, - { - "condition_keys": [ - "cloudformation:ChangeSetName" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "Write", - "description": "Grants permission to execute a stack refactor using the input information that was provided when the specified stack refactor was created", - "privilege": "ExecuteStackRefactor", + "access_level": "List", + "description": "Grants permission to retrieve published schema ARNs", + "privilege": "ListPublishedSchemaArns", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve a generated template", - "privilege": "GetGeneratedTemplate", + "description": "Grants permission to return tags for a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { "access_level": "Read", - "description": "Grants permission to return the stack policy for a specified stack", - "privilege": "GetStackPolicy", + "description": "Grants permission to return a paginated list of attributes associated with typed link facet", + "privilege": "ListTypedLinkFacetAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to return the template body for a specified stack", - "privilege": "GetTemplate", - "resource_types": [ + "resource_type": "appliedSchema*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack*" + "resource_type": "developmentSchema*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "publishedSchema*" } ] }, { "access_level": "Read", - "description": "Grants permission to return information about a new or existing template", - "privilege": "GetTemplateSummary", + "description": "Grants permission to return a paginated list of typed link facet names that exist in a schema", + "privilege": "ListTypedLinkFacetNames", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "appliedSchema*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "stackset" + "resource_type": "developmentSchema*" }, { - "condition_keys": [ - "cloudformation:TemplateUrl" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "publishedSchema*" } ] }, { - "access_level": "Write", - "description": "Grants permission to enable users to import existing stacks to a new or existing stackset", - "privilege": "ImportStacksToStackSet", + "access_level": "Read", + "description": "Grants permission to list all policies from the root of the Directory to the object specified", + "privilege": "LookupPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stackset*" + "resource_type": "directory*" } ] }, { - "access_level": "List", - "description": "Grants permission to return the ID and status of each active change set for a stack. For example, AWS CloudFormation lists change sets that are in the CREATE_IN_PROGRESS or CREATE_PENDING state", - "privilege": "ListChangeSets", + "access_level": "Write", + "description": "Grants permission to publish a development schema with a version", + "privilege": "PublishSchema", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack*" + "resource_type": "developmentSchema*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all exported output values in the account and region in which you call this action", - "privilege": "ListExports", + "access_level": "Write", + "description": "Grants permission to update a schema using JSON upload. Only available for development schemas", + "privilege": "PutSchemaFromJson", "resource_types": [ { "condition_keys": [], @@ -45016,184 +48856,209 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list your generated templates in this Region", - "privilege": "ListGeneratedTemplates", + "access_level": "Write", + "description": "Grants permission to remove the specified facet from the specified object", + "privilege": "RemoveFacetFromObject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "List", - "description": "Grants permission to return Hook invocations result information for the specified target", - "privilege": "ListHookResults", + "access_level": "Tagging", + "description": "Grants permission to add tags to a resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" - }, - { - "condition_keys": [ - "cloudformation:ChangeSetName" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all stacks that are importing an exported output value", - "privilege": "ListImports", + "access_level": "Tagging", + "description": "Grants permission to remove tags from a resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the related resources for a list of resources from a resource scan. The response indicates whether each returned resource is already managed by CloudFormation", - "privilege": "ListResourceScanRelatedResources", + "access_level": "Write", + "description": "Grants permission to add/update/delete existing Attributes, Rules, or ObjectType of a Facet", + "privilege": "UpdateFacet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list the resources from a resource scan. The results can be filtered by resource identifier, resource type prefix, tag key, and tag value", - "privilege": "ListResourceScanResources", - "resource_types": [ + "resource_type": "appliedSchema*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "developmentSchema*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the resource scans from newest to oldest. By default it will return up to 10 resource scans", - "privilege": "ListResourceScans", + "access_level": "Write", + "description": "Grants permission to update a given typed link's attributes. Attributes to be updated must not contribute to the typed link's identity, as defined by its IdentityAttributeOrder", + "privilege": "UpdateLinkAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "List", - "description": "Grants permission to return drift information for the resources that have been checked for drift in the specified stack instance", - "privilege": "ListStackInstanceResourceDrifts", + "access_level": "Write", + "description": "Grants permission to update a given object's attributes", + "privilege": "UpdateObjectAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stackset*" + "resource_type": "directory*" } ] }, { - "access_level": "List", - "description": "Grants permission to return summary information about stack instances that are associated with the specified stack set", - "privilege": "ListStackInstances", + "access_level": "Write", + "description": "Grants permission to update the schema name with a new name", + "privilege": "UpdateSchema", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stackset*" + "resource_type": "developmentSchema*" } ] }, { - "access_level": "List", - "description": "Grants permission to return the list of actions of the specified stack refactor", - "privilege": "ListStackRefactorActions", + "access_level": "Write", + "description": "Grants permission to add/update/delete existing Attributes, Rules, identity attribute order of a TypedLink Facet", + "privilege": "UpdateTypedLinkFacet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack*" + "resource_type": "developmentSchema*" } ] }, { - "access_level": "List", - "description": "Grants permission to return the ID and status of each active stack refactor", - "privilege": "ListStackRefactors", + "access_level": "Write", + "description": "Grants permission to upgrade a single directory in-place using the PublishedSchemaArn with schema updates found in MinorVersion. Backwards-compatible minor version upgrades are instantaneously available for readers on all objects in the directory", + "privilege": "UpgradeAppliedSchema", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack*" + "resource_type": "directory*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "publishedSchema*" } ] }, { - "access_level": "List", - "description": "Grants permission to return descriptions of all resources of the specified stack", - "privilege": "ListStackResources", + "access_level": "Write", + "description": "Grants permission to upgrade a published schema under a new minor version revision using the current contents of DevelopmentSchemaArn", + "privilege": "UpgradePublishedSchema", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack*" + "resource_type": "developmentSchema*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "publishedSchema*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:clouddirectory:${Region}:${Account}:directory/${DirectoryId}/schema/${SchemaName}/${Version}", + "condition_keys": [], + "resource": "appliedSchema" }, { - "access_level": "List", - "description": "Grants permission to return summary information about StackSet Auto Deployment Targets", - "privilege": "ListStackSetAutoDeploymentTargets", + "arn": "arn:${Partition}:clouddirectory:${Region}:${Account}:schema/development/${SchemaName}", + "condition_keys": [], + "resource": "developmentSchema" + }, + { + "arn": "arn:${Partition}:clouddirectory:${Region}:${Account}:directory/${DirectoryId}", + "condition_keys": [], + "resource": "directory" + }, + { + "arn": "arn:${Partition}:clouddirectory:${Region}:${Account}:schema/published/${SchemaName}/${Version}", + "condition_keys": [], + "resource": "publishedSchema" + } + ], + "service_name": "Amazon Cloud Directory" + }, + { + "conditions": [], + "prefix": "cloudformation", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to cancel resource requests in your account", + "privilege": "CancelResourceRequest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stackset*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to return summary information about the results of a stack set operation", - "privilege": "ListStackSetOperationResults", + "access_level": "Write", + "description": "Grants permission to create resources in your account", + "privilege": "CreateResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stackset*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to return summary information about operations performed on a stack set", - "privilege": "ListStackSetOperations", + "access_level": "Write", + "description": "Grants permission to delete resources in your account", + "privilege": "DeleteResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stackset*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to return summary information about stack sets that are associated with the user", - "privilege": "ListStackSets", + "access_level": "Read", + "description": "Grants permission to get resources in your account", + "privilege": "GetResource", "resource_types": [ { "condition_keys": [], @@ -45203,9 +49068,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to return the summary information for stacks whose status matches the specified StackStatusFilter. In combination with the DescribeStacks action, grants permission to list descriptions for stacks", - "privilege": "ListStacks", + "access_level": "Read", + "description": "Grants permission to get resource requests in your account", + "privilege": "GetResourceRequestStatus", "resource_types": [ { "condition_keys": [], @@ -45215,9 +49080,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list CloudFormation type registration attempts", - "privilege": "ListTypeRegistrations", + "access_level": "Read", + "description": "Grants permission to list resource requests in your account", + "privilege": "ListResourceRequests", "resource_types": [ { "condition_keys": [], @@ -45227,9 +49092,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list versions of a particular CloudFormation type", - "privilege": "ListTypeVersions", + "access_level": "Read", + "description": "Grants permission to list resources in your account", + "privilege": "ListResources", "resource_types": [ { "condition_keys": [], @@ -45239,9 +49104,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list available CloudFormation types", - "privilege": "ListTypes", + "access_level": "Write", + "description": "Grants permission to update resources in your account", + "privilege": "UpdateResource", "resource_types": [ { "condition_keys": [], @@ -45249,11 +49114,80 @@ "resource_type": "" } ] + } + ], + "resources": [], + "service_name": "AWS Cloud Control API" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + }, + { + "condition": "cloudformation:ChangeSetName", + "description": "Filters access by an AWS CloudFormation change set name. Use to control which change sets IAM users can execute or delete", + "type": "String" + }, + { + "condition": "cloudformation:CreateAction", + "description": "Filters access by the name of a resource-mutating API action. Use to control which APIs IAM users can use to add or remove tags on a stack or stack set", + "type": "String" + }, + { + "condition": "cloudformation:ImportResourceTypes", + "description": "Filters access by the template resource types, such as AWS::EC2::Instance. Use to control which resource types IAM users can work with when they want to import a resource into a stack", + "type": "String" + }, + { + "condition": "cloudformation:ResourceTypes", + "description": "Filters access by the template resource types, such as AWS::EC2::Instance. Use to control which resource types IAM users can work with when they create or update a stack", + "type": "ArrayOfString" + }, + { + "condition": "cloudformation:RoleArn", + "description": "Filters access by the ARN of an IAM service role. Use to control which service role IAM users can use to work with stacks or change sets", + "type": "ARN" + }, + { + "condition": "cloudformation:StackPolicyUrl", + "description": "Filters access by an Amazon S3 stack policy URL. Use to control which stack policies IAM users can associate with a stack during a create or update stack action", + "type": "String" + }, + { + "condition": "cloudformation:TargetRegion", + "description": "Filters access by stack set target region. Use to control which regions IAM users can use when they create or update stack sets", + "type": "ArrayOfString" + }, + { + "condition": "cloudformation:TemplateUrl", + "description": "Filters access by an Amazon S3 template URL. Use to control which templates IAM users can use when they create or update stacks", + "type": "String" }, + { + "condition": "cloudformation:TypeArn", + "description": "Filters access by the ARN of a CloudFormation extension", + "type": "ARN" + } + ], + "prefix": "cloudformation", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to publish the specified extension to the CloudFormation registry as a public extension in this region", - "privilege": "PublishType", + "description": "Grants permission to activate trusted access between StackSets and Organizations. With trusted access between StackSets and Organizations activated, the management account has permissions to create and manage StackSets for your organization", + "privilege": "ActivateOrganizationsAccess", "resource_types": [ { "condition_keys": [], @@ -45264,20 +49198,20 @@ }, { "access_level": "Write", - "description": "Grants permission to record the handler progress", - "privilege": "RecordHandlerProgress", + "description": "Grants permission to activate a public third-party extension, making it available for use in stack templates", + "privilege": "ActivateType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to register account as a publisher of public extensions in the CloudFormation registry", - "privilege": "RegisterPublisher", + "access_level": "Read", + "description": "Grants permission to return configuration data for the specified CloudFormation extensions", + "privilege": "BatchDescribeTypeConfigurations", "resource_types": [ { "condition_keys": [], @@ -45288,20 +49222,20 @@ }, { "access_level": "Write", - "description": "Grants permission to register a new CloudFormation type", - "privilege": "RegisterType", + "description": "Grants permission to cancel an update on the specified stack", + "privilege": "CancelUpdateStack", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "stack*" } ] }, { "access_level": "Write", - "description": "Grants permission to rollback the stack to the last stable state", - "privilege": "RollbackStack", + "description": "Grants permission to continue rolling back a stack that is in the UPDATE_ROLLBACK_FAILED state to the UPDATE_ROLLBACK_COMPLETE state", + "privilege": "ContinueUpdateRollback", "resource_types": [ { "condition_keys": [], @@ -45318,9 +49252,9 @@ ] }, { - "access_level": "Permissions management", - "description": "Grants permission to set a stack policy for a specified stack", - "privilege": "SetStackPolicy", + "access_level": "Write", + "description": "Grants permission to create a list of changes for a stack", + "privilege": "CreateChangeSet", "resource_types": [ { "condition_keys": [], @@ -45329,7 +49263,14 @@ }, { "condition_keys": [ - "cloudformation:StackPolicyUrl" + "cloudformation:ChangeSetName", + "cloudformation:ResourceTypes", + "cloudformation:ImportResourceTypes", + "cloudformation:RoleArn", + "cloudformation:StackPolicyUrl", + "cloudformation:TemplateUrl", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -45338,8 +49279,8 @@ }, { "access_level": "Write", - "description": "Grants permission to set the configuration data for a registered CloudFormation extension, in the given account and region", - "privilege": "SetTypeConfiguration", + "description": "Grants permission to create a template from existing resources that are not already managed with CloudFormation", + "privilege": "CreateGeneratedTemplate", "resource_types": [ { "condition_keys": [], @@ -45350,77 +49291,81 @@ }, { "access_level": "Write", - "description": "Grants permission to set which version of a CloudFormation type applies to CloudFormation operations", - "privilege": "SetTypeDefaultVersion", + "description": "Grants permission to create a stack as specified in the template", + "privilege": "CreateStack", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "stack*" + }, + { + "condition_keys": [ + "cloudformation:ResourceTypes", + "cloudformation:RoleArn", + "cloudformation:StackPolicyUrl", + "cloudformation:TemplateUrl", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to send a signal to the specified resource with a success or failure status", - "privilege": "SignalResource", + "description": "Grants permission to create stack instances for the specified accounts, within the specified regions", + "privilege": "CreateStackInstances", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to start a scan of the resources in this account in this Region", - "privilege": "StartResourceScan", - "resource_types": [ + "resource_type": "stackset*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "stackset-target" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "type" + }, + { + "condition_keys": [ + "aws:TagKeys", + "cloudformation:TargetRegion" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to stop an in-progress operation on a stack set and its associated stack instances", - "privilege": "StopStackSetOperation", + "description": "Grants permission to create a stack refactor", + "privilege": "CreateStackRefactor", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stackset*" + "resource_type": "stack*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag cloudformation resources", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to create a stackset as specified in the template", + "privilege": "CreateStackSet", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "changeset" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "stack" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "stackset" - }, { "condition_keys": [ - "aws:TagKeys", + "cloudformation:RoleArn", + "cloudformation:TemplateUrl", "aws:RequestTag/${TagKey}", - "cloudformation:CreateAction" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -45429,8 +49374,8 @@ }, { "access_level": "Write", - "description": "Grants permission to test a registered extension to make sure it meets all necessary requirements for being published in the CloudFormation registry", - "privilege": "TestType", + "description": "Grants permission to upload templates to Amazon S3 buckets. Used only by the AWS CloudFormation console and is not documented in the API reference", + "privilege": "CreateUploadBucket", "resource_types": [ { "condition_keys": [], @@ -45440,39 +49385,21 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag cloudformation resources", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to deactivate trusted access between StackSets and Organizations. If trusted access is deactivated, the management account does not have permissions to create and manage service-managed StackSets for your organization", + "privilege": "DeactivateOrganizationsAccess", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "changeset" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "stack" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "stackset" - }, - { - "condition_keys": [ - "aws:TagKeys", - "cloudformation:CreateAction" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a generated template. This can be used to change the name, add and remove resources, refresh resources, and change the DeletionPolicy and UpdateReplacePolicy settings", - "privilege": "UpdateGeneratedTemplate", + "description": "Grants permission to deactivate a public extension that was previously activated in this account and region", + "privilege": "DeactivateType", "resource_types": [ { "condition_keys": [], @@ -45483,8 +49410,8 @@ }, { "access_level": "Write", - "description": "Grants permission to update a stack as specified in the template", - "privilege": "UpdateStack", + "description": "Grants permission to delete the specified change set. Deleting change sets ensures that no one executes the wrong change set", + "privilege": "DeleteChangeSet", "resource_types": [ { "condition_keys": [], @@ -45493,12 +49420,7 @@ }, { "condition_keys": [ - "cloudformation:ResourceTypes", - "cloudformation:RoleArn", - "cloudformation:StackPolicyUrl", - "cloudformation:TemplateUrl", - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "cloudformation:ChangeSetName" ], "dependent_actions": [], "resource_type": "" @@ -45507,27 +49429,29 @@ }, { "access_level": "Write", - "description": "Grants permission to update the parameter values for stack instances for the specified accounts, within the specified regions", - "privilege": "UpdateStackInstances", + "description": "Grants permission to delete a generated template", + "privilege": "DeleteGeneratedTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stackset*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "stackset-target" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a specified stack", + "privilege": "DeleteStack", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "type" + "resource_type": "stack*" }, { "condition_keys": [ - "cloudformation:TargetRegion" + "cloudformation:RoleArn" ], "dependent_actions": [], "resource_type": "" @@ -45536,8 +49460,8 @@ }, { "access_level": "Write", - "description": "Grants permission to update a stackset as specified in the template", - "privilege": "UpdateStackSet", + "description": "Grants permission to delete stack instances for the specified accounts, in the specified regions", + "privilege": "DeleteStackInstances", "resource_types": [ { "condition_keys": [], @@ -45556,11 +49480,7 @@ }, { "condition_keys": [ - "cloudformation:RoleArn", - "cloudformation:TemplateUrl", - "cloudformation:TargetRegion", - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "cloudformation:TargetRegion" ], "dependent_actions": [], "resource_type": "" @@ -45569,150 +49489,72 @@ }, { "access_level": "Write", - "description": "Grants permission to update termination protection for the specified stack", - "privilege": "UpdateTerminationProtection", + "description": "Grants permission to delete a specified stackset", + "privilege": "DeleteStackSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack*" + "resource_type": "stackset*" } ] }, { - "access_level": "Read", - "description": "Grants permission to validate a specified template", - "privilege": "ValidateTemplate", + "access_level": "Write", + "description": "Grants permission to deregister an existing CloudFormation type or type version", + "privilege": "DeregisterType", "resource_types": [ { - "condition_keys": [ - "cloudformation:TemplateUrl" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:cloudformation:${Region}:${Account}:changeSet/${ChangeSetName}/${Id}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "changeset" - }, - { - "arn": "arn:${Partition}:cloudformation:${Region}:${Account}:stack/${StackName}/${Id}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "stack" - }, - { - "arn": "arn:${Partition}:cloudformation:${Region}:${Account}:stackset/${StackSetName}:${Id}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "stackset" - }, - { - "arn": "arn:${Partition}:cloudformation:${Region}:${Account}:stackset-target/${StackSetTarget}", - "condition_keys": [], - "resource": "stackset-target" - }, - { - "arn": "arn:${Partition}:cloudformation:${Region}:${Account}:type/resource/${Type}", - "condition_keys": [], - "resource": "type" - }, - { - "arn": "arn:${Partition}:cloudformation:${Region}:${Account}:generatedTemplate/${Id}", - "condition_keys": [], - "resource": "generatedtemplate" - }, - { - "arn": "arn:${Partition}:cloudformation:${Region}:${Account}:resourceScan/${Id}", - "condition_keys": [], - "resource": "resourcescan" - } - ], - "service_name": "AWS CloudFormation" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tag key-value pairs attached to the resource", - "type": "String" }, { - "condition": "aws:TagKeys", - "description": "Filters access by the presence of tag keys in the request", - "type": "ArrayOfString" - } - ], - "prefix": "cloudfront", - "privileges": [ - { - "access_level": "Permissions management", - "description": "Grants permission to configure vended log delivery for a distribution", - "privilege": "AllowVendedLogDeliveryForResource", + "access_level": "Read", + "description": "Grants permission to retrieve your account's AWS CloudFormation limits", + "privilege": "DescribeAccountLimits", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "distribution" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to associate an alias to a CloudFront distribution", - "privilege": "AssociateAlias", + "access_level": "Read", + "description": "Grants permission to return the description for the specified change set", + "privilege": "DescribeChangeSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "distribution*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to copy an existing distribution and create a new web distribution", - "privilege": "CopyDistribution", - "resource_types": [ + "resource_type": "stack*" + }, { - "condition_keys": [], - "dependent_actions": [ - "cloudfront:CopyDistribution", - "cloudfront:CreateDistribution", - "cloudfront:GetDistribution" + "condition_keys": [ + "cloudformation:ChangeSetName" ], - "resource_type": "distribution*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an Anycast static IP list", - "privilege": "CreateAnycastIpList", + "access_level": "Read", + "description": "Grants permission to return the Hook invocation information for the specified change set", + "privilege": "DescribeChangeSetHooks", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "anycast-ip-list*" + "resource_type": "stack*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "cloudformation:ChangeSetName" ], "dependent_actions": [], "resource_type": "" @@ -45720,57 +49562,57 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to add a new cache policy to CloudFront", - "privilege": "CreateCachePolicy", + "access_level": "Read", + "description": "Grants permission to describe a generated template. The output includes details about the progress of the creation of a generated template", + "privilege": "DescribeGeneratedTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cache-policy*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new CloudFront origin access identity", - "privilege": "CreateCloudFrontOriginAccessIdentity", + "access_level": "Read", + "description": "Grants permission to return information about the account's OrganizationAccess status", + "privilege": "DescribeOrganizationsAccess", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "origin-access-identity*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to add a new continuous-deployment policy to CloudFront", - "privilege": "CreateContinuousDeploymentPolicy", + "access_level": "Read", + "description": "Grants permission to return information about a CloudFormation extension publisher", + "privilege": "DescribePublisher", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "continuous-deployment-policy*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new web distribution", - "privilege": "CreateDistribution", + "access_level": "Read", + "description": "Grants permission to describe details of a resource scan", + "privilege": "DescribeResourceScan", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "distribution*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new field-level encryption configuration", - "privilege": "CreateFieldLevelEncryptionConfig", + "access_level": "Read", + "description": "Grants permission to return information about a stack drift detection operation", + "privilege": "DescribeStackDriftDetectionStatus", "resource_types": [ { "condition_keys": [], @@ -45780,175 +49622,183 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a field-level encryption profile", - "privilege": "CreateFieldLevelEncryptionProfile", + "access_level": "Read", + "description": "Grants permission to return all stack related events for a specified stack", + "privilege": "DescribeStackEvents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "stack*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a CloudFront function", - "privilege": "CreateFunction", + "access_level": "Read", + "description": "Grants permission to return the stack instance that's associated with the specified stack set, AWS account, and region", + "privilege": "DescribeStackInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" + "resource_type": "stackset*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new invalidation batch request", - "privilege": "CreateInvalidation", + "access_level": "Read", + "description": "Grants permission to return the description for the specified stack refactor", + "privilege": "DescribeStackRefactor", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "distribution*" + "resource_type": "stack*" } ] }, { - "access_level": "Write", - "description": "Grants permission to add a new key group to CloudFront", - "privilege": "CreateKeyGroup", + "access_level": "Read", + "description": "Grants permission to return a description of the specified resource in the specified stack", + "privilege": "DescribeStackResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "stack*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a CloudFront KeyValueStore", - "privilege": "CreateKeyValueStore", + "access_level": "Read", + "description": "Grants permission to return drift information for the resources that have been checked for drift in the specified stack", + "privilege": "DescribeStackResourceDrifts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key-value-store*" + "resource_type": "stack*" } ] }, { - "access_level": "Write", - "description": "Grants permission to enable additional CloudWatch metrics for the specified CloudFront distribution. The additional metrics incur an additional cost", - "privilege": "CreateMonitoringSubscription", + "access_level": "Read", + "description": "Grants permission to return AWS resource descriptions for running and deleted stacks", + "privilege": "DescribeStackResources", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "stack*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new origin access control", - "privilege": "CreateOriginAccessControl", + "access_level": "Read", + "description": "Grants permission to return the description of the specified stack set", + "privilege": "DescribeStackSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "stackset*" } ] }, { - "access_level": "Write", - "description": "Grants permission to add a new origin request policy to CloudFront", - "privilege": "CreateOriginRequestPolicy", + "access_level": "Read", + "description": "Grants permission to return the description of the specified stack set operation", + "privilege": "DescribeStackSetOperation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "origin-request-policy*" + "resource_type": "stackset*" } ] }, { - "access_level": "Write", - "description": "Grants permission to add a new public key to CloudFront", - "privilege": "CreatePublicKey", + "access_level": "List", + "description": "Grants permission to return the description for the specified stack, and to all stacks when used in combination with the ListStacks action", + "privilege": "DescribeStacks", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "cloudformation:ListStacks" + ], + "resource_type": "stack" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a real-time log configuration", - "privilege": "CreateRealtimeLogConfig", + "access_level": "Read", + "description": "Grants permission to return information about the CloudFormation type requested", + "privilege": "DescribeType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "realtime-log-config*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to add a new response headers policy to CloudFront", - "privilege": "CreateResponseHeadersPolicy", + "access_level": "Read", + "description": "Grants permission to return information about the registration process for a CloudFormation type", + "privilege": "DescribeTypeRegistration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "response-headers-policy*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new savings plan", - "privilege": "CreateSavingsPlan", + "access_level": "Read", + "description": "Grants permission to detects whether a stack's actual configuration differs, or has drifted, from it's expected configuration, as defined in the stack template and any values specified as template parameters", + "privilege": "DetectStackDrift", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "stack*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new RTMP distribution", - "privilege": "CreateStreamingDistribution", + "access_level": "Read", + "description": "Grants permission to return information about whether a resource's actual configuration differs, or has drifted, from it's expected configuration, as defined in the stack template and any values specified as template parameters", + "privilege": "DetectStackResourceDrift", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "streaming-distribution*" + "resource_type": "stack*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new RTMP distribution with tags", - "privilege": "CreateStreamingDistributionWithTags", + "access_level": "Read", + "description": "Grants permission to enable users to detect drift on a stack set and the stack instances that belong to that stack set", + "privilege": "DetectStackSetDrift", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "streaming-distribution*" - }, + "resource_type": "stackset*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return the estimated monthly cost of a template", + "privilege": "EstimateTemplateCost", + "resource_types": [ { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "cloudformation:TemplateUrl" ], "dependent_actions": [], "resource_type": "" @@ -45957,13 +49807,17 @@ }, { "access_level": "Write", - "description": "Grants permission to create a VPC origin", - "privilege": "CreateVpcOrigin", + "description": "Grants permission to update a stack using the input information that was provided when the specified change set was created", + "privilege": "ExecuteChangeSet", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "stack*" + }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "cloudformation:ChangeSetName" ], "dependent_actions": [], "resource_type": "" @@ -45972,104 +49826,118 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an Anycast static IP list", - "privilege": "DeleteAnycastIpList", + "description": "Grants permission to execute a stack refactor using the input information that was provided when the specified stack refactor was created", + "privilege": "ExecuteStackRefactor", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "anycast-ip-list*" + "resource_type": "stack*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a cache policy", - "privilege": "DeleteCachePolicy", + "access_level": "Read", + "description": "Grants permission to retrieve a generated template", + "privilege": "GetGeneratedTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cache-policy*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a CloudFront origin access identity", - "privilege": "DeleteCloudFrontOriginAccessIdentity", - "resource_types": [ + "access_level": "Read", + "description": "Grants permission to return the stack policy for a specified stack", + "privilege": "GetStackPolicy", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "origin-access-identity*" + "resource_type": "stack*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a continuous-deployment policy", - "privilege": "DeleteContinuousDeploymentPolicy", + "access_level": "Read", + "description": "Grants permission to return the template body for a specified stack", + "privilege": "GetTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "continuous-deployment-policy*" + "resource_type": "stack*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a web distribution", - "privilege": "DeleteDistribution", + "access_level": "Read", + "description": "Grants permission to return information about a new or existing template", + "privilege": "GetTemplateSummary", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "distribution*" + "resource_type": "stack" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "stackset" + }, + { + "condition_keys": [ + "cloudformation:TemplateUrl" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a field-level encryption configuration", - "privilege": "DeleteFieldLevelEncryptionConfig", + "description": "Grants permission to enable users to import existing stacks to a new or existing stackset", + "privilege": "ImportStacksToStackSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "field-level-encryption-config*" + "resource_type": "stackset*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a field-level encryption profile", - "privilege": "DeleteFieldLevelEncryptionProfile", + "access_level": "List", + "description": "Grants permission to return Hook invocations result information for a specified Hook, a combination of Hook and status, or all Hooks", + "privilege": "ListAllHookResults", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "cloudformation:TypeArn" + ], "dependent_actions": [], - "resource_type": "field-level-encryption-profile*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a CloudFront function", - "privilege": "DeleteFunction", + "access_level": "List", + "description": "Grants permission to return the ID and status of each active change set for a stack. For example, AWS CloudFormation lists change sets that are in the CREATE_IN_PROGRESS or CREATE_PENDING state", + "privilege": "ListChangeSets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" + "resource_type": "stack*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a key group", - "privilege": "DeleteKeyGroup", + "access_level": "List", + "description": "Grants permission to list all exported output values in the account and region in which you call this action", + "privilege": "ListExports", "resource_types": [ { "condition_keys": [], @@ -46079,57 +49947,64 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete a CloudFront KeyValueStore", - "privilege": "DeleteKeyValueStore", + "access_level": "List", + "description": "Grants permission to list your generated templates in this Region", + "privilege": "ListGeneratedTemplates", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key-value-store*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to disable additional CloudWatch metrics for the specified CloudFront distribution", - "privilege": "DeleteMonitoringSubscription", + "access_level": "List", + "description": "Grants permission to return Hook invocations result information for the specified target", + "privilege": "ListHookResults", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "stack" + }, + { + "condition_keys": [ + "cloudformation:ChangeSetName" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an origin access control", - "privilege": "DeleteOriginAccessControl", + "access_level": "List", + "description": "Grants permission to list all stacks that are importing an exported output value", + "privilege": "ListImports", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "origin-access-control*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an origin request policy", - "privilege": "DeleteOriginRequestPolicy", + "access_level": "List", + "description": "Grants permission to list the related resources for a list of resources from a resource scan. The response indicates whether each returned resource is already managed by CloudFormation", + "privilege": "ListResourceScanRelatedResources", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "origin-request-policy*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a public key from CloudFront", - "privilege": "DeletePublicKey", + "access_level": "List", + "description": "Grants permission to list the resources from a resource scan. The results can be filtered by resource identifier, resource type prefix, tag key, and tag value", + "privilege": "ListResourceScanResources", "resource_types": [ { "condition_keys": [], @@ -46139,261 +50014,275 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete a real-time log configuration", - "privilege": "DeleteRealtimeLogConfig", + "access_level": "List", + "description": "Grants permission to list the resource scans from newest to oldest. By default it will return up to 10 resource scans", + "privilege": "ListResourceScans", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "realtime-log-config*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a response headers policy", - "privilege": "DeleteResponseHeadersPolicy", + "access_level": "List", + "description": "Grants permission to return drift information for the resources that have been checked for drift in the specified stack instance", + "privilege": "ListStackInstanceResourceDrifts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "response-headers-policy*" + "resource_type": "stackset*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an RTMP distribution", - "privilege": "DeleteStreamingDistribution", + "access_level": "List", + "description": "Grants permission to return summary information about stack instances that are associated with the specified stack set", + "privilege": "ListStackInstances", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "streaming-distribution*" + "resource_type": "stackset*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a VPC origin", - "privilege": "DeleteVpcOrigin", + "access_level": "List", + "description": "Grants permission to return the list of actions of the specified stack refactor", + "privilege": "ListStackRefactorActions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vpcorigin*" + "resource_type": "stack*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a CloudFront function summary", - "privilege": "DescribeFunction", + "access_level": "List", + "description": "Grants permission to return the ID and status of each active stack refactor", + "privilege": "ListStackRefactors", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" + "resource_type": "stack*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a CloudFront KeyValueStore summary", - "privilege": "DescribeKeyValueStore", + "access_level": "List", + "description": "Grants permission to return descriptions of all resources of the specified stack", + "privilege": "ListStackResources", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key-value-store*" + "resource_type": "stack*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get an Anycast static IP list", - "privilege": "GetAnycastIpList", + "access_level": "List", + "description": "Grants permission to return summary information about StackSet Auto Deployment Targets", + "privilege": "ListStackSetAutoDeploymentTargets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "anycast-ip-list*" + "resource_type": "stackset*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the cache policy", - "privilege": "GetCachePolicy", + "access_level": "List", + "description": "Grants permission to return summary information about the results of a stack set operation", + "privilege": "ListStackSetOperationResults", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cache-policy*" + "resource_type": "stackset*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the cache policy configuration", - "privilege": "GetCachePolicyConfig", + "access_level": "List", + "description": "Grants permission to return summary information about operations performed on a stack set", + "privilege": "ListStackSetOperations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cache-policy*" + "resource_type": "stackset*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the information about a CloudFront origin access identity", - "privilege": "GetCloudFrontOriginAccessIdentity", + "access_level": "List", + "description": "Grants permission to return summary information about stack sets that are associated with the user", + "privilege": "ListStackSets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "origin-access-identity*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the configuration information about a Cloudfront origin access identity", - "privilege": "GetCloudFrontOriginAccessIdentityConfig", + "access_level": "List", + "description": "Grants permission to return the summary information for stacks whose status matches the specified StackStatusFilter. In combination with the DescribeStacks action, grants permission to list descriptions for stacks", + "privilege": "ListStacks", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "origin-access-identity*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the continuous-deployment policy", - "privilege": "GetContinuousDeploymentPolicy", + "access_level": "List", + "description": "Grants permission to list CloudFormation type registration attempts", + "privilege": "ListTypeRegistrations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "continuous-deployment-policy*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the continuous-deployment policy configuration", - "privilege": "GetContinuousDeploymentPolicyConfig", + "access_level": "List", + "description": "Grants permission to list versions of a particular CloudFormation type", + "privilege": "ListTypeVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "continuous-deployment-policy*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the information about a web distribution", - "privilege": "GetDistribution", + "access_level": "List", + "description": "Grants permission to list available CloudFormation types", + "privilege": "ListTypes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "distribution*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the configuration information about a distribution", - "privilege": "GetDistributionConfig", + "access_level": "Write", + "description": "Grants permission to publish the specified extension to the CloudFormation registry as a public extension in this region", + "privilege": "PublishType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "distribution*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the field-level encryption configuration information", - "privilege": "GetFieldLevelEncryption", + "access_level": "Write", + "description": "Grants permission to record the handler progress", + "privilege": "RecordHandlerProgress", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "field-level-encryption-config*" + "resource_type": "stack*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the field-level encryption configuration information", - "privilege": "GetFieldLevelEncryptionConfig", + "access_level": "Write", + "description": "Grants permission to register account as a publisher of public extensions in the CloudFormation registry", + "privilege": "RegisterPublisher", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "field-level-encryption-config*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the field-level encryption configuration information", - "privilege": "GetFieldLevelEncryptionProfile", + "access_level": "Write", + "description": "Grants permission to register a new CloudFormation type", + "privilege": "RegisterType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "field-level-encryption-profile*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the field-level encryption profile configuration information", - "privilege": "GetFieldLevelEncryptionProfileConfig", + "access_level": "Write", + "description": "Grants permission to rollback the stack to the last stable state", + "privilege": "RollbackStack", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "field-level-encryption-profile*" + "resource_type": "stack*" + }, + { + "condition_keys": [ + "cloudformation:RoleArn" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a CloudFront function's code", - "privilege": "GetFunction", + "access_level": "Permissions management", + "description": "Grants permission to set a stack policy for a specified stack", + "privilege": "SetStackPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" + "resource_type": "stack*" + }, + { + "condition_keys": [ + "cloudformation:StackPolicyUrl" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the information about an invalidation", - "privilege": "GetInvalidation", + "access_level": "Write", + "description": "Grants permission to set the configuration data for a registered CloudFormation extension, in the given account and region", + "privilege": "SetTypeConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "distribution*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a key group", - "privilege": "GetKeyGroup", + "access_level": "Write", + "description": "Grants permission to set which version of a CloudFormation type applies to CloudFormation operations", + "privilege": "SetTypeDefaultVersion", "resource_types": [ { "condition_keys": [], @@ -46403,21 +50292,21 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get a key group configuration", - "privilege": "GetKeyGroupConfig", + "access_level": "Write", + "description": "Grants permission to send a signal to the specified resource with a success or failure status", + "privilege": "SignalResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "stack*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about whether additional CloudWatch metrics are enabled for the specified CloudFront distribution", - "privilege": "GetMonitoringSubscription", + "access_level": "Write", + "description": "Grants permission to start a scan of the resources in this account in this Region", + "privilege": "StartResourceScan", "resource_types": [ { "condition_keys": [], @@ -46427,57 +50316,94 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get the origin access control", - "privilege": "GetOriginAccessControl", + "access_level": "Write", + "description": "Grants permission to stop an in-progress operation on a stack set and its associated stack instances", + "privilege": "StopStackSetOperation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "origin-access-control*" + "resource_type": "stackset*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the origin access control configuration", - "privilege": "GetOriginAccessControlConfig", + "access_level": "Tagging", + "description": "Grants permission to tag cloudformation resources", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "origin-access-control*" + "resource_type": "changeset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "stack" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "stackset" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}", + "cloudformation:CreateAction" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the origin request policy", - "privilege": "GetOriginRequestPolicy", + "access_level": "Write", + "description": "Grants permission to test a registered extension to make sure it meets all necessary requirements for being published in the CloudFormation registry", + "privilege": "TestType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "origin-request-policy*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the origin request policy configuration", - "privilege": "GetOriginRequestPolicyConfig", + "access_level": "Tagging", + "description": "Grants permission to untag cloudformation resources", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "origin-request-policy*" + "resource_type": "changeset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "stack" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "stackset" + }, + { + "condition_keys": [ + "aws:TagKeys", + "cloudformation:CreateAction" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the public key information", - "privilege": "GetPublicKey", + "access_level": "Write", + "description": "Grants permission to update a generated template. This can be used to change the name, add and remove resources, refresh resources, and change the DeletionPolicy and UpdateReplacePolicy settings", + "privilege": "UpdateGeneratedTemplate", "resource_types": [ { "condition_keys": [], @@ -46487,153 +50413,278 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get the public key configuration information", - "privilege": "GetPublicKeyConfig", + "access_level": "Write", + "description": "Grants permission to update a stack as specified in the template", + "privilege": "UpdateStack", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "stack*" + }, + { + "condition_keys": [ + "cloudformation:ResourceTypes", + "cloudformation:RoleArn", + "cloudformation:StackPolicyUrl", + "cloudformation:TemplateUrl", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a real-time log configuration", - "privilege": "GetRealtimeLogConfig", + "access_level": "Write", + "description": "Grants permission to update the parameter values for stack instances for the specified accounts, within the specified regions", + "privilege": "UpdateStackInstances", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "realtime-log-config*" + "resource_type": "stackset*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "stackset-target" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "type" + }, + { + "condition_keys": [ + "cloudformation:TargetRegion" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the response headers policy", - "privilege": "GetResponseHeadersPolicy", + "access_level": "Write", + "description": "Grants permission to update a stackset as specified in the template", + "privilege": "UpdateStackSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "response-headers-policy*" + "resource_type": "stackset*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "stackset-target" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "type" + }, + { + "condition_keys": [ + "cloudformation:RoleArn", + "cloudformation:TemplateUrl", + "cloudformation:TargetRegion", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the response headers policy configuration", - "privilege": "GetResponseHeadersPolicyConfig", + "access_level": "Write", + "description": "Grants permission to update termination protection for the specified stack", + "privilege": "UpdateTerminationProtection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "response-headers-policy*" + "resource_type": "stack*" } ] }, { "access_level": "Read", - "description": "Grants permission to get a savings plan", - "privilege": "GetSavingsPlan", + "description": "Grants permission to validate a specified template", + "privilege": "ValidateTemplate", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "cloudformation:TemplateUrl" + ], "dependent_actions": [], "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:cloudformation:${Region}:${Account}:changeSet/${ChangeSetName}/${Id}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "changeset" }, { - "access_level": "Read", - "description": "Grants permission to get the information about an RTMP distribution", - "privilege": "GetStreamingDistribution", + "arn": "arn:${Partition}:cloudformation:${Region}:${Account}:stack/${StackName}/${Id}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "stack" + }, + { + "arn": "arn:${Partition}:cloudformation:${Region}:${Account}:stackset/${StackSetName}:${Id}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "stackset" + }, + { + "arn": "arn:${Partition}:cloudformation:${Region}:${Account}:stackset-target/${StackSetTarget}", + "condition_keys": [], + "resource": "stackset-target" + }, + { + "arn": "arn:${Partition}:cloudformation:${Region}:${Account}:type/resource/${Type}", + "condition_keys": [], + "resource": "type" + }, + { + "arn": "arn:${Partition}:cloudformation:${Region}:${Account}:generatedTemplate/${Id}", + "condition_keys": [], + "resource": "generatedtemplate" + }, + { + "arn": "arn:${Partition}:cloudformation:${Region}:${Account}:resourceScan/${Id}", + "condition_keys": [], + "resource": "resourcescan" + } + ], + "service_name": "AWS CloudFormation" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the presence of tag keys in the request", + "type": "ArrayOfString" + } + ], + "prefix": "cloudfront", + "privileges": [ + { + "access_level": "Permissions management", + "description": "Grants permission to configure vended log delivery for a distribution", + "privilege": "AllowVendedLogDeliveryForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "streaming-distribution*" + "resource_type": "distribution" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the configuration information about a streaming distribution", - "privilege": "GetStreamingDistributionConfig", + "access_level": "Write", + "description": "Grants permission to associate an alias to a CloudFront distribution", + "privilege": "AssociateAlias", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "streaming-distribution*" + "resource_type": "distribution*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the information about a VPC origin", - "privilege": "GetVpcOrigin", + "access_level": "Write", + "description": "Grants permission to associate a distribution tenant with an AWS WAF web ACL", + "privilege": "AssociateDistributionTenantWebACL", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vpcorigin*" + "resource_type": "distribution-tenant*" } ] }, { - "access_level": "List", - "description": "Grants permission to list your Anycast static IP lists", - "privilege": "ListAnycastIpLists", + "access_level": "Write", + "description": "Grants permission to associate a distribution with an AWS WAF web ACL", + "privilege": "AssociateDistributionWebACL", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "distribution*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all cache policies that have been created in CloudFront for this account", - "privilege": "ListCachePolicies", + "access_level": "Write", + "description": "Grants permission to copy an existing distribution and create a new web distribution", + "privilege": "CopyDistribution", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "cloudfront:CopyDistribution", + "cloudfront:CreateDistribution", + "cloudfront:GetDistribution" + ], + "resource_type": "distribution*" } ] }, { - "access_level": "List", - "description": "Grants permission to list your CloudFront origin access identities", - "privilege": "ListCloudFrontOriginAccessIdentities", + "access_level": "Write", + "description": "Grants permission to create an Anycast static IP list", + "privilege": "CreateAnycastIpList", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all aliases that conflict with the given alias in CloudFront", - "privilege": "ListConflictingAliases", + "access_level": "Write", + "description": "Grants permission to add a new cache policy to CloudFront", + "privilege": "CreateCachePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "distribution*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all continuous-deployment policies in the account", - "privilege": "ListContinuousDeploymentPolicies", + "access_level": "Write", + "description": "Grants permission to create a new CloudFront origin access identity", + "privilege": "CreateCloudFrontOriginAccessIdentity", "resource_types": [ { "condition_keys": [], @@ -46643,21 +50694,24 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the distributions associated with your AWS account", - "privilege": "ListDistributions", + "access_level": "Write", + "description": "Grants permission to create a connection group", + "privilege": "CreateConnectionGroup", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the distributions in your account that are associated with the specified AnycastIpListId", - "privilege": "ListDistributionsByAnycastIpListId", + "access_level": "Write", + "description": "Grants permission to add a new continuous-deployment policy to CloudFront", + "privilege": "CreateContinuousDeploymentPolicy", "resource_types": [ { "condition_keys": [], @@ -46667,33 +50721,38 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list distribution IDs for distributions that have a cache behavior that's associated with the specified cache policy", - "privilege": "ListDistributionsByCachePolicyId", + "access_level": "Write", + "description": "Grants permission to create a new web distribution", + "privilege": "CreateDistribution", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "cloudfront:CreateConnectionGroup" + ], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list distribution IDs for distributions that have a cache behavior that's associated with the specified key group", - "privilege": "ListDistributionsByKeyGroup", + "access_level": "Write", + "description": "Grants permission to create a distribution tenant", + "privilege": "CreateDistributionTenant", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the distributions associated a Lambda function", - "privilege": "ListDistributionsByLambdaFunction", + "access_level": "Write", + "description": "Grants permission to create a new field-level encryption configuration", + "privilege": "CreateFieldLevelEncryptionConfig", "resource_types": [ { "condition_keys": [], @@ -46703,9 +50762,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list distribution IDs for distributions that have a cache behavior that's associated with the specified origin request policy", - "privilege": "ListDistributionsByOriginRequestPolicyId", + "access_level": "Write", + "description": "Grants permission to create a field-level encryption profile", + "privilege": "CreateFieldLevelEncryptionProfile", "resource_types": [ { "condition_keys": [], @@ -46715,9 +50774,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to get a list of distributions that have a cache behavior that's associated with the specified real-time log configuration", - "privilege": "ListDistributionsByRealtimeLogConfig", + "access_level": "Write", + "description": "Grants permission to create a CloudFront function", + "privilege": "CreateFunction", "resource_types": [ { "condition_keys": [], @@ -46727,33 +50786,33 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list distribution IDs for distributions that have a cache behavior that's associated with the specified response headers policy", - "privilege": "ListDistributionsByResponseHeadersPolicyId", + "access_level": "Write", + "description": "Grants permission to create a new invalidation batch request", + "privilege": "CreateInvalidation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "distribution*" } ] }, { - "access_level": "List", - "description": "Grants permission to list IDs for distributions associated with the specified VPC origin", - "privilege": "ListDistributionsByVpcOriginId", + "access_level": "Write", + "description": "Grants permission to create an invalidation for a distribution tenant", + "privilege": "CreateInvalidationForDistributionTenant", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "distribution-tenant*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the distributions associated with your AWS account with given AWS WAF web ACL", - "privilege": "ListDistributionsByWebACLId", + "access_level": "Write", + "description": "Grants permission to add a new key group to CloudFront", + "privilege": "CreateKeyGroup", "resource_types": [ { "condition_keys": [], @@ -46763,21 +50822,21 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all field-level encryption configurations that have been created in CloudFront for this account", - "privilege": "ListFieldLevelEncryptionConfigs", + "access_level": "Write", + "description": "Grants permission to create a CloudFront KeyValueStore", + "privilege": "CreateKeyValueStore", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "key-value-store*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all field-level encryption profiles that have been created in CloudFront for this account", - "privilege": "ListFieldLevelEncryptionProfiles", + "access_level": "Write", + "description": "Grants permission to enable additional CloudWatch metrics for the specified CloudFront distribution. The additional metrics incur an additional cost", + "privilege": "CreateMonitoringSubscription", "resource_types": [ { "condition_keys": [], @@ -46787,9 +50846,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to get a list of CloudFront functions", - "privilege": "ListFunctions", + "access_level": "Write", + "description": "Grants permission to create a new origin access control", + "privilege": "CreateOriginAccessControl", "resource_types": [ { "condition_keys": [], @@ -46799,21 +50858,21 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list your invalidation batches", - "privilege": "ListInvalidations", + "access_level": "Write", + "description": "Grants permission to add a new origin request policy to CloudFront", + "privilege": "CreateOriginRequestPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "distribution*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all key groups that have been created in CloudFront for this account", - "privilege": "ListKeyGroups", + "access_level": "Write", + "description": "Grants permission to add a new public key to CloudFront", + "privilege": "CreatePublicKey", "resource_types": [ { "condition_keys": [], @@ -46823,9 +50882,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to get a list of CloudFront KeyValueStores", - "privilege": "ListKeyValueStores", + "access_level": "Write", + "description": "Grants permission to create a real-time log configuration", + "privilege": "CreateRealtimeLogConfig", "resource_types": [ { "condition_keys": [], @@ -46835,9 +50894,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all origin access controls in the account", - "privilege": "ListOriginAccessControls", + "access_level": "Write", + "description": "Grants permission to add a new response headers policy to CloudFront", + "privilege": "CreateResponseHeadersPolicy", "resource_types": [ { "condition_keys": [], @@ -46847,9 +50906,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all origin request policies that have been created in CloudFront for this account", - "privilege": "ListOriginRequestPolicies", + "access_level": "Write", + "description": "Grants permission to create a new savings plan", + "privilege": "CreateSavingsPlan", "resource_types": [ { "condition_keys": [], @@ -46859,9 +50918,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all public keys that have been added to CloudFront for this account", - "privilege": "ListPublicKeys", + "access_level": "Write", + "description": "Grants permission to create a new RTMP distribution", + "privilege": "CreateStreamingDistribution", "resource_types": [ { "condition_keys": [], @@ -46871,162 +50930,147 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list CloudFront rate cards for the account", - "privilege": "ListRateCards", + "access_level": "Write", + "description": "Grants permission to create a new RTMP distribution with tags", + "privilege": "CreateStreamingDistributionWithTags", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to get a list of real-time log configurations", - "privilege": "ListRealtimeLogConfigs", + "access_level": "Write", + "description": "Grants permission to create a VPC origin", + "privilege": "CreateVpcOrigin", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all response headers policies that have been created in CloudFront for this account", - "privilege": "ListResponseHeadersPolicies", + "access_level": "Write", + "description": "Grants permission to delete an Anycast static IP list", + "privilege": "DeleteAnycastIpList", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "anycast-ip-list*" } ] }, { - "access_level": "List", - "description": "Grants permission to list savings plans in the account", - "privilege": "ListSavingsPlans", + "access_level": "Write", + "description": "Grants permission to delete a cache policy", + "privilege": "DeleteCachePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "cache-policy*" } ] }, { - "access_level": "List", - "description": "Grants permission to list your RTMP distributions", - "privilege": "ListStreamingDistributions", + "access_level": "Write", + "description": "Grants permission to delete a CloudFront origin access identity", + "privilege": "DeleteCloudFrontOriginAccessIdentity", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "origin-access-identity*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list tags for a CloudFront resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to delete a connection group", + "privilege": "DeleteConnectionGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "anycast-ip-list" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "distribution" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "vpcorigin" + "resource_type": "connection-group*" } ] }, { - "access_level": "List", - "description": "Grants permission to list CloudFront usage", - "privilege": "ListUsages", + "access_level": "Write", + "description": "Grants permission to delete a continuous-deployment policy", + "privilege": "DeleteContinuousDeploymentPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "continuous-deployment-policy*" } ] }, { - "access_level": "List", - "description": "Grants permission to list VPC origins", - "privilege": "ListVpcOrigins", + "access_level": "Write", + "description": "Grants permission to delete a web distribution", + "privilege": "DeleteDistribution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "distribution*" } ] }, { "access_level": "Write", - "description": "Grants permission to publish a CloudFront function", - "privilege": "PublishFunction", + "description": "Grants permission to delete a distribution tenant", + "privilege": "DeleteDistributionTenant", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" + "resource_type": "distribution-tenant*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add tags to a CloudFront resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to delete a field-level encryption configuration", + "privilege": "DeleteFieldLevelEncryptionConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "anycast-ip-list" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "distribution" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "streaming-distribution" - }, + "resource_type": "field-level-encryption-config*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a field-level encryption profile", + "privilege": "DeleteFieldLevelEncryptionProfile", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vpcorigin" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "field-level-encryption-profile*" } ] }, { "access_level": "Write", - "description": "Grants permission to test a CloudFront function", - "privilege": "TestFunction", + "description": "Grants permission to delete a CloudFront function", + "privilege": "DeleteFunction", "resource_types": [ { "condition_keys": [], @@ -47036,151 +51080,153 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from a CloudFront resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to delete a key group", + "privilege": "DeleteKeyGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "anycast-ip-list" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "distribution" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a CloudFront KeyValueStore", + "privilege": "DeleteKeyValueStore", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "streaming-distribution" - }, + "resource_type": "key-value-store*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disable additional CloudWatch metrics for the specified CloudFront distribution", + "privilege": "DeleteMonitoringSubscription", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vpcorigin" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a cache policy", - "privilege": "UpdateCachePolicy", + "description": "Grants permission to delete an origin access control", + "privilege": "DeleteOriginAccessControl", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cache-policy*" + "resource_type": "origin-access-control*" } ] }, { "access_level": "Write", - "description": "Grants permission to set the configuration for a CloudFront origin access identity", - "privilege": "UpdateCloudFrontOriginAccessIdentity", + "description": "Grants permission to delete an origin request policy", + "privilege": "DeleteOriginRequestPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "origin-access-identity*" + "resource_type": "origin-request-policy*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a continuous-deployment policy", - "privilege": "UpdateContinuousDeploymentPolicy", + "description": "Grants permission to delete a public key from CloudFront", + "privilege": "DeletePublicKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "continuous-deployment-policy*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the configuration for a web distribution", - "privilege": "UpdateDistribution", + "description": "Grants permission to delete a real-time log configuration", + "privilege": "DeleteRealtimeLogConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "distribution*" + "resource_type": "realtime-log-config*" } ] }, { "access_level": "Write", - "description": "Grants permission to copy the configuration from a staging web distribution to its corresponding primary web distribution", - "privilege": "UpdateDistributionWithStagingConfig", + "description": "Grants permission to delete a resource's policy document", + "privilege": "DeleteResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "distribution*" + "resource_type": "vpcorigin" } ] }, { "access_level": "Write", - "description": "Grants permission to update a field-level encryption configuration", - "privilege": "UpdateFieldLevelEncryptionConfig", + "description": "Grants permission to delete a response headers policy", + "privilege": "DeleteResponseHeadersPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "response-headers-policy*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a field-level encryption profile", - "privilege": "UpdateFieldLevelEncryptionProfile", + "description": "Grants permission to delete an RTMP distribution", + "privilege": "DeleteStreamingDistribution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "field-level-encryption-profile*" + "resource_type": "streaming-distribution*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a CloudFront function", - "privilege": "UpdateFunction", + "description": "Grants permission to delete a VPC origin", + "privilege": "DeleteVpcOrigin", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" + "resource_type": "vpcorigin*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a key group", - "privilege": "UpdateKeyGroup", + "access_level": "Read", + "description": "Grants permission to get a CloudFront function summary", + "privilege": "DescribeFunction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "function*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a CloudFront KeyValueStore", - "privilege": "UpdateKeyValueStore", + "access_level": "Read", + "description": "Grants permission to get a CloudFront KeyValueStore summary", + "privilege": "DescribeKeyValueStore", "resource_types": [ { "condition_keys": [], @@ -47191,426 +51237,272 @@ }, { "access_level": "Write", - "description": "Grants permission to update an origin access control", - "privilege": "UpdateOriginAccessControl", + "description": "Grants permission to disassociate a distribution tenant from an AWS WAF web ACL", + "privilege": "DisassociateDistributionTenantWebACL", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "origin-access-control*" + "resource_type": "distribution-tenant*" } ] }, { "access_level": "Write", - "description": "Grants permission to update an origin request policy", - "privilege": "UpdateOriginRequestPolicy", + "description": "Grants permission to disassociate a distribution from an AWS WAF web ACL", + "privilege": "DisassociateDistributionWebACL", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "origin-request-policy*" + "resource_type": "distribution*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update public key information", - "privilege": "UpdatePublicKey", + "access_level": "Read", + "description": "Grants permission to get an Anycast static IP list", + "privilege": "GetAnycastIpList", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "anycast-ip-list*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a real-time log configuration", - "privilege": "UpdateRealtimeLogConfig", + "access_level": "Read", + "description": "Grants permission to get the cache policy", + "privilege": "GetCachePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "realtime-log-config*" + "resource_type": "cache-policy*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a response headers policy", - "privilege": "UpdateResponseHeadersPolicy", + "access_level": "Read", + "description": "Grants permission to get the cache policy configuration", + "privilege": "GetCachePolicyConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "response-headers-policy*" + "resource_type": "cache-policy*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a savings plan", - "privilege": "UpdateSavingsPlan", + "access_level": "Read", + "description": "Grants permission to get the information about a CloudFront origin access identity", + "privilege": "GetCloudFrontOriginAccessIdentity", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "origin-access-identity*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the configuration for an RTMP distribution", - "privilege": "UpdateStreamingDistribution", + "access_level": "Read", + "description": "Grants permission to get the configuration information about a Cloudfront origin access identity", + "privilege": "GetCloudFrontOriginAccessIdentityConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "streaming-distribution*" + "resource_type": "origin-access-identity*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a VPC origin", - "privilege": "UpdateVpcOrigin", + "access_level": "Read", + "description": "Grants permission to get information about a connection group", + "privilege": "GetConnectionGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vpcorigin*" + "resource_type": "connection-group*" } ] - } - ], - "resources": [ + }, { - "arn": "arn:${Partition}:cloudfront::${Account}:distribution/${DistributionId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "distribution" + "access_level": "Read", + "description": "Grants permission to get information about a connection group by the specified routing endpoint", + "privilege": "GetConnectionGroupByRoutingEndpoint", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connection-group*" + } + ] }, { - "arn": "arn:${Partition}:cloudfront::${Account}:streaming-distribution/${DistributionId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "streaming-distribution" - }, - { - "arn": "arn:${Partition}:cloudfront::${Account}:origin-access-identity/${Id}", - "condition_keys": [], - "resource": "origin-access-identity" - }, - { - "arn": "arn:${Partition}:cloudfront::${Account}:field-level-encryption-config/${Id}", - "condition_keys": [], - "resource": "field-level-encryption-config" - }, - { - "arn": "arn:${Partition}:cloudfront::${Account}:field-level-encryption-profile/${Id}", - "condition_keys": [], - "resource": "field-level-encryption-profile" - }, - { - "arn": "arn:${Partition}:cloudfront::${Account}:cache-policy/${Id}", - "condition_keys": [], - "resource": "cache-policy" - }, - { - "arn": "arn:${Partition}:cloudfront::${Account}:origin-request-policy/${Id}", - "condition_keys": [], - "resource": "origin-request-policy" - }, - { - "arn": "arn:${Partition}:cloudfront::${Account}:realtime-log-config/${Name}", - "condition_keys": [], - "resource": "realtime-log-config" - }, - { - "arn": "arn:${Partition}:cloudfront::${Account}:function/${Name}", - "condition_keys": [], - "resource": "function" - }, - { - "arn": "arn:${Partition}:cloudfront::${Account}:key-value-store/${Name}", - "condition_keys": [], - "resource": "key-value-store" - }, - { - "arn": "arn:${Partition}:cloudfront::${Account}:response-headers-policy/${Id}", - "condition_keys": [], - "resource": "response-headers-policy" - }, - { - "arn": "arn:${Partition}:cloudfront::${Account}:origin-access-control/${Id}", - "condition_keys": [], - "resource": "origin-access-control" - }, - { - "arn": "arn:${Partition}:cloudfront::${Account}:continuous-deployment-policy/${Id}", - "condition_keys": [], - "resource": "continuous-deployment-policy" - }, - { - "arn": "arn:${Partition}:cloudfront::${Account}:anycast-ip-list/${Id}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "anycast-ip-list" - }, - { - "arn": "arn:${Partition}:cloudfront::${Account}:vpcorigin/${Id}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "vpcorigin" - } - ], - "service_name": "Amazon CloudFront" - }, - { - "conditions": [], - "prefix": "cloudfront-keyvaluestore", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to delete the key value pair specified by the key", - "privilege": "DeleteKey", + "access_level": "Read", + "description": "Grants permission to get the continuous-deployment policy", + "privilege": "GetContinuousDeploymentPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key-value-store*" + "resource_type": "continuous-deployment-policy*" } ] }, { "access_level": "Read", - "description": "Grants permission to return metadata information about Key Value Store", - "privilege": "DescribeKeyValueStore", + "description": "Grants permission to get the continuous-deployment policy configuration", + "privilege": "GetContinuousDeploymentPolicyConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key-value-store*" + "resource_type": "continuous-deployment-policy*" } ] }, { "access_level": "Read", - "description": "Grants permission to return a key value pair", - "privilege": "GetKey", + "description": "Grants permission to get the information about a web distribution", + "privilege": "GetDistribution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key-value-store*" + "resource_type": "distribution*" } ] }, { - "access_level": "List", - "description": "Grants permission to returns a list of key value pairs", - "privilege": "ListKeys", + "access_level": "Read", + "description": "Grants permission to get the configuration information about a distribution", + "privilege": "GetDistributionConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key-value-store*" + "resource_type": "distribution*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new key value pair or replace the value of an existing key", - "privilege": "PutKey", + "access_level": "Read", + "description": "Grants permission to get information about a distribution tenant", + "privilege": "GetDistributionTenant", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key-value-store*" + "resource_type": "distribution-tenant*" } ] }, { - "access_level": "Write", - "description": "Grants permission to put or delete multiple key value pairs in a single, all-or-nothing operation", - "privilege": "UpdateKeys", + "access_level": "Read", + "description": "Grants permission to get information about a distribution tenant by the associated domain", + "privilege": "GetDistributionTenantByDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key-value-store*" + "resource_type": "distribution-tenant*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:cloudfront::${Account}:key-value-store/${ResourceId}", - "condition_keys": [], - "resource": "key-value-store" - } - ], - "service_name": "Amazon CloudFront KeyValueStore" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tag key-value pairs attached to the resource", - "type": "String" }, { - "condition": "aws:TagKeys", - "description": "Filters access by the presence of tag keys in the request", - "type": "ArrayOfString" - } - ], - "prefix": "cloudhsm", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to create a copy of a backup in the specified region", - "privilege": "CopyBackupToRegion", + "access_level": "Read", + "description": "Grants permission to get the field-level encryption configuration information", + "privilege": "GetFieldLevelEncryption", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "cloudhsm:CopyBackupToRegion", - "cloudhsm:TagResource", - "cloudhsm:UntagResource" - ], - "resource_type": "backup*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "field-level-encryption-config*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new AWS CloudHSM cluster", - "privilege": "CreateCluster", + "access_level": "Read", + "description": "Grants permission to get the field-level encryption configuration information", + "privilege": "GetFieldLevelEncryptionConfig", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "cloudhsm:TagResource", - "ec2:AuthorizeSecurityGroupEgress", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateSecurityGroup", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:RevokeSecurityGroupEgress", - "iam:CreateServiceLinkedRole" - ], - "resource_type": "backup" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "field-level-encryption-config*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new hardware security module (HSM) in the specified AWS CloudHSM cluster", - "privilege": "CreateHsm", + "access_level": "Read", + "description": "Grants permission to get the field-level encryption configuration information", + "privilege": "GetFieldLevelEncryptionProfile", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:AuthorizeSecurityGroupEgress", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateNetworkInterface", - "ec2:CreateSecurityGroup", - "ec2:DeleteNetworkInterface", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:RevokeSecurityGroupEgress" - ], - "resource_type": "cluster*" + "dependent_actions": [], + "resource_type": "field-level-encryption-profile*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified CloudHSM backup", - "privilege": "DeleteBackup", + "access_level": "Read", + "description": "Grants permission to get the field-level encryption profile configuration information", + "privilege": "GetFieldLevelEncryptionProfileConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "backup*" + "resource_type": "field-level-encryption-profile*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified AWS CloudHSM cluster", - "privilege": "DeleteCluster", + "access_level": "Read", + "description": "Grants permission to get a CloudFront function's code", + "privilege": "GetFunction", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:DeleteNetworkInterface", - "ec2:DeleteSecurityGroup" - ], - "resource_type": "cluster*" + "dependent_actions": [], + "resource_type": "function*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified HSM", - "privilege": "DeleteHsm", + "access_level": "Read", + "description": "Grants permission to get the information about an invalidation", + "privilege": "GetInvalidation", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:DeleteNetworkInterface" - ], - "resource_type": "" + "dependent_actions": [], + "resource_type": "distribution*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the policy attached to CloudHSM resources", - "privilege": "DeleteResourcePolicy", + "access_level": "Read", + "description": "Grants permission to get information about an invalidation for a distribution tenant", + "privilege": "GetInvalidationForDistributionTenant", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "backup*" + "resource_type": "distribution-tenant*" } ] }, { "access_level": "Read", - "description": "Grants permission to get information about backups of AWS CloudHSM clusters", - "privilege": "DescribeBackups", + "description": "Grants permission to get a key group", + "privilege": "GetKeyGroup", "resource_types": [ { "condition_keys": [], @@ -47621,8 +51513,8 @@ }, { "access_level": "Read", - "description": "Grants permission to get information about AWS CloudHSM clusters", - "privilege": "DescribeClusters", + "description": "Grants permission to get a key group configuration", + "privilege": "GetKeyGroupConfig", "resource_types": [ { "condition_keys": [], @@ -47633,637 +51525,601 @@ }, { "access_level": "Read", - "description": "Grants permission to get information about the policy attached to a AWS CloudHSM resource", - "privilege": "GetResourcePolicy", + "description": "Grants permission to get details about a CloudFront managed certificate", + "privilege": "GetManagedCertificateDetails", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "backup*" + "resource_type": "distribution-tenant*" } ] }, { - "access_level": "Write", - "description": "Grants permission to claim an AWS CloudHSM cluster", - "privilege": "InitializeCluster", + "access_level": "Read", + "description": "Grants permission to get information about whether additional CloudWatch metrics are enabled for the specified CloudFront distribution", + "privilege": "GetMonitoringSubscription", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get a list of tags for the specified AWS CloudHSM cluster", - "privilege": "ListTags", + "description": "Grants permission to get the origin access control", + "privilege": "GetOriginAccessControl", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "backup" - }, + "resource_type": "origin-access-control*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the origin access control configuration", + "privilege": "GetOriginAccessControlConfig", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster" + "resource_type": "origin-access-control*" } ] }, { - "access_level": "Write", - "description": "Grants permission to modify attributes for an AWS CloudHSM backup", - "privilege": "ModifyBackupAttributes", + "access_level": "Read", + "description": "Grants permission to get the origin request policy", + "privilege": "GetOriginRequestPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "backup*" + "resource_type": "origin-request-policy*" } ] }, { - "access_level": "Write", - "description": "Grants permission to modify AWS CloudHSM cluster", - "privilege": "ModifyCluster", + "access_level": "Read", + "description": "Grants permission to get the origin request policy configuration", + "privilege": "GetOriginRequestPolicyConfig", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:DescribeSubnets" - ], - "resource_type": "cluster*" + "dependent_actions": [], + "resource_type": "origin-request-policy*" } ] }, { - "access_level": "Write", - "description": "Grants permission to attach a policy to an AWS CloudHSM resource", - "privilege": "PutResourcePolicy", + "access_level": "Read", + "description": "Grants permission to get the public key information", + "privilege": "GetPublicKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "backup*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to restore the specified CloudHSM backup", - "privilege": "RestoreBackup", + "access_level": "Read", + "description": "Grants permission to get the public key configuration information", + "privilege": "GetPublicKeyConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "backup*" + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add or overwrite one or more tags for the specified AWS CloudHSM cluster", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to get a real-time log configuration", + "privilege": "GetRealtimeLogConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "backup" - }, + "resource_type": "realtime-log-config*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the information about a resource's policy document", + "privilege": "GetResourcePolicy", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "vpcorigin" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove the specified tag or tags from the specified AWS CloudHSM cluster", - "privilege": "UntagResource", + "access_level": "Read", + "description": "Grants permission to get the response headers policy", + "privilege": "GetResponseHeadersPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "backup" - }, + "resource_type": "response-headers-policy*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the response headers policy configuration", + "privilege": "GetResponseHeadersPolicyConfig", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster" - }, + "resource_type": "response-headers-policy*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a savings plan", + "privilege": "GetSavingsPlan", + "resource_types": [ { - "condition_keys": [ - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:cloudhsm:${Region}:${Account}:backup/${CloudHsmBackupInstanceName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "backup" }, { - "arn": "arn:${Partition}:cloudhsm:${Region}:${Account}:cluster/${CloudHsmClusterInstanceName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "cluster" - } - ], - "service_name": "AWS CloudHSM" - }, - { - "conditions": [], - "prefix": "cloudsearch", - "privileges": [ - { - "access_level": "Tagging", - "description": "Attaches resource tags to an Amazon CloudSearch domain", - "privilege": "AddTags", + "access_level": "Read", + "description": "Grants permission to get the information about an RTMP distribution", + "privilege": "GetStreamingDistribution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "streaming-distribution*" } ] }, { - "access_level": "Write", - "description": "Indexes the search suggestions", - "privilege": "BuildSuggesters", + "access_level": "Read", + "description": "Grants permission to get the configuration information about a streaming distribution", + "privilege": "GetStreamingDistributionConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "streaming-distribution*" } ] }, { - "access_level": "Write", - "description": "Creates a new search domain", - "privilege": "CreateDomain", + "access_level": "Read", + "description": "Grants permission to get the information about a VPC origin", + "privilege": "GetVpcOrigin", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "vpcorigin*" } ] }, { - "access_level": "Write", - "description": "Configures an analysis scheme that can be applied to a text or text-array field to define language-specific text processing options", - "privilege": "DefineAnalysisScheme", + "access_level": "List", + "description": "Grants permission to list your Anycast static IP lists", + "privilege": "ListAnycastIpLists", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Configures an Expression for the search domain", - "privilege": "DefineExpression", + "access_level": "List", + "description": "Grants permission to list all cache policies that have been created in CloudFront for this account", + "privilege": "ListCachePolicies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Configures an IndexField for the search domain", - "privilege": "DefineIndexField", + "access_level": "List", + "description": "Grants permission to list your CloudFront origin access identities", + "privilege": "ListCloudFrontOriginAccessIdentities", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Configures a suggester for a domain", - "privilege": "DefineSuggester", + "access_level": "List", + "description": "Grants permission to list all aliases that conflict with the given alias in CloudFront", + "privilege": "ListConflictingAliases", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "distribution*" } ] }, { - "access_level": "Write", - "description": "Deletes an analysis scheme", - "privilege": "DeleteAnalysisScheme", + "access_level": "List", + "description": "Grants permission to list the connection groups in your AWS account", + "privilege": "ListConnectionGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Permanently deletes a search domain and all of its data", - "privilege": "DeleteDomain", + "access_level": "List", + "description": "Grants permission to list all continuous-deployment policies in the account", + "privilege": "ListContinuousDeploymentPolicies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Removes an Expression from the search domain", - "privilege": "DeleteExpression", + "access_level": "List", + "description": "Grants permission to list the distribution tenants in your AWS account", + "privilege": "ListDistributionTenants", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Removes an IndexField from the search domain", - "privilege": "DeleteIndexField", + "access_level": "List", + "description": "Grants permission to list the distribution tenants by the customization that you specify", + "privilege": "ListDistributionTenantsByCustomization", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Deletes a suggester", - "privilege": "DeleteSuggester", + "access_level": "List", + "description": "Grants permission to list the distributions associated with your AWS account", + "privilege": "ListDistributions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Gets the analysis schemes configured for a domain", - "privilege": "DescribeAnalysisSchemes", + "access_level": "List", + "description": "Grants permission to list the distributions in your account that are associated with the specified AnycastIpListId", + "privilege": "ListDistributionsByAnycastIpListId", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Gets the availability options configured for a domain", - "privilege": "DescribeAvailabilityOptions", + "access_level": "List", + "description": "Grants permission to list distribution IDs for distributions that have a cache behavior that's associated with the specified cache policy", + "privilege": "ListDistributionsByCachePolicyId", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Gets the domain endpoint options configured for a domain", - "privilege": "DescribeDomainEndpointOptions", + "access_level": "List", + "description": "Grants permission to list the distributions by the specified connection mode", + "privilege": "ListDistributionsByConnectionMode", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Gets information about the search domains owned by this account", - "privilege": "DescribeDomains", + "description": "Grants permission to list distribution IDs for distributions that have a cache behavior that's associated with the specified key group", + "privilege": "ListDistributionsByKeyGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Gets the expressions configured for the search domain", - "privilege": "DescribeExpressions", + "access_level": "List", + "description": "Grants permission to list the distributions associated a Lambda function", + "privilege": "ListDistributionsByLambdaFunction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Gets information about the index fields configured for the search domain", - "privilege": "DescribeIndexFields", + "access_level": "List", + "description": "Grants permission to list distribution IDs for distributions that have a cache behavior that's associated with the specified origin request policy", + "privilege": "ListDistributionsByOriginRequestPolicyId", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Gets the scaling parameters configured for a domain", - "privilege": "DescribeScalingParameters", + "access_level": "List", + "description": "Grants permission to get a list of distributions that have a cache behavior that's associated with the specified real-time log configuration", + "privilege": "ListDistributionsByRealtimeLogConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Gets information about the access policies that control access to the domain's document and search endpoints", - "privilege": "DescribeServiceAccessPolicies", + "access_level": "List", + "description": "Grants permission to list distribution IDs for distributions that have a cache behavior that's associated with the specified response headers policy", + "privilege": "ListDistributionsByResponseHeadersPolicyId", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Gets the suggesters configured for a domain", - "privilege": "DescribeSuggesters", + "access_level": "List", + "description": "Grants permission to list IDs for distributions associated with the specified VPC origin", + "privilege": "ListDistributionsByVpcOriginId", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Tells the search domain to start indexing its documents using the latest indexing options", - "privilege": "IndexDocuments", + "access_level": "List", + "description": "Grants permission to list the distributions associated with your AWS account with given AWS WAF web ACL", + "privilege": "ListDistributionsByWebACLId", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Lists all search domains owned by an account", - "privilege": "ListDomainNames", + "description": "Grants permission to list domain conflicts for a specified domain", + "privilege": "ListDomainConflicts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "distribution" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "distribution-tenant" } ] }, { - "access_level": "Read", - "description": "Displays all of the resource tags for an Amazon CloudSearch domain", - "privilege": "ListTags", + "access_level": "List", + "description": "Grants permission to list all field-level encryption configurations that have been created in CloudFront for this account", + "privilege": "ListFieldLevelEncryptionConfigs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Removes the specified resource tags from an Amazon ES domain", - "privilege": "RemoveTags", + "access_level": "List", + "description": "Grants permission to list all field-level encryption profiles that have been created in CloudFront for this account", + "privilege": "ListFieldLevelEncryptionProfiles", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Configures the availability options for a domain", - "privilege": "UpdateAvailabilityOptions", + "access_level": "List", + "description": "Grants permission to get a list of CloudFront functions", + "privilege": "ListFunctions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Configures the domain endpoint options for a domain", - "privilege": "UpdateDomainEndpointOptions", + "access_level": "List", + "description": "Grants permission to list your invalidation batches", + "privilege": "ListInvalidations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "distribution*" } ] }, { - "access_level": "Write", - "description": "Configures scaling parameters for a domain", - "privilege": "UpdateScalingParameters", + "access_level": "List", + "description": "Grants permission to list the invalidations for a distribution tenant", + "privilege": "ListInvalidationsForDistributionTenant", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "distribution-tenant*" } ] }, { - "access_level": "Permissions management", - "description": "Configures the access rules that control access to the domain's document and search endpoints", - "privilege": "UpdateServiceAccessPolicies", + "access_level": "List", + "description": "Grants permission to list all key groups that have been created in CloudFront for this account", + "privilege": "ListKeyGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Allows access to the document service operations", - "privilege": "document", + "access_level": "List", + "description": "Grants permission to get a list of CloudFront KeyValueStores", + "privilege": "ListKeyValueStores", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Allows access to the search operations", - "privilege": "search", + "access_level": "List", + "description": "Grants permission to list all origin access controls in the account", + "privilege": "ListOriginAccessControls", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Allows access to the suggest operations", - "privilege": "suggest", + "access_level": "List", + "description": "Grants permission to list all origin request policies that have been created in CloudFront for this account", + "privilege": "ListOriginRequestPolicies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain" + "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:cloudsearch:${Region}:${Account}:domain/${DomainName}", - "condition_keys": [], - "resource": "domain" - } - ], - "service_name": "Amazon CloudSearch" - }, - { - "conditions": [ - { - "condition": "cloudshell:SecurityGroupIds", - "description": "Filters access by security group ids. Available during CreateEnvironment operation", - "type": "ArrayOfString" }, { - "condition": "cloudshell:SubnetIds", - "description": "Filters access by subnet ids. Available during CreateEnvironment operation", - "type": "ArrayOfString" - }, - { - "condition": "cloudshell:VpcIds", - "description": "Filters access by vpc ids. Available during CreateEnvironment operation", - "type": "ArrayOfString" - } - ], - "prefix": "cloudshell", - "privileges": [ - { - "access_level": "Read", - "description": "Grants permission to approve a command sent by another AWS service", - "privilege": "ApproveCommand", + "access_level": "List", + "description": "Grants permission to list all public keys that have been added to CloudFront for this account", + "privilege": "ListPublicKeys", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Environment*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permissions to create a CloudShell environment", - "privilege": "CreateEnvironment", + "access_level": "List", + "description": "Grants permission to list CloudFront rate cards for the account", + "privilege": "ListRateCards", "resource_types": [ { - "condition_keys": [ - "cloudshell:SecurityGroupIds", - "cloudshell:SubnetIds", - "cloudshell:VpcIds" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permissions to connect to a CloudShell environment from the AWS Management Console", - "privilege": "CreateSession", + "access_level": "List", + "description": "Grants permission to get a list of real-time log configurations", + "privilege": "ListRealtimeLogConfigs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Environment*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a CloudShell environment", - "privilege": "DeleteEnvironment", + "access_level": "List", + "description": "Grants permission to list all response headers policies that have been created in CloudFront for this account", + "privilege": "ListResponseHeadersPolicies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Environment*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to return descriptions of existing user's environments", - "privilege": "DescribeEnvironments", + "description": "Grants permission to list savings plans in the account", + "privilege": "ListSavingsPlans", "resource_types": [ { "condition_keys": [], @@ -48273,131 +52129,131 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to read a CloudShell environment status", - "privilege": "GetEnvironmentStatus", + "access_level": "List", + "description": "Grants permission to list your RTMP distributions", + "privilege": "ListStreamingDistributions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Environment*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permissions to download files from a CloudShell environment", - "privilege": "GetFileDownloadUrls", + "access_level": "Read", + "description": "Grants permission to list tags for a CloudFront resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Environment*" + "resource_type": "anycast-ip-list" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connection-group" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "distribution" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "distribution-tenant" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "vpcorigin" } ] }, { - "access_level": "Write", - "description": "Grants permissions to upload files to a CloudShell environment", - "privilege": "GetFileUploadUrls", + "access_level": "List", + "description": "Grants permission to list CloudFront usage", + "privilege": "ListUsages", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Environment*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permissions to forward console credentials to the environment", - "privilege": "PutCredentials", + "access_level": "List", + "description": "Grants permission to list VPC origins", + "privilege": "ListVpcOrigins", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Environment*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start a stopped CloudShell environment", - "privilege": "StartEnvironment", + "description": "Grants permission to publish a CloudFront function", + "privilege": "PublishFunction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Environment*" + "resource_type": "function*" } ] }, { "access_level": "Write", - "description": "Grants permission to stop a running CloudShell environment", - "privilege": "StopEnvironment", + "description": "Grants permission to update or create a resource's policy document", + "privilege": "PutResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Environment*" + "resource_type": "vpcorigin" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:cloudshell:${Region}:${Account}:environment/${EnvironmentId}", - "condition_keys": [], - "resource": "Environment" - } - ], - "service_name": "AWS CloudShell" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags attached to the resource", - "type": "String" }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys in a request", - "type": "ArrayOfString" - } - ], - "prefix": "cloudtrail", - "privileges": [ { "access_level": "Tagging", - "description": "Grants permission to add one or more tags to a trail, event data store, channel or dashboard, up to a limit of 50", - "privilege": "AddTags", + "description": "Grants permission to add tags to a CloudFront resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel" + "resource_type": "anycast-ip-list" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "dashboard" + "resource_type": "connection-group" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "eventdatastore" + "resource_type": "distribution" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "trail" + "resource_type": "distribution-tenant" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "streaming-distribution" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "vpcorigin" }, { "condition_keys": [ @@ -48411,36 +52267,53 @@ }, { "access_level": "Write", - "description": "Grants permission to cancel a running query", - "privilege": "CancelQuery", + "description": "Grants permission to test a CloudFront function", + "privilege": "TestFunction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "eventdatastore*" + "resource_type": "function*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a channel", - "privilege": "CreateChannel", + "access_level": "Tagging", + "description": "Grants permission to remove tags from a CloudFront resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "cloudtrail:AddTags" - ], - "resource_type": "channel*" + "dependent_actions": [], + "resource_type": "anycast-ip-list" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "eventdatastore*" + "resource_type": "connection-group" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "distribution" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "distribution-tenant" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "streaming-distribution" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "vpcorigin" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -48450,495 +52323,625 @@ }, { "access_level": "Write", - "description": "Grants permission to create a dashboard", - "privilege": "CreateDashboard", + "description": "Grants permission to update an Anycast static IP list", + "privilege": "UpdateAnycastIpList", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "cloudtrail:AddTags", - "cloudtrail:StartDashboardRefresh", - "cloudtrail:StartQuery" - ], - "resource_type": "dashboard*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "anycast-ip-list*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an event data store", - "privilege": "CreateEventDataStore", + "description": "Grants permission to update a cache policy", + "privilege": "UpdateCachePolicy", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "cloudtrail:AddTags", - "iam:CreateServiceLinkedRole", - "iam:GetRole", - "kms:Decrypt", - "kms:GenerateDataKey", - "organizations:ListAWSServiceAccessForOrganization" - ], - "resource_type": "eventdatastore*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "cache-policy*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a service-linked channel that specifies the settings for delivery of log data to an AWS service", - "privilege": "CreateServiceLinkedChannel", + "description": "Grants permission to set the configuration for a CloudFront origin access identity", + "privilege": "UpdateCloudFrontOriginAccessIdentity", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "origin-access-identity*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a trail that specifies the settings for delivery of log data to an Amazon S3 bucket", - "privilege": "CreateTrail", + "description": "Grants permission to update a connection group", + "privilege": "UpdateConnectionGroup", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "cloudtrail:AddTags", - "iam:CreateServiceLinkedRole", - "iam:GetRole", - "organizations:ListAWSServiceAccessForOrganization" - ], - "resource_type": "trail*" - }, + "dependent_actions": [], + "resource_type": "connection-group*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a continuous-deployment policy", + "privilege": "UpdateContinuousDeploymentPolicy", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "continuous-deployment-policy*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a channel", - "privilege": "DeleteChannel", + "description": "Grants permission to update the configuration for a web distribution", + "privilege": "UpdateDistribution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "distribution*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a dashboard", - "privilege": "DeleteDashboard", + "description": "Grants permission to update a distribution tenant", + "privilege": "UpdateDistributionTenant", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dashboard*" + "resource_type": "distribution-tenant*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an event data store", - "privilege": "DeleteEventDataStore", + "description": "Grants permission to copy the configuration from a staging web distribution to its corresponding primary web distribution", + "privilege": "UpdateDistributionWithStagingConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "eventdatastore*" + "resource_type": "distribution*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a resource policy from the provided resource", - "privilege": "DeleteResourcePolicy", + "description": "Grants permission to update a domain association", + "privilege": "UpdateDomainAssociation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel" + "resource_type": "distribution" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "dashboard" - }, + "resource_type": "distribution-tenant" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a field-level encryption configuration", + "privilege": "UpdateFieldLevelEncryptionConfig", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "eventdatastore" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a service-linked channel", - "privilege": "DeleteServiceLinkedChannel", + "description": "Grants permission to update a field-level encryption profile", + "privilege": "UpdateFieldLevelEncryptionProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "field-level-encryption-profile*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a trail", - "privilege": "DeleteTrail", + "description": "Grants permission to update a CloudFront function", + "privilege": "UpdateFunction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "trail*" + "resource_type": "function*" } ] }, { "access_level": "Write", - "description": "Grants permission to deregister an AWS Organizations member account as a delegated administrator", - "privilege": "DeregisterOrganizationDelegatedAdmin", + "description": "Grants permission to update a key group", + "privilege": "UpdateKeyGroup", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "organizations:DeregisterDelegatedAdministrator", - "organizations:ListAWSServiceAccessForOrganization" - ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list details for the query", - "privilege": "DescribeQuery", + "access_level": "Write", + "description": "Grants permission to update a CloudFront KeyValueStore", + "privilege": "UpdateKeyValueStore", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "eventdatastore*" + "resource_type": "key-value-store*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list settings for the trails associated with the current region for your account", - "privilege": "DescribeTrails", + "access_level": "Write", + "description": "Grants permission to update an origin access control", + "privilege": "UpdateOriginAccessControl", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "origin-access-control*" } ] }, { "access_level": "Write", - "description": "Grants permission to disable federation of event data store data by using the AWS Glue Data Catalog", - "privilege": "DisableFederation", + "description": "Grants permission to update an origin request policy", + "privilege": "UpdateOriginRequestPolicy", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "glue:DeleteDatabase", - "glue:DeleteTable", - "glue:PassConnection", - "lakeformation:DeregisterResource", - "lakeformation:RegisterResource" - ], - "resource_type": "eventdatastore*" + "dependent_actions": [], + "resource_type": "origin-request-policy*" } ] }, { "access_level": "Write", - "description": "Grants permission to enable federation of event data store data by using the AWS Glue Data Catalog", - "privilege": "EnableFederation", + "description": "Grants permission to update public key information", + "privilege": "UpdatePublicKey", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "glue:CreateDatabase", - "glue:CreateTable", - "iam:GetRole", - "iam:PassRole", - "lakeformation:DeregisterResource", - "lakeformation:RegisterResource" - ], - "resource_type": "eventdatastore*" + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to generate a query for a specified event data store using the CloudTrail Lake query generator", - "privilege": "GenerateQuery", + "description": "Grants permission to update a real-time log configuration", + "privilege": "UpdateRealtimeLogConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "eventdatastore*" + "resource_type": "realtime-log-config*" } ] }, { - "access_level": "Read", - "description": "Grants permission to generate a results summary for specified queries using the CloudTrail natural language generator", - "privilege": "GenerateQueryResultsSummary", + "access_level": "Write", + "description": "Grants permission to update a response headers policy", + "privilege": "UpdateResponseHeadersPolicy", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "cloudtrail:GetQueryResults", - "kms:Decrypt", - "kms:GenerateDataKey" - ], - "resource_type": "eventdatastore*" + "dependent_actions": [], + "resource_type": "response-headers-policy*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return information about a specific channel", - "privilege": "GetChannel", + "access_level": "Write", + "description": "Grants permission to update a savings plan", + "privilege": "UpdateSavingsPlan", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list settings for the dashboard", - "privilege": "GetDashboard", + "access_level": "Write", + "description": "Grants permission to update the configuration for an RTMP distribution", + "privilege": "UpdateStreamingDistribution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dashboard*" + "resource_type": "streaming-distribution*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list settings for the event data store", - "privilege": "GetEventDataStore", + "access_level": "Write", + "description": "Grants permission to update a VPC origin", + "privilege": "UpdateVpcOrigin", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "eventdatastore*" + "resource_type": "vpcorigin*" } ] }, { "access_level": "Read", - "description": "Grants permission to get data from an event data store by using the AWS Glue Data Catalog", - "privilege": "GetEventDataStoreData", + "description": "Grants permission to verify the DNS configuration for a specified domain", + "privilege": "VerifyDnsConfiguration", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "kms:Decrypt", - "kms:GenerateDataKey" - ], - "resource_type": "eventdatastore*" + "dependent_actions": [], + "resource_type": "distribution-tenant" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:cloudfront::${Account}:distribution/${DistributionId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "distribution" }, { - "access_level": "Read", - "description": "Grants permission to list settings for event selectors configured for a trail", - "privilege": "GetEventSelectors", + "arn": "arn:${Partition}:cloudfront::${Account}:streaming-distribution/${DistributionId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "streaming-distribution" + }, + { + "arn": "arn:${Partition}:cloudfront::${Account}:origin-access-identity/${Id}", + "condition_keys": [], + "resource": "origin-access-identity" + }, + { + "arn": "arn:${Partition}:cloudfront::${Account}:field-level-encryption-config/${Id}", + "condition_keys": [], + "resource": "field-level-encryption-config" + }, + { + "arn": "arn:${Partition}:cloudfront::${Account}:field-level-encryption-profile/${Id}", + "condition_keys": [], + "resource": "field-level-encryption-profile" + }, + { + "arn": "arn:${Partition}:cloudfront::${Account}:cache-policy/${Id}", + "condition_keys": [], + "resource": "cache-policy" + }, + { + "arn": "arn:${Partition}:cloudfront::${Account}:origin-request-policy/${Id}", + "condition_keys": [], + "resource": "origin-request-policy" + }, + { + "arn": "arn:${Partition}:cloudfront::${Account}:realtime-log-config/${Name}", + "condition_keys": [], + "resource": "realtime-log-config" + }, + { + "arn": "arn:${Partition}:cloudfront::${Account}:function/${Name}", + "condition_keys": [], + "resource": "function" + }, + { + "arn": "arn:${Partition}:cloudfront::${Account}:key-value-store/${Name}", + "condition_keys": [], + "resource": "key-value-store" + }, + { + "arn": "arn:${Partition}:cloudfront::${Account}:response-headers-policy/${Id}", + "condition_keys": [], + "resource": "response-headers-policy" + }, + { + "arn": "arn:${Partition}:cloudfront::${Account}:origin-access-control/${Id}", + "condition_keys": [], + "resource": "origin-access-control" + }, + { + "arn": "arn:${Partition}:cloudfront::${Account}:continuous-deployment-policy/${Id}", + "condition_keys": [], + "resource": "continuous-deployment-policy" + }, + { + "arn": "arn:${Partition}:cloudfront::${Account}:anycast-ip-list/${Id}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "anycast-ip-list" + }, + { + "arn": "arn:${Partition}:cloudfront::${Account}:vpcorigin/${Id}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "vpcorigin" + }, + { + "arn": "arn:${Partition}:cloudfront::${Account}:distribution-tenant/${Id}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "distribution-tenant" + }, + { + "arn": "arn:${Partition}:cloudfront::${Account}:connection-group/${Id}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "connection-group" + } + ], + "service_name": "Amazon CloudFront" + }, + { + "conditions": [], + "prefix": "cloudfront-keyvaluestore", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to delete the key value pair specified by the key", + "privilege": "DeleteKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "trail*" + "resource_type": "key-value-store*" } ] }, { "access_level": "Read", - "description": "Grants permission to return information about a specific import", - "privilege": "GetImport", + "description": "Grants permission to return metadata information about Key Value Store", + "privilege": "DescribeKeyValueStore", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "key-value-store*" } ] }, { "access_level": "Read", - "description": "Grants permission to list CloudTrail Insights selectors that are configured for a trail or event data store", - "privilege": "GetInsightSelectors", + "description": "Grants permission to return a key value pair", + "privilege": "GetKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "eventdatastore" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "trail" + "resource_type": "key-value-store*" } ] }, { - "access_level": "Read", - "description": "Grants permission to fetch results of a complete query", - "privilege": "GetQueryResults", + "access_level": "List", + "description": "Grants permission to returns a list of key value pairs", + "privilege": "ListKeys", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "kms:Decrypt", - "kms:GenerateDataKey" - ], - "resource_type": "eventdatastore*" + "dependent_actions": [], + "resource_type": "key-value-store*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the resource policy attached to the provided resource", - "privilege": "GetResourcePolicy", + "access_level": "Write", + "description": "Grants permission to create a new key value pair or replace the value of an existing key", + "privilege": "PutKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "dashboard" - }, + "resource_type": "key-value-store*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to put or delete multiple key value pairs in a single, all-or-nothing operation", + "privilege": "UpdateKeys", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "eventdatastore" + "resource_type": "key-value-store*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:cloudfront::${Account}:key-value-store/${ResourceId}", + "condition_keys": [], + "resource": "key-value-store" + } + ], + "service_name": "Amazon CloudFront KeyValueStore" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request", + "type": "String" }, { - "access_level": "Read", - "description": "Grants permission to list settings for the service-linked channel", - "privilege": "GetServiceLinkedChannel", + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the presence of tag keys in the request", + "type": "ArrayOfString" + } + ], + "prefix": "cloudhsm", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create a copy of a backup in the specified region", + "privilege": "CopyBackupToRegion", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "cloudhsm:CopyBackupToRegion", + "cloudhsm:TagResource", + "cloudhsm:UntagResource" + ], + "resource_type": "backup*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list settings for the trail", - "privilege": "GetTrail", + "access_level": "Write", + "description": "Grants permission to create a new AWS CloudHSM cluster", + "privilege": "CreateCluster", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "cloudhsm:TagResource", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateSecurityGroup", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:RevokeSecurityGroupEgress", + "iam:CreateServiceLinkedRole" + ], + "resource_type": "backup" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "trail*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a JSON-formatted list of information about the specified trail", - "privilege": "GetTrailStatus", + "access_level": "Write", + "description": "Grants permission to create a new hardware security module (HSM) in the specified AWS CloudHSM cluster", + "privilege": "CreateHsm", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "trail*" + "dependent_actions": [ + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateNetworkInterface", + "ec2:CreateSecurityGroup", + "ec2:DeleteNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:RevokeSecurityGroupEgress" + ], + "resource_type": "cluster*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the channels in the current account, and their source names", - "privilege": "ListChannels", + "access_level": "Write", + "description": "Grants permission to delete the specified CloudHSM backup", + "privilege": "DeleteBackup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "backup*" } ] }, { - "access_level": "List", - "description": "Grants permission to list dashboards associated with the current region for your account", - "privilege": "ListDashboards", + "access_level": "Write", + "description": "Grants permission to delete the specified AWS CloudHSM cluster", + "privilege": "DeleteCluster", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "ec2:DeleteNetworkInterface", + "ec2:DeleteSecurityGroup" + ], + "resource_type": "cluster*" } ] }, { - "access_level": "List", - "description": "Grants permission to list event data stores associated with the current region for your account", - "privilege": "ListEventDataStores", + "access_level": "Write", + "description": "Grants permission to delete the specified HSM", + "privilege": "DeleteHsm", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "ec2:DeleteNetworkInterface" + ], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return a list of failures for the specified import", - "privilege": "ListImportFailures", + "access_level": "Write", + "description": "Grants permission to delete the policy attached to CloudHSM resources", + "privilege": "DeleteResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "backup*" } ] }, { - "access_level": "List", - "description": "Grants permission to return information on all imports, or a select set of imports by ImportStatus or Destination", - "privilege": "ListImports", + "access_level": "Read", + "description": "Grants permission to get information about backups of AWS CloudHSM clusters", + "privilege": "DescribeBackups", "resource_types": [ { "condition_keys": [], @@ -48949,8 +52952,8 @@ }, { "access_level": "Read", - "description": "Grants permission to list the public keys whose private keys were used to sign trail digest files within a specified time range", - "privilege": "ListPublicKeys", + "description": "Grants permission to get information about AWS CloudHSM clusters", + "privilege": "DescribeClusters", "resource_types": [ { "condition_keys": [], @@ -48960,172 +52963,135 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list queries associated with an event data store", - "privilege": "ListQueries", + "access_level": "Read", + "description": "Grants permission to get information about the policy attached to a AWS CloudHSM resource", + "privilege": "GetResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "eventdatastore*" + "resource_type": "backup*" } ] }, { - "access_level": "List", - "description": "Grants permission to list service-linked channels associated with the current region for a specified account", - "privilege": "ListServiceLinkedChannels", + "access_level": "Write", + "description": "Grants permission to claim an AWS CloudHSM cluster", + "privilege": "InitializeCluster", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "cluster*" } ] }, { "access_level": "Read", - "description": "Grants permission to list the tags for trails, event data stores, channels or dashboards in the current region", + "description": "Grants permission to get a list of tags for the specified AWS CloudHSM cluster", "privilege": "ListTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "dashboard" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "eventdatastore" + "resource_type": "backup" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "trail" + "resource_type": "cluster" } ] }, { - "access_level": "List", - "description": "Grants permission to list trails associated with the current region for your account", - "privilege": "ListTrails", + "access_level": "Write", + "description": "Grants permission to modify attributes for an AWS CloudHSM backup", + "privilege": "ModifyBackupAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "backup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to look up and retrieve metric data for API activity events captured by CloudTrail that create, update, or delete resources in your account", - "privilege": "LookupEvents", + "access_level": "Write", + "description": "Grants permission to modify AWS CloudHSM cluster", + "privilege": "ModifyCluster", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "ec2:DescribeSubnets" + ], + "resource_type": "cluster*" } ] }, { "access_level": "Write", - "description": "Grants permission to create and update event selectors for a trail", - "privilege": "PutEventSelectors", + "description": "Grants permission to attach a policy to an AWS CloudHSM resource", + "privilege": "PutResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "trail*" + "resource_type": "backup*" } ] }, { "access_level": "Write", - "description": "Grants permission to create and update CloudTrail Insights selectors for a trail or event data store", - "privilege": "PutInsightSelectors", + "description": "Grants permission to restore the specified CloudHSM backup", + "privilege": "RestoreBackup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "eventdatastore" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "trail" + "resource_type": "backup*" } ] }, { - "access_level": "Write", - "description": "Grants permission to attach a resource policy to the provided resource", - "privilege": "PutResourcePolicy", + "access_level": "Tagging", + "description": "Grants permission to add or overwrite one or more tags for the specified AWS CloudHSM cluster", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel" + "resource_type": "backup" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "dashboard" + "resource_type": "cluster" }, { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "eventdatastore" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to register an AWS Organizations member account as a delegated administrator", - "privilege": "RegisterOrganizationDelegatedAdmin", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "iam:CreateServiceLinkedRole", - "iam:GetRole", - "organizations:ListAWSServiceAccessForOrganization", - "organizations:RegisterDelegatedAdministrator" + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Tagging", - "description": "Grants permission to remove tags from a trail, event data store, channel or dashboard", - "privilege": "RemoveTags", + "description": "Grants permission to remove the specified tag or tags from the specified AWS CloudHSM cluster", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "dashboard" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "eventdatastore" + "resource_type": "backup" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "trail" + "resource_type": "cluster" }, { "condition_keys": [ @@ -49135,629 +53101,500 @@ "resource_type": "" } ] - }, - { - "access_level": "Write", - "description": "Grants permission to restore an event data store", - "privilege": "RestoreEventDataStore", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "eventdatastore*" - } - ] - }, + } + ], + "resources": [ { - "access_level": "Read", - "description": "Grants permission to perform semantic search for CloudTrail Lake sample queries", - "privilege": "SearchSampleQueries", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] + "arn": "arn:${Partition}:cloudhsm:${Region}:${Account}:backup/${CloudHsmBackupInstanceName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "backup" }, { - "access_level": "Write", - "description": "Grants permission to start a refresh on the specified dashboard", - "privilege": "StartDashboardRefresh", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "cloudtrail:StartQuery" - ], - "resource_type": "dashboard*" - } - ] - }, + "arn": "arn:${Partition}:cloudhsm:${Region}:${Account}:cluster/${CloudHsmClusterInstanceName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "cluster" + } + ], + "service_name": "AWS CloudHSM" + }, + { + "conditions": [], + "prefix": "cloudsearch", + "privileges": [ { - "access_level": "Write", - "description": "Grants permission to start ingestion on an event data store", - "privilege": "StartEventDataStoreIngestion", + "access_level": "Tagging", + "description": "Attaches resource tags to an Amazon CloudSearch domain", + "privilege": "AddTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "eventdatastore*" + "resource_type": "domain*" } ] }, { "access_level": "Write", - "description": "Grants permission to start an import of logged trail events from a source S3 bucket to a destination event data store", - "privilege": "StartImport", + "description": "Indexes the search suggestions", + "privilege": "BuildSuggesters", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "domain*" } ] }, { "access_level": "Write", - "description": "Grants permission to start the recording of AWS API calls and log file delivery for a trail", - "privilege": "StartLogging", + "description": "Creates a new search domain", + "privilege": "CreateDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "trail*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to start a new query on a specified event data store", - "privilege": "StartQuery", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "kms:Decrypt", - "kms:GenerateDataKey" - ], - "resource_type": "eventdatastore*" + "resource_type": "domain*" } ] }, { "access_level": "Write", - "description": "Grants permission to stop ingestion on an event data store", - "privilege": "StopEventDataStoreIngestion", + "description": "Configures an analysis scheme that can be applied to a text or text-array field to define language-specific text processing options", + "privilege": "DefineAnalysisScheme", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "eventdatastore*" + "resource_type": "domain*" } ] }, { "access_level": "Write", - "description": "Grants permission to stop a specified import", - "privilege": "StopImport", + "description": "Configures an Expression for the search domain", + "privilege": "DefineExpression", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "domain*" } ] }, { "access_level": "Write", - "description": "Grants permission to stop the recording of AWS API calls and log file delivery for a trail", - "privilege": "StopLogging", + "description": "Configures an IndexField for the search domain", + "privilege": "DefineIndexField", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "trail*" + "resource_type": "domain*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a channel", - "privilege": "UpdateChannel", + "description": "Configures a suggester for a domain", + "privilege": "DefineSuggester", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "domain*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a dashboard", - "privilege": "UpdateDashboard", + "description": "Deletes an analysis scheme", + "privilege": "DeleteAnalysisScheme", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "cloudtrail:StartDashboardRefresh", - "cloudtrail:StartQuery" - ], - "resource_type": "dashboard*" + "dependent_actions": [], + "resource_type": "domain*" } ] }, { "access_level": "Write", - "description": "Grants permission to update an event data store", - "privilege": "UpdateEventDataStore", + "description": "Permanently deletes a search domain and all of its data", + "privilege": "DeleteDomain", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:CreateServiceLinkedRole", - "iam:GetRole", - "kms:Decrypt", - "kms:GenerateDataKey", - "organizations:ListAWSServiceAccessForOrganization" - ], - "resource_type": "eventdatastore*" + "dependent_actions": [], + "resource_type": "domain*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the service-linked channel settings for delivery of log data to an AWS service", - "privilege": "UpdateServiceLinkedChannel", + "description": "Removes an Expression from the search domain", + "privilege": "DeleteExpression", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "domain*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the settings that specify delivery of log files", - "privilege": "UpdateTrail", + "description": "Removes an IndexField from the search domain", + "privilege": "DeleteIndexField", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:CreateServiceLinkedRole", - "iam:GetRole", - "organizations:ListAWSServiceAccessForOrganization" - ], - "resource_type": "trail*" + "dependent_actions": [], + "resource_type": "domain*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:cloudtrail:${Region}:${Account}:trail/${TrailName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "trail" - }, - { - "arn": "arn:${Partition}:cloudtrail:${Region}:${Account}:eventdatastore/${EventDataStoreId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "eventdatastore" - }, - { - "arn": "arn:${Partition}:cloudtrail:${Region}:${Account}:channel/${ChannelId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "channel" - }, - { - "arn": "arn:${Partition}:cloudtrail:${Region}:${Account}:dashboard/${DashboardName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "dashboard" - } - ], - "service_name": "AWS CloudTrail" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by a tag's key and value in a request", - "type": "String" }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on the presence of tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys in a request", - "type": "ArrayOfString" - } - ], - "prefix": "cloudtrail-data", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to ingest your application events into CloudTrail Lake", - "privilege": "PutAuditEvents", + "description": "Deletes a suggester", + "privilege": "DeleteSuggester", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "domain*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:cloudtrail:${Region}:${Account}:channel/${ChannelId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "channel" - } - ], - "service_name": "AWS CloudTrail Data" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the allowed set of values for each of the tags", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on tag-value associated with the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters actions based on the presence of mandatory tags in the request", - "type": "ArrayOfString" }, - { - "condition": "cloudwatch:AlarmActions", - "description": "Filters actions based on defined alarm actions", - "type": "ArrayOfString" - }, - { - "condition": "cloudwatch:namespace", - "description": "Filters actions based on the presence of optional namespace values", - "type": "String" - }, - { - "condition": "cloudwatch:requestInsightRuleLogGroups", - "description": "Filters actions based on the Log Groups specified in an Insight Rule", - "type": "ArrayOfString" - }, - { - "condition": "cloudwatch:requestManagedResourceARNs", - "description": "Filters access by the Resource ARNs specified in a managed Insight Rule", - "type": "ArrayOfARN" - } - ], - "prefix": "cloudwatch", - "privileges": [ { "access_level": "Read", - "description": "Grants permission to batch get service level indicator report", - "privilege": "BatchGetServiceLevelIndicatorReport", + "description": "Gets the analysis schemes configured for a domain", + "privilege": "DescribeAnalysisSchemes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "domain*" } ] }, { "access_level": "Read", - "description": "Grants permission to batch retrieve a service level objective budget report", - "privilege": "BatchGetServiceLevelObjectiveBudgetReport", + "description": "Gets the availability options configured for a domain", + "privilege": "DescribeAvailabilityOptions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "slo*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a service level objective", - "privilege": "CreateServiceLevelObjective", - "resource_types": [ - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "domain*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a collection of alarms", - "privilege": "DeleteAlarms", + "access_level": "Read", + "description": "Gets the domain endpoint options configured for a domain", + "privilege": "DescribeDomainEndpointOptions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alarm*" + "resource_type": "domain*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified anomaly detection model from your account", - "privilege": "DeleteAnomalyDetector", + "access_level": "List", + "description": "Gets information about the search domains owned by this account", + "privilege": "DescribeDomains", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "domain*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete all CloudWatch dashboards that you specify", - "privilege": "DeleteDashboards", + "access_level": "Read", + "description": "Gets the expressions configured for the search domain", + "privilege": "DescribeExpressions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dashboard*" + "resource_type": "domain*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a collection of insight rules", - "privilege": "DeleteInsightRules", + "access_level": "Read", + "description": "Gets information about the index fields configured for the search domain", + "privilege": "DescribeIndexFields", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "insight-rule*" + "resource_type": "domain*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the CloudWatch metric stream that you specify", - "privilege": "DeleteMetricStream", + "access_level": "Read", + "description": "Gets the scaling parameters configured for a domain", + "privilege": "DescribeScalingParameters", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "metric-stream*" + "resource_type": "domain*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a service level objective", - "privilege": "DeleteServiceLevelObjective", + "access_level": "Read", + "description": "Gets information about the access policies that control access to the domain's document and search endpoints", + "privilege": "DescribeServiceAccessPolicies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "slo*" + "resource_type": "domain*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the history for the specified alarm", - "privilege": "DescribeAlarmHistory", + "description": "Gets the suggesters configured for a domain", + "privilege": "DescribeSuggesters", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alarm*" + "resource_type": "domain*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe all alarms, currently owned by the user's account", - "privilege": "DescribeAlarms", + "access_level": "Write", + "description": "Tells the search domain to start indexing its documents using the latest indexing options", + "privilege": "IndexDocuments", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alarm*" + "resource_type": "domain*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe all alarms configured on the specified metric, currently owned by the user's account", - "privilege": "DescribeAlarmsForMetric", + "access_level": "List", + "description": "Lists all search domains owned by an account", + "privilege": "ListDomainNames", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "domain*" } ] }, { "access_level": "Read", - "description": "Grants permission to list the anomaly detection models that you have created in your account", - "privilege": "DescribeAnomalyDetectors", + "description": "Displays all of the resource tags for an Amazon CloudSearch domain", + "privilege": "ListTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "domain*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe all insight rules, currently owned by the user's account", - "privilege": "DescribeInsightRules", + "access_level": "Tagging", + "description": "Removes the specified resource tags from an Amazon ES domain", + "privilege": "RemoveTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "domain*" } ] }, { "access_level": "Write", - "description": "Grants permission to disable actions for a collection of alarms", - "privilege": "DisableAlarmActions", + "description": "Configures the availability options for a domain", + "privilege": "UpdateAvailabilityOptions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alarm*" + "resource_type": "domain*" } ] }, { "access_level": "Write", - "description": "Grants permission to disable a collection of insight rules", - "privilege": "DisableInsightRules", + "description": "Configures the domain endpoint options for a domain", + "privilege": "UpdateDomainEndpointOptions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "insight-rule*" + "resource_type": "domain*" } ] }, { "access_level": "Write", - "description": "Grants permission to enable actions for a collection of alarms", - "privilege": "EnableAlarmActions", + "description": "Configures scaling parameters for a domain", + "privilege": "UpdateScalingParameters", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alarm*" + "resource_type": "domain*" } ] }, { - "access_level": "Write", - "description": "Grants permission to enable a collection of insight rules", - "privilege": "EnableInsightRules", + "access_level": "Permissions management", + "description": "Configures the access rules that control access to the domain's document and search endpoints", + "privilege": "UpdateServiceAccessPolicies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "insight-rule*" + "resource_type": "domain*" } ] }, { "access_level": "Write", - "description": "Grants permission to enable a CloudWatch topology discovery", - "privilege": "EnableTopologyDiscovery", + "description": "Allows access to the document service operations", + "privilege": "document", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "domain" } ] }, { "access_level": "Read", - "description": "Grants permission to generate a Metrics Insights or Logs Insights query string from a natural language prompt", - "privilege": "GenerateQuery", + "description": "Allows access to the search operations", + "privilege": "search", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "domain" } ] }, { "access_level": "Read", - "description": "Grants permission to display the details of the CloudWatch dashboard you specify", - "privilege": "GetDashboard", + "description": "Allows access to the suggest operations", + "privilege": "suggest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dashboard*" + "resource_type": "domain" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:cloudsearch:${Region}:${Account}:domain/${DomainName}", + "condition_keys": [], + "resource": "domain" + } + ], + "service_name": "Amazon CloudSearch" + }, + { + "conditions": [ + { + "condition": "cloudshell:SecurityGroupIds", + "description": "Filters access by security group ids. Available during CreateEnvironment operation", + "type": "ArrayOfString" + }, + { + "condition": "cloudshell:SubnetIds", + "description": "Filters access by subnet ids. Available during CreateEnvironment operation", + "type": "ArrayOfString" }, + { + "condition": "cloudshell:VpcIds", + "description": "Filters access by vpc ids. Available during CreateEnvironment operation", + "type": "ArrayOfString" + } + ], + "prefix": "cloudshell", + "privileges": [ { "access_level": "Read", - "description": "Grants permission to return the top-N report of unique contributors over a time range for a given insight rule", - "privilege": "GetInsightRuleReport", + "description": "Grants permission to approve a command sent by another AWS service", + "privilege": "ApproveCommand", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "insight-rule*" + "resource_type": "Environment*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve batch amounts of CloudWatch metric data and perform metric math on retrieved data", - "privilege": "GetMetricData", + "access_level": "Write", + "description": "Grants permissions to create a CloudShell environment", + "privilege": "CreateEnvironment", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "cloudshell:SecurityGroupIds", + "cloudshell:SubnetIds", + "cloudshell:VpcIds" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve statistics for the specified metric", - "privilege": "GetMetricStatistics", + "access_level": "Write", + "description": "Grants permissions to connect to a CloudShell environment from the AWS Management Console", + "privilege": "CreateSession", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Environment*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return the details of a CloudWatch metric stream", - "privilege": "GetMetricStream", + "access_level": "Write", + "description": "Grants permission to delete a CloudShell environment", + "privilege": "DeleteEnvironment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "metric-stream*" + "resource_type": "Environment*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve snapshots of metric widgets", - "privilege": "GetMetricWidgetImage", + "access_level": "List", + "description": "Grants permission to return descriptions of existing user's environments", + "privilege": "DescribeEnvironments", "resource_types": [ { "condition_keys": [], @@ -49768,213 +53605,135 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve information about a service", - "privilege": "GetService", + "description": "Grants permission to read a CloudShell environment status", + "privilege": "GetEnvironmentStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "service*" + "resource_type": "Environment*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve service data", - "privilege": "GetServiceData", + "access_level": "Write", + "description": "Grants permissions to download files from a CloudShell environment", + "privilege": "GetFileDownloadUrls", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "service*" + "resource_type": "Environment*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about service level objective", - "privilege": "GetServiceLevelObjective", + "access_level": "Write", + "description": "Grants permissions to upload files to a CloudShell environment", + "privilege": "GetFileUploadUrls", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "slo*" + "resource_type": "Environment*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a CloudWatch topology discovery status", - "privilege": "GetTopologyDiscoveryStatus", + "access_level": "Write", + "description": "Grants permissions to forward console credentials to the environment", + "privilege": "PutCredentials", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Environment*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a CloudWatch topology map", - "privilege": "GetTopologyMap", + "access_level": "Write", + "description": "Grants permission to start a stopped CloudShell environment", + "privilege": "StartEnvironment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Environment*" } ] }, { "access_level": "Write", - "description": "Grants permission to share CloudWatch resources with a monitoring account", - "privilege": "Link", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to return a list of all CloudWatch dashboards in your account", - "privilege": "ListDashboards", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to retrieve all the entities that are emitting a given metric", - "privilege": "ListEntitiesForMetric", + "description": "Grants permission to stop a running CloudShell environment", + "privilege": "StopEnvironment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list available managed Insight Rules for a given Resource ARN", - "privilege": "ListManagedInsightRules", - "resource_types": [ - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "cloudwatch:requestManagedResourceARNs" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "Environment*" } ] - }, + } + ], + "resources": [ { - "access_level": "List", - "description": "Grants permission to return a list of all CloudWatch metric streams in your account", - "privilege": "ListMetricStreams", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, + "arn": "arn:${Partition}:cloudshell:${Region}:${Account}:environment/${EnvironmentId}", + "condition_keys": [], + "resource": "Environment" + } + ], + "service_name": "AWS CloudShell" + }, + { + "conditions": [ { - "access_level": "List", - "description": "Grants permission to retrieve a list of valid metrics stored for the AWS account owner", - "privilege": "ListMetrics", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tag key-value pairs in the request", + "type": "String" }, { - "access_level": "List", - "description": "Grants permission to list service level objectives", - "privilege": "ListServiceLevelObjectives", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags attached to the resource", + "type": "String" }, { - "access_level": "List", - "description": "Grants permission to list services", - "privilege": "ListServices", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys in a request", + "type": "ArrayOfString" + } + ], + "prefix": "cloudtrail", + "privileges": [ { - "access_level": "List", - "description": "Grants permission to list tags for an Amazon CloudWatch resource", - "privilege": "ListTagsForResource", + "access_level": "Tagging", + "description": "Grants permission to add one or more tags to a trail, event data store, channel or dashboard, up to a limit of 50", + "privilege": "AddTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alarm" + "resource_type": "channel" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "insight-rule" + "resource_type": "dashboard" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "slo" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create or update an anomaly detection model for a CloudWatch metric", - "privilege": "PutAnomalyDetector", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create or update a composite alarm", - "privilege": "PutCompositeAlarm", - "resource_types": [ + "resource_type": "eventdatastore" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "alarm*" + "resource_type": "trail" }, { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "cloudwatch:AlarmActions" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -49983,47 +53742,37 @@ }, { "access_level": "Write", - "description": "Grants permission to create a CloudWatch dashboard, or update an existing dashboard if it already exists", - "privilege": "PutDashboard", + "description": "Grants permission to cancel a running query", + "privilege": "CancelQuery", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dashboard*" + "resource_type": "eventdatastore*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new insight rule or replace an existing insight rule", - "privilege": "PutInsightRule", + "description": "Grants permission to create a channel", + "privilege": "CreateChannel", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "insight-rule*" + "dependent_actions": [ + "cloudtrail:AddTags" + ], + "resource_type": "channel*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "cloudwatch:requestInsightRuleLogGroups" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create managed Insight Rules", - "privilege": "PutManagedInsightRules", - "resource_types": [ + "resource_type": "eventdatastore*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "cloudwatch:requestManagedResourceARNs" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -50032,33 +53781,22 @@ }, { "access_level": "Write", - "description": "Grants permission to create or update an alarm and associates it with the specified Amazon CloudWatch metric", - "privilege": "PutMetricAlarm", + "description": "Grants permission to create a dashboard", + "privilege": "CreateDashboard", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "alarm*" + "dependent_actions": [ + "cloudtrail:AddTags", + "cloudtrail:StartDashboardRefresh", + "cloudtrail:StartQuery" + ], + "resource_type": "dashboard*" }, { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "cloudwatch:AlarmActions" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to publish metric data points to Amazon CloudWatch", - "privilege": "PutMetricData", - "resource_types": [ - { - "condition_keys": [ - "cloudwatch:namespace" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -50067,13 +53805,20 @@ }, { "access_level": "Write", - "description": "Grants permission to create a CloudWatch metric stream, or update an existing metric stream if it already exists", - "privilege": "PutMetricStream", + "description": "Grants permission to create an event data store", + "privilege": "CreateEventDataStore", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "metric-stream*" + "dependent_actions": [ + "cloudtrail:AddTags", + "iam:CreateServiceLinkedRole", + "iam:GetRole", + "kms:Decrypt", + "kms:GenerateDataKey", + "organizations:ListAWSServiceAccessForOrganization" + ], + "resource_type": "eventdatastore*" }, { "condition_keys": [ @@ -50087,92 +53832,34 @@ }, { "access_level": "Write", - "description": "Grants permission to temporarily set the state of an alarm for testing purposes", - "privilege": "SetAlarmState", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "alarm*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to start all CloudWatch metric streams that you specify", - "privilege": "StartMetricStreams", + "description": "Grants permission to create a service-linked channel that specifies the settings for delivery of log data to an AWS service", + "privilege": "CreateServiceLinkedChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "metric-stream*" + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Grants permission to stop all CloudWatch metric streams that you specify", - "privilege": "StopMetricStreams", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "metric-stream*" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to add tags to an Amazon CloudWatch resource", - "privilege": "TagResource", + "description": "Grants permission to create a trail that specifies the settings for delivery of log data to an Amazon S3 bucket", + "privilege": "CreateTrail", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "alarm" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "insight-rule" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "slo" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "dependent_actions": [ + "cloudtrail:AddTags", + "iam:CreateServiceLinkedRole", + "iam:GetRole", + "organizations:ListAWSServiceAccessForOrganization" ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to remove a tag from an Amazon CloudWatch resource", - "privilege": "UntagResource", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "alarm" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "insight-rule" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "slo" + "resource_type": "trail*" }, { "condition_keys": [ + "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -50182,447 +53869,371 @@ }, { "access_level": "Write", - "description": "Grants permission to update a service level objective", - "privilege": "UpdateServiceLevelObjective", + "description": "Grants permission to delete a channel", + "privilege": "DeleteChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "slo*" + "resource_type": "channel*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:cloudwatch:${Region}:${Account}:alarm:${AlarmName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "alarm" - }, - { - "arn": "arn:${Partition}:cloudwatch::${Account}:dashboard/${DashboardName}", - "condition_keys": [], - "resource": "dashboard" - }, - { - "arn": "arn:${Partition}:cloudwatch:${Region}:${Account}:insight-rule/${InsightRuleName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "insight-rule" - }, - { - "arn": "arn:${Partition}:cloudwatch:${Region}:${Account}:metric-stream/${MetricStreamName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "metric-stream" - }, - { - "arn": "arn:${Partition}:cloudwatch:${Region}:${Account}:slo/${SloName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "slo" - }, - { - "arn": "arn:${Partition}:cloudwatch:${Region}:${Account}:service/${ServiceName}-${UniqueAttributesHex}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "service" - } - ], - "service_name": "Amazon CloudWatch" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tag key-value pairs attached to the resource", - "type": "String" }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the presence of tag keys in the request", - "type": "ArrayOfString" - } - ], - "prefix": "codeartifact", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to add an external connection to a repository", - "privilege": "AssociateExternalConnection", + "description": "Grants permission to delete a dashboard", + "privilege": "DeleteDashboard", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "dashboard*" } ] }, { "access_level": "Write", - "description": "Grants permission to associate an existing repository as an upstream repository to another repository", - "privilege": "AssociateWithDownstreamRepository", + "description": "Grants permission to delete an event data store", + "privilege": "DeleteEventDataStore", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "eventdatastore*" } ] }, { "access_level": "Write", - "description": "Grants permission to copy package versions from one repository to another repository in the same domain", - "privilege": "CopyPackageVersions", + "description": "Grants permission to delete a resource policy from the provided resource", + "privilege": "DeleteResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "package*" + "resource_type": "channel" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a new domain", - "privilege": "CreateDomain", - "resource_types": [ + "resource_type": "dashboard" + }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "eventdatastore" } ] }, { "access_level": "Write", - "description": "Grants permission to create a package group", - "privilege": "CreatePackageGroup", + "description": "Grants permission to delete a service-linked channel", + "privilege": "DeleteServiceLinkedChannel", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new repository", - "privilege": "CreateRepository", + "description": "Grants permission to delete a trail", + "privilege": "DeleteTrail", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "trail*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a domain", - "privilege": "DeleteDomain", + "description": "Grants permission to deregister an AWS Organizations member account as a delegated administrator", + "privilege": "DeregisterOrganizationDelegatedAdmin", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "domain*" + "dependent_actions": [ + "organizations:DeregisterDelegatedAdministrator", + "organizations:ListAWSServiceAccessForOrganization" + ], + "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to delete the resource policy set on a domain", - "privilege": "DeleteDomainPermissionsPolicy", + "access_level": "Read", + "description": "Grants permission to list details for the query", + "privilege": "DescribeQuery", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "eventdatastore*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a package", - "privilege": "DeletePackage", + "access_level": "Read", + "description": "Grants permission to list settings for the trails associated with the current region for your account", + "privilege": "DescribeTrails", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "package*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a package group", - "privilege": "DeletePackageGroup", + "description": "Grants permission to disable federation of event data store data by using the AWS Glue Data Catalog", + "privilege": "DisableFederation", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "package-group*" + "dependent_actions": [ + "glue:DeleteDatabase", + "glue:DeleteTable", + "glue:PassConnection", + "lakeformation:DeregisterResource", + "lakeformation:RegisterResource" + ], + "resource_type": "eventdatastore*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete package versions", - "privilege": "DeletePackageVersions", + "description": "Grants permission to enable federation of event data store data by using the AWS Glue Data Catalog", + "privilege": "EnableFederation", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "package*" + "dependent_actions": [ + "glue:CreateDatabase", + "glue:CreateTable", + "iam:GetRole", + "iam:PassRole", + "lakeformation:DeregisterResource", + "lakeformation:RegisterResource" + ], + "resource_type": "eventdatastore*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a repository", - "privilege": "DeleteRepository", + "description": "Grants permission to generate a query for a specified event data store using the CloudTrail Lake query generator", + "privilege": "GenerateQuery", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "eventdatastore*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to delete the resource policy set on a repository", - "privilege": "DeleteRepositoryPermissionsPolicy", + "access_level": "Read", + "description": "Grants permission to generate a results summary for specified queries using the CloudTrail natural language generator", + "privilege": "GenerateQueryResultsSummary", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "repository*" + "dependent_actions": [ + "cloudtrail:GetQueryResults", + "kms:Decrypt", + "kms:GenerateDataKey" + ], + "resource_type": "eventdatastore*" } ] }, { "access_level": "Read", - "description": "Grants permission to return information about a domain", - "privilege": "DescribeDomain", + "description": "Grants permission to return information about a specific channel", + "privilege": "GetChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "channel*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve information about a package", - "privilege": "DescribePackage", + "description": "Grants permission to list settings for the dashboard", + "privilege": "GetDashboard", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "package*" + "resource_type": "dashboard*" } ] }, { "access_level": "Read", - "description": "Grants permission to return detailed information about a package group", - "privilege": "DescribePackageGroup", + "description": "Grants permission to list event configurations that are configured for an event data store", + "privilege": "GetEventConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "package-group*" + "resource_type": "eventdatastore*" } ] }, { "access_level": "Read", - "description": "Grants permission to return information about a package version", - "privilege": "DescribePackageVersion", + "description": "Grants permission to list settings for the event data store", + "privilege": "GetEventDataStore", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "package*" + "resource_type": "eventdatastore*" } ] }, { "access_level": "Read", - "description": "Grants permission to return detailed information about a repository", - "privilege": "DescribeRepository", + "description": "Grants permission to get data from an event data store by using the AWS Glue Data Catalog", + "privilege": "GetEventDataStoreData", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "repository*" + "dependent_actions": [ + "kms:Decrypt", + "kms:GenerateDataKey" + ], + "resource_type": "eventdatastore*" } ] }, { - "access_level": "Write", - "description": "Grants permission to disassociate an external connection from a repository", - "privilege": "DisassociateExternalConnection", + "access_level": "Read", + "description": "Grants permission to list settings for event selectors configured for a trail", + "privilege": "GetEventSelectors", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "trail*" } ] }, { - "access_level": "Write", - "description": "Grants permission to set the status of package versions to Disposed and delete their assets", - "privilege": "DisposePackageVersions", + "access_level": "Read", + "description": "Grants permission to return information about a specific import", + "privilege": "GetImport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "package*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to return a package's associated package group", - "privilege": "GetAssociatedPackageGroup", + "description": "Grants permission to list CloudTrail Insights selectors that are configured for a trail or event data store", + "privilege": "GetInsightSelectors", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "package-group*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to generate a temporary authentication token for accessing repositories in a domain", - "privilege": "GetAuthorizationToken", - "resource_types": [ + "resource_type": "eventdatastore" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "trail" } ] }, { "access_level": "Read", - "description": "Grants permission to return a domain's resource policy", - "privilege": "GetDomainPermissionsPolicy", + "description": "Grants permission to fetch results of a complete query", + "privilege": "GetQueryResults", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "domain*" + "dependent_actions": [ + "kms:Decrypt", + "kms:GenerateDataKey" + ], + "resource_type": "eventdatastore*" } ] }, { "access_level": "Read", - "description": "Grants permission to return an asset (or file) that is part of a package version", - "privilege": "GetPackageVersionAsset", + "description": "Grants permission to get the resource policy attached to the provided resource", + "privilege": "GetResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "package*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to return a package version's readme file", - "privilege": "GetPackageVersionReadme", - "resource_types": [ + "resource_type": "channel" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "package*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to return an endpoint for a repository", - "privilege": "GetRepositoryEndpoint", - "resource_types": [ + "resource_type": "dashboard" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "eventdatastore" } ] }, { "access_level": "Read", - "description": "Grants permission to return a repository's resource policy", - "privilege": "GetRepositoryPermissionsPolicy", + "description": "Grants permission to list settings for the service-linked channel", + "privilege": "GetServiceLinkedChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "channel*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the allowed repositories for a package group", - "privilege": "ListAllowedRepositoriesForGroup", + "access_level": "Read", + "description": "Grants permission to list settings for the trail", + "privilege": "GetTrail", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "package-group*" + "resource_type": "trail*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the packages associated to a package group", - "privilege": "ListAssociatedPackages", + "access_level": "Read", + "description": "Grants permission to retrieve a JSON-formatted list of information about the specified trail", + "privilege": "GetTrailStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "package-group*" + "resource_type": "trail*" } ] }, { "access_level": "List", - "description": "Grants permission to list the domains in the current user's AWS account", - "privilege": "ListDomains", + "description": "Grants permission to list the channels in the current account, and their source names", + "privilege": "ListChannels", "resource_types": [ { "condition_keys": [], @@ -50633,243 +54244,246 @@ }, { "access_level": "List", - "description": "Grants permission to list the package groups in a domain", - "privilege": "ListPackageGroups", + "description": "Grants permission to list dashboards associated with the current region for your account", + "privilege": "ListDashboards", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list a package version's assets", - "privilege": "ListPackageVersionAssets", + "description": "Grants permission to list event data stores associated with the current region for your account", + "privilege": "ListEventDataStores", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "package*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the direct dependencies of a package version", - "privilege": "ListPackageVersionDependencies", + "access_level": "Read", + "description": "Grants permission to return a list of failures for the specified import", + "privilege": "ListImportFailures", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "package*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list a package's versions", - "privilege": "ListPackageVersions", + "description": "Grants permission to return information on all imports, or a select set of imports by ImportStatus or Destination", + "privilege": "ListImports", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "package*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the packages in a repository", - "privilege": "ListPackages", + "access_level": "Read", + "description": "Grants permission to list the public keys whose private keys were used to sign trail digest files within a specified time range", + "privilege": "ListPublicKeys", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list the repositories administered by the calling account", - "privilege": "ListRepositories", + "description": "Grants permission to list queries associated with an event data store", + "privilege": "ListQueries", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "eventdatastore*" } ] }, { "access_level": "List", - "description": "Grants permission to list the repositories in a domain", - "privilege": "ListRepositoriesInDomain", + "description": "Grants permission to list service-linked channels associated with the current region for a specified account", + "privilege": "ListServiceLinkedChannels", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the sub package groups for a parent package group", - "privilege": "ListSubPackageGroups", + "access_level": "Read", + "description": "Grants permission to list the tags for trails, event data stores, channels or dashboards in the current region", + "privilege": "ListTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "package-group*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list tags for a CodeArtifact resource", - "privilege": "ListTagsForResource", - "resource_types": [ + "resource_type": "channel" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain" + "resource_type": "dashboard" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "package-group" + "resource_type": "eventdatastore" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository" + "resource_type": "trail" } ] }, { - "access_level": "Write", - "description": "Grants permission to publish assets and metadata to a repository endpoint", - "privilege": "PublishPackageVersion", + "access_level": "List", + "description": "Grants permission to list trails associated with the current region for your account", + "privilege": "ListTrails", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "package*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to attach a resource policy to a domain", - "privilege": "PutDomainPermissionsPolicy", + "access_level": "Read", + "description": "Grants permission to look up and retrieve metric data for API activity events captured by CloudTrail that create, update, or delete resources in your account", + "privilege": "LookupEvents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to add, modify or remove package metadata using a repository endpoint", - "privilege": "PutPackageMetadata", + "description": "Grants permission to create and update event configurations for an event data store", + "privilege": "PutEventConfiguration", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "package*" + "dependent_actions": [ + "iam:CreateServiceLinkedRole", + "iam:GetRole" + ], + "resource_type": "eventdatastore*" } ] }, { "access_level": "Write", - "description": "Grants permission to set origin configuration for a package", - "privilege": "PutPackageOriginConfiguration", + "description": "Grants permission to create and update event selectors for a trail", + "privilege": "PutEventSelectors", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "package*" + "resource_type": "trail*" } ] }, { "access_level": "Write", - "description": "Grants permission to attach a resource policy to a repository", - "privilege": "PutRepositoryPermissionsPolicy", + "description": "Grants permission to create and update CloudTrail Insights selectors for a trail or event data store", + "privilege": "PutInsightSelectors", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to return package assets and metadata from a repository endpoint", - "privilege": "ReadFromRepository", - "resource_types": [ + "resource_type": "eventdatastore" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "trail" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag a CodeArtifact resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to attach a resource policy to the provided resource", + "privilege": "PutResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain" + "resource_type": "channel" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "package-group" + "resource_type": "dashboard" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository" - }, + "resource_type": "eventdatastore" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to register an AWS Organizations member account as a delegated administrator", + "privilege": "RegisterOrganizationDelegatedAdmin", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "condition_keys": [], + "dependent_actions": [ + "iam:CreateServiceLinkedRole", + "iam:GetRole", + "organizations:ListAWSServiceAccessForOrganization", + "organizations:RegisterDelegatedAdministrator" ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Tagging", - "description": "Grants permission to remove a tag from a CodeArtifact resource", - "privilege": "UntagResource", + "description": "Grants permission to remove tags from a trail, event data store, channel or dashboard", + "privilege": "RemoveTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain" + "resource_type": "channel" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "package-group" + "resource_type": "dashboard" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository" + "resource_type": "eventdatastore" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "trail" }, { "condition_keys": [ @@ -50882,283 +54496,348 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the properties of a package group", - "privilege": "UpdatePackageGroup", + "description": "Grants permission to restore an event data store", + "privilege": "RestoreEventDataStore", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "package-group*" + "resource_type": "eventdatastore*" } ] }, { - "access_level": "Write", - "description": "Grants permission to modify the package origin configuration of a package group", - "privilege": "UpdatePackageGroupOriginConfiguration", + "access_level": "Read", + "description": "Grants permission to perform semantic search for CloudTrail Lake sample queries", + "privilege": "SearchSampleQueries", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "package-group*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to modify the status of one or more versions of a package", - "privilege": "UpdatePackageVersionsStatus", + "description": "Grants permission to start a refresh on the specified dashboard", + "privilege": "StartDashboardRefresh", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "package*" + "dependent_actions": [ + "cloudtrail:StartQuery" + ], + "resource_type": "dashboard*" } ] }, { "access_level": "Write", - "description": "Grants permission to modify the properties of a repository", - "privilege": "UpdateRepository", + "description": "Grants permission to start ingestion on an event data store", + "privilege": "StartEventDataStoreIngestion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "eventdatastore*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:codeartifact:${Region}:${Account}:domain/${DomainName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "domain" - }, - { - "arn": "arn:${Partition}:codeartifact:${Region}:${Account}:repository/${DomainName}/${RepositoryName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "repository" - }, - { - "arn": "arn:${Partition}:codeartifact:${Region}:${Account}:package-group/${DomainName}${EncodedPackageGroupPattern}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "package-group" }, - { - "arn": "arn:${Partition}:codeartifact:${Region}:${Account}:package/${DomainName}/${RepositoryName}/${PackageFormat}/${PackageNamespace}/${PackageName}", - "condition_keys": [], - "resource": "package" - } - ], - "service_name": "AWS CodeArtifact" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by actions based on the presence of tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by actions based on tag key-value pairs attached to the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by actions based on the presence of tag keys in the request", - "type": "ArrayOfString" - }, - { - "condition": "codebuild:buildArn", - "description": "Filters access by the ARN of the AWS CodeBuild build from which the request originated", - "type": "ARN" - }, - { - "condition": "codebuild:projectArn", - "description": "Filters access by the ARN of the AWS CodeBuild project from which the request originated", - "type": "ARN" - } - ], - "prefix": "codebuild", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to delete one or more builds", - "privilege": "BatchDeleteBuilds", + "description": "Grants permission to start an import of logged trail events from a source S3 bucket to a destination event data store", + "privilege": "StartImport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about one or more build batches", - "privilege": "BatchGetBuildBatches", + "access_level": "Write", + "description": "Grants permission to start the recording of AWS API calls and log file delivery for a trail", + "privilege": "StartLogging", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "trail*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about one or more builds", - "privilege": "BatchGetBuilds", + "access_level": "Write", + "description": "Grants permission to start a new query on a specified event data store", + "privilege": "StartQuery", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "project*" + "dependent_actions": [ + "kms:Decrypt", + "kms:GenerateDataKey" + ], + "resource_type": "eventdatastore*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return an array of the Fleet objects specified by the input parameter", - "privilege": "BatchGetFleets", + "access_level": "Write", + "description": "Grants permission to stop ingestion on an event data store", + "privilege": "StopEventDataStoreIngestion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet*" + "resource_type": "eventdatastore*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about one or more build projects", - "privilege": "BatchGetProjects", + "access_level": "Write", + "description": "Grants permission to stop a specified import", + "privilege": "StopImport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return an array of ReportGroup objects that are specified by the input reportGroupArns parameter", - "privilege": "BatchGetReportGroups", + "access_level": "Write", + "description": "Grants permission to stop the recording of AWS API calls and log file delivery for a trail", + "privilege": "StopLogging", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "report-group*" + "resource_type": "trail*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return an array of the Report objects specified by the input reportArns parameter", - "privilege": "BatchGetReports", + "access_level": "Write", + "description": "Grants permission to update a channel", + "privilege": "UpdateChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "report-group*" + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Grants permission to add or update information about a report", - "privilege": "BatchPutCodeCoverages", + "description": "Grants permission to update a dashboard", + "privilege": "UpdateDashboard", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "report-group*" + "dependent_actions": [ + "cloudtrail:StartDashboardRefresh", + "cloudtrail:StartQuery" + ], + "resource_type": "dashboard*" } ] }, { "access_level": "Write", - "description": "Grants permission to add or update information about a report", - "privilege": "BatchPutTestCases", + "description": "Grants permission to update an event data store", + "privilege": "UpdateEventDataStore", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "report-group*" + "dependent_actions": [ + "iam:CreateServiceLinkedRole", + "iam:GetRole", + "kms:Decrypt", + "kms:GenerateDataKey", + "organizations:ListAWSServiceAccessForOrganization" + ], + "resource_type": "eventdatastore*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a compute fleet", - "privilege": "CreateFleet", + "description": "Grants permission to update the service-linked channel settings for delivery of log data to an AWS service", + "privilege": "UpdateServiceLinkedChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a build project", - "privilege": "CreateProject", + "description": "Grants permission to update the settings that specify delivery of log files", + "privilege": "UpdateTrail", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "project*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "dependent_actions": [ + "iam:CreateServiceLinkedRole", + "iam:GetRole", + "organizations:ListAWSServiceAccessForOrganization" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "trail*" } ] - }, + } + ], + "resources": [ { - "access_level": "Write", - "description": "Grants permission to create a report. A report is created when tests specified in the buildspec file for a report groups run during the build of a project", - "privilege": "CreateReport", + "arn": "arn:${Partition}:cloudtrail:${Region}:${Account}:trail/${TrailName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "trail" + }, + { + "arn": "arn:${Partition}:cloudtrail:${Region}:${Account}:eventdatastore/${EventDataStoreId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "eventdatastore" + }, + { + "arn": "arn:${Partition}:cloudtrail:${Region}:${Account}:channel/${ChannelId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "channel" + }, + { + "arn": "arn:${Partition}:cloudtrail:${Region}:${Account}:dashboard/${DashboardName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "dashboard" + } + ], + "service_name": "AWS CloudTrail" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by a tag's key and value in a request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters actions based on the presence of tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys in a request", + "type": "ArrayOfString" + } + ], + "prefix": "cloudtrail-data", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to ingest your application events into CloudTrail Lake", + "privilege": "PutAuditEvents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "report-group*" + "resource_type": "channel*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:cloudtrail:${Region}:${Account}:channel/${ChannelId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "channel" + } + ], + "service_name": "AWS CloudTrail Data" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters actions based on the allowed set of values for each of the tags", + "type": "String" }, { - "access_level": "Write", - "description": "Grants permission to create a report group", - "privilege": "CreateReportGroup", + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters actions based on tag-value associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters actions based on the presence of mandatory tags in the request", + "type": "ArrayOfString" + }, + { + "condition": "cloudwatch:AlarmActions", + "description": "Filters actions based on defined alarm actions", + "type": "ArrayOfString" + }, + { + "condition": "cloudwatch:namespace", + "description": "Filters actions based on the presence of optional namespace values", + "type": "String" + }, + { + "condition": "cloudwatch:requestInsightRuleLogGroups", + "description": "Filters actions based on the Log Groups specified in an Insight Rule", + "type": "ArrayOfString" + }, + { + "condition": "cloudwatch:requestManagedResourceARNs", + "description": "Filters access by the Resource ARNs specified in a managed Insight Rule", + "type": "ArrayOfARN" + } + ], + "prefix": "cloudwatch", + "privileges": [ + { + "access_level": "Read", + "description": "Grants permission to batch get service level indicator report", + "privilege": "BatchGetServiceLevelIndicatorReport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "report-group*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to batch retrieve a service level objective budget report", + "privilege": "BatchGetServiceLevelObjectiveBudgetReport", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "slo*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a service level objective", + "privilege": "CreateServiceLevelObjective", + "resource_types": [ { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -51171,109 +54850,128 @@ }, { "access_level": "Write", - "description": "Grants permission to create webhook. For an existing AWS CodeBuild build project that has its source code stored in a GitHub or Bitbucket repository, enables AWS CodeBuild to start rebuilding the source code every time a code change is pushed to the repository", - "privilege": "CreateWebhook", + "description": "Grants permission to delete a collection of alarms", + "privilege": "DeleteAlarms", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "alarm*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a build batch", - "privilege": "DeleteBuildBatch", + "description": "Grants permission to delete the specified anomaly detection model from your account", + "privilege": "DeleteAnomalyDetector", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a compute fleet", - "privilege": "DeleteFleet", + "description": "Grants permission to delete all CloudWatch dashboards that you specify", + "privilege": "DeleteDashboards", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet*" + "resource_type": "dashboard*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an OAuth token from a connected third-party OAuth provider. Only used in the AWS CodeBuild console", - "privilege": "DeleteOAuthToken", + "description": "Grants permission to delete a collection of insight rules", + "privilege": "DeleteInsightRules", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "insight-rule*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a build project", - "privilege": "DeleteProject", + "description": "Grants permission to delete the CloudWatch metric stream that you specify", + "privilege": "DeleteMetricStream", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "metric-stream*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a report", - "privilege": "DeleteReport", + "description": "Grants permission to delete a service level objective", + "privilege": "DeleteServiceLevelObjective", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "report-group*" + "resource_type": "slo*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a report group", - "privilege": "DeleteReportGroup", + "access_level": "Read", + "description": "Grants permission to retrieve the history for the specified alarm", + "privilege": "DescribeAlarmHistory", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "report-group*" + "resource_type": "alarm*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to delete a resource policy for the associated project or report group", - "privilege": "DeleteResourcePolicy", + "access_level": "Read", + "description": "Grants permission to describe all alarms, currently owned by the user's account", + "privilege": "DescribeAlarms", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project" - }, + "resource_type": "alarm*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe all alarms configured on the specified metric, currently owned by the user's account", + "privilege": "DescribeAlarmsForMetric", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "report-group" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a set of GitHub, GitHub Enterprise, or Bitbucket source credentials", - "privilege": "DeleteSourceCredentials", + "access_level": "Read", + "description": "Grants permission to list the anomaly detection models that you have created in your account", + "privilege": "DescribeAnomalyDetectors", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe all insight rules, currently owned by the user's account", + "privilege": "DescribeInsightRules", "resource_types": [ { "condition_keys": [], @@ -51284,97 +54982,128 @@ }, { "access_level": "Write", - "description": "Grants permission to delete webhook. For an existing AWS CodeBuild build project that has its source code stored in a GitHub or Bitbucket repository, stops AWS CodeBuild from rebuilding the source code every time a code change is pushed to the repository", - "privilege": "DeleteWebhook", + "description": "Grants permission to disable actions for a collection of alarms", + "privilege": "DisableAlarmActions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "alarm*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return an array of CodeCoverage objects", - "privilege": "DescribeCodeCoverages", + "access_level": "Write", + "description": "Grants permission to disable a collection of insight rules", + "privilege": "DisableInsightRules", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "report-group*" + "resource_type": "insight-rule*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return an array of TestCase objects", - "privilege": "DescribeTestCases", + "access_level": "Write", + "description": "Grants permission to enable actions for a collection of alarms", + "privilege": "EnableAlarmActions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "report-group*" + "resource_type": "alarm*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to enable a collection of insight rules", + "privilege": "EnableInsightRules", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "insight-rule*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to enable a CloudWatch topology discovery", + "privilege": "EnableTopologyDiscovery", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to analyze and accumulate test report values for the test reports in the specified report group", - "privilege": "GetReportGroupTrend", + "description": "Grants permission to generate a Metrics Insights or Logs Insights query string from a natural language prompt", + "privilege": "GenerateQuery", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "report-group*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to return a resource policy for the specified project or report group", - "privilege": "GetResourcePolicy", + "description": "Grants permission to generate a summary of CloudWatch LogInsights query results in natural language using generative AI", + "privilege": "GenerateQueryResultsSummary", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to display the details of the CloudWatch dashboard you specify", + "privilege": "GetDashboard", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "report-group" + "resource_type": "dashboard*" } ] }, { - "access_level": "Write", - "description": "Grants permission to import the source repository credentials for an AWS CodeBuild project that has its source code stored in a GitHub, GitHub Enterprise, or Bitbucket repository", - "privilege": "ImportSourceCredentials", + "access_level": "Read", + "description": "Grants permission to return the top-N report of unique contributors over a time range for a given insight rule", + "privilege": "GetInsightRuleReport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "insight-rule*" } ] }, { - "access_level": "Write", - "description": "Grants permission to reset the cache for a project", - "privilege": "InvalidateProjectCache", + "access_level": "Read", + "description": "Grants permission to retrieve batch amounts of CloudWatch metric data and perform metric math on retrieved data", + "privilege": "GetMetricData", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to get a list of build batch IDs, with each build batch ID representing a single build batch", - "privilege": "ListBuildBatches", + "access_level": "Read", + "description": "Grants permission to retrieve statistics for the specified metric", + "privilege": "GetMetricStatistics", "resource_types": [ { "condition_keys": [], @@ -51384,21 +55113,21 @@ ] }, { - "access_level": "List", - "description": "Grants permission to get a list of build batch IDs for the specified build project, with each build batch ID representing a single build batch", - "privilege": "ListBuildBatchesForProject", + "access_level": "Read", + "description": "Grants permission to return the details of a CloudWatch metric stream", + "privilege": "GetMetricStream", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "metric-stream*" } ] }, { - "access_level": "List", - "description": "Grants permission to get a list of build IDs, with each build ID representing a single build", - "privilege": "ListBuilds", + "access_level": "Read", + "description": "Grants permission to retrieve snapshots of metric widgets", + "privilege": "GetMetricWidgetImage", "resource_types": [ { "condition_keys": [], @@ -51408,45 +55137,45 @@ ] }, { - "access_level": "List", - "description": "Grants permission to get a list of build IDs for the specified build project, with each build ID representing a single build", - "privilege": "ListBuildsForProject", + "access_level": "Read", + "description": "Grants permission to retrieve information about a service", + "privilege": "GetService", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "service*" } ] }, { - "access_level": "List", - "description": "Grants permission to list connected third-party OAuth providers. Only used in the AWS CodeBuild console", - "privilege": "ListConnectedOAuthAccounts", + "access_level": "Read", + "description": "Grants permission to retrieve service data", + "privilege": "GetServiceData", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "service*" } ] }, { - "access_level": "List", - "description": "Grants permission to get information about Docker images that are managed by AWS CodeBuild", - "privilege": "ListCuratedEnvironmentImages", + "access_level": "Read", + "description": "Grants permission to retrieve information about service level objective", + "privilege": "GetServiceLevelObjective", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "slo*" } ] }, { - "access_level": "List", - "description": "Grants permission to get a list of compute fleet ARNs, with each compute fleet ARN representing a single fleet", - "privilege": "ListFleets", + "access_level": "Read", + "description": "Grants permission to retrieve a CloudWatch topology discovery status", + "privilege": "GetTopologyDiscoveryStatus", "resource_types": [ { "condition_keys": [], @@ -51456,9 +55185,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to get a list of build project names, with each build project name representing a single build project", - "privilege": "ListProjects", + "access_level": "Read", + "description": "Grants permission to retrieve a CloudWatch topology map", + "privilege": "GetTopologyMap", "resource_types": [ { "condition_keys": [], @@ -51468,9 +55197,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to return a list of report group ARNs. Each report group ARN represents one report group", - "privilege": "ListReportGroups", + "access_level": "Write", + "description": "Grants permission to share CloudWatch resources with a monitoring account", + "privilege": "Link", "resource_types": [ { "condition_keys": [], @@ -51481,8 +55210,8 @@ }, { "access_level": "List", - "description": "Grants permission to return a list of report ARNs. Each report ARN representing one report", - "privilege": "ListReports", + "description": "Grants permission to return a list of all CloudWatch dashboards in your account", + "privilege": "ListDashboards", "resource_types": [ { "condition_keys": [], @@ -51493,23 +55222,27 @@ }, { "access_level": "List", - "description": "Grants permission to return a list of report ARNs that belong to the specified report group. Each report ARN represents one report", - "privilege": "ListReportsForReportGroup", + "description": "Grants permission to retrieve all the entities that are emitting a given metric", + "privilege": "ListEntitiesForMetric", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "report-group*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list source code repositories from a connected third-party OAuth provider. Only used in the AWS CodeBuild console", - "privilege": "ListRepositories", + "access_level": "Read", + "description": "Grants permission to list available managed Insight Rules for a given Resource ARN", + "privilege": "ListManagedInsightRules", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "cloudwatch:requestManagedResourceARNs" + ], "dependent_actions": [], "resource_type": "" } @@ -51517,8 +55250,8 @@ }, { "access_level": "List", - "description": "Grants permission to return a list of project ARNs that have been shared with the requester. Each project ARN represents one project", - "privilege": "ListSharedProjects", + "description": "Grants permission to return a list of all CloudWatch metric streams in your account", + "privilege": "ListMetricStreams", "resource_types": [ { "condition_keys": [], @@ -51529,8 +55262,8 @@ }, { "access_level": "List", - "description": "Grants permission to return a list of report group ARNs that have been shared with the requester. Each report group ARN represents one report group", - "privilege": "ListSharedReportGroups", + "description": "Grants permission to retrieve a list of valid metrics stored for the AWS account owner", + "privilege": "ListMetrics", "resource_types": [ { "condition_keys": [], @@ -51541,8 +55274,8 @@ }, { "access_level": "List", - "description": "Grants permission to return a list of SourceCredentialsInfo objects", - "privilege": "ListSourceCredentials", + "description": "Grants permission to list service level objectives", + "privilege": "ListServiceLevelObjectives", "resource_types": [ { "condition_keys": [], @@ -51552,9 +55285,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to save an OAuth token from a connected third-party OAuth provider. Only used in the AWS CodeBuild console", - "privilege": "PersistOAuthToken", + "access_level": "List", + "description": "Grants permission to list services", + "privilege": "ListServices", "resource_types": [ { "condition_keys": [], @@ -51564,108 +55297,124 @@ ] }, { - "access_level": "Permissions management", - "description": "Grants permission to create a resource policy for the associated project or report group", - "privilege": "PutResourcePolicy", + "access_level": "List", + "description": "Grants permission to list tags for an Amazon CloudWatch resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project" + "resource_type": "alarm" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "report-group" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to retry a build", - "privilege": "RetryBuild", - "resource_types": [ + "resource_type": "insight-rule" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "slo" } ] }, { "access_level": "Write", - "description": "Grants permission to retry a build batch", - "privilege": "RetryBuildBatch", + "description": "Grants permission to create or update an anomaly detection model for a CloudWatch metric", + "privilege": "PutAnomalyDetector", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start running a build", - "privilege": "StartBuild", + "description": "Grants permission to create or update a composite alarm", + "privilege": "PutCompositeAlarm", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "alarm*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "cloudwatch:AlarmActions" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start running a build batch", - "privilege": "StartBuildBatch", + "description": "Grants permission to create a CloudWatch dashboard, or update an existing dashboard if it already exists", + "privilege": "PutDashboard", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "dashboard*" } ] }, { "access_level": "Write", - "description": "Grants permission to attempt to stop running a build", - "privilege": "StopBuild", + "description": "Grants permission to create a new insight rule or replace an existing insight rule", + "privilege": "PutInsightRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "insight-rule*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "cloudwatch:requestInsightRuleLogGroups" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to attempt to stop running a build batch", - "privilege": "StopBuildBatch", + "description": "Grants permission to create managed Insight Rules", + "privilege": "PutManagedInsightRules", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "cloudwatch:requestManagedResourceARNs" + ], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to change the settings of an existing compute fleet", - "privilege": "UpdateFleet", + "description": "Grants permission to create or update an alarm and associates it with the specified Amazon CloudWatch metric", + "privilege": "PutMetricAlarm", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet*" + "resource_type": "alarm*" }, { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "cloudwatch:AlarmActions" ], "dependent_actions": [], "resource_type": "" @@ -51674,18 +55423,12 @@ }, { "access_level": "Write", - "description": "Grants permission to change the settings of an existing build project", - "privilege": "UpdateProject", + "description": "Grants permission to publish metric data points to Amazon CloudWatch", + "privilege": "PutMetricData", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "project*" - }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "cloudwatch:namespace" ], "dependent_actions": [], "resource_type": "" @@ -51694,13 +55437,13 @@ }, { "access_level": "Write", - "description": "Grants permission to change the public visibility of a project and its builds", - "privilege": "UpdateProjectVisibility", + "description": "Grants permission to create a CloudWatch metric stream, or update an existing metric stream if it already exists", + "privilege": "PutMetricStream", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "metric-stream*" }, { "condition_keys": [ @@ -51714,29 +55457,92 @@ }, { "access_level": "Write", - "description": "Grants permission to update information about a report", - "privilege": "UpdateReport", + "description": "Grants permission to temporarily set the state of an alarm for testing purposes", + "privilege": "SetAlarmState", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "report-group*" + "resource_type": "alarm*" } ] }, { "access_level": "Write", - "description": "Grants permission to change the settings of an existing report group", - "privilege": "UpdateReportGroup", + "description": "Grants permission to start all CloudWatch metric streams that you specify", + "privilege": "StartMetricStreams", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "report-group*" + "resource_type": "metric-stream*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to stop all CloudWatch metric streams that you specify", + "privilege": "StopMetricStreams", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "metric-stream*" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to add tags to an Amazon CloudWatch resource", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "alarm" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "insight-rule" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "slo" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to remove a tag from an Amazon CloudWatch resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "alarm" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "insight-rule" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "slo" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -51746,143 +55552,131 @@ }, { "access_level": "Write", - "description": "Grants permission to update the webhook associated with an AWS CodeBuild build project", - "privilege": "UpdateWebhook", + "description": "Grants permission to update a service level objective", + "privilege": "UpdateServiceLevelObjective", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "slo*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:codebuild:${Region}:${Account}:build/${BuildId}", - "condition_keys": [], - "resource": "build" + "arn": "arn:${Partition}:cloudwatch:${Region}:${Account}:alarm:${AlarmName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "alarm" }, { - "arn": "arn:${Partition}:codebuild:${Region}:${Account}:build-batch/${BuildBatchId}", + "arn": "arn:${Partition}:cloudwatch::${Account}:dashboard/${DashboardName}", "condition_keys": [], - "resource": "build-batch" + "resource": "dashboard" }, { - "arn": "arn:${Partition}:codebuild:${Region}:${Account}:project/${ProjectName}", + "arn": "arn:${Partition}:cloudwatch:${Region}:${Account}:insight-rule/${InsightRuleName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "project" + "resource": "insight-rule" }, { - "arn": "arn:${Partition}:codebuild:${Region}:${Account}:report-group/${ReportGroupName}", + "arn": "arn:${Partition}:cloudwatch:${Region}:${Account}:metric-stream/${MetricStreamName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "report-group" + "resource": "metric-stream" }, { - "arn": "arn:${Partition}:codebuild:${Region}:${Account}:report/${ReportGroupName}:${ReportId}", - "condition_keys": [], - "resource": "report" + "arn": "arn:${Partition}:cloudwatch:${Region}:${Account}:slo/${SloName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "slo" }, { - "arn": "arn:${Partition}:codebuild:${Region}:${Account}:fleet/${FleetName}:${FleetId}", - "condition_keys": [], - "resource": "fleet" + "arn": "arn:${Partition}:cloudwatch:${Region}:${Account}:service/${ServiceName}-${UniqueAttributesHex}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "service" } ], - "service_name": "AWS CodeBuild" + "service_name": "Amazon CloudWatch" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by a tag's key and value in a request", + "description": "Filters access by the presence of tag key-value pairs in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request", + "description": "Filters access by tag key-value pairs attached to the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by the tag keys in a request", + "description": "Filters access by the presence of tag keys in the request", "type": "ArrayOfString" } ], - "prefix": "codecatalyst", + "prefix": "codeartifact", "privileges": [ { "access_level": "Write", - "description": "Grants permission to accept a request to connect this account to an Amazon CodeCatalyst space", - "privilege": "AcceptConnection", + "description": "Grants permission to add an external connection to a repository", + "privilege": "AssociateExternalConnection", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { "access_level": "Write", - "description": "Grants permission to associate an IAM role to a connection", - "privilege": "AssociateIamRoleToConnection", + "description": "Grants permission to associate an existing repository as an upstream repository to another repository", + "privilege": "AssociateWithDownstreamRepository", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:PassRole" - ], - "resource_type": "connections*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { "access_level": "Write", - "description": "Grants permission to associate an IAM Identity Center application with an Amazon CodeCatalyst space", - "privilege": "AssociateIdentityCenterApplicationToSpace", + "description": "Grants permission to copy package versions from one repository to another repository in the same domain", + "privilege": "CopyPackageVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identity-center-applications*" + "resource_type": "package*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { "access_level": "Write", - "description": "Grants permission to associate an identity with an IAM Identity Center application for an Amazon CodeCatalyst space", - "privilege": "AssociateIdentityToIdentityCenterApplication", + "description": "Grants permission to create a new domain", + "privilege": "CreateDomain", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "identity-center-applications*" - }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -51891,17 +55685,13 @@ }, { "access_level": "Write", - "description": "Grants permission to associate multiple identities with an IAM Identity Center application for an Amazon CodeCatalyst space", - "privilege": "BatchAssociateIdentitiesToIdentityCenterApplication", + "description": "Grants permission to create a package group", + "privilege": "CreatePackageGroup", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "identity-center-applications*" - }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -51910,17 +55700,13 @@ }, { "access_level": "Write", - "description": "Grants permission to disassociate multiple identities from an IAM Identity Center application for an Amazon CodeCatalyst space", - "privilege": "BatchDisassociateIdentitiesFromIdentityCenterApplication", + "description": "Grants permission to create a new repository", + "privilege": "CreateRepository", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "identity-center-applications*" - }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -51929,529 +55715,344 @@ }, { "access_level": "Write", - "description": "Grants permission to create an IAM Identity Center application", - "privilege": "CreateIdentityCenterApplication", + "description": "Grants permission to delete a domain", + "privilege": "DeleteDomain", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "domain*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an Amazon CodeCatalyst space", - "privilege": "CreateSpace", + "access_level": "Permissions management", + "description": "Grants permission to delete the resource policy set on a domain", + "privilege": "DeleteDomainPermissionsPolicy", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "domain*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an administrator role assignment for a given Amazon CodeCatalyst space and IAM Identity Center application", - "privilege": "CreateSpaceAdminRoleAssignment", + "description": "Grants permission to delete a package", + "privilege": "DeletePackage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identity-center-applications*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "package*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a connection", - "privilege": "DeleteConnection", + "description": "Grants permission to delete a package group", + "privilege": "DeletePackageGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connections*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "package-group*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an IAM Identity Center application", - "privilege": "DeleteIdentityCenterApplication", + "description": "Grants permission to delete package versions", + "privilege": "DeletePackageVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identity-center-applications*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "package*" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate an IAM role from a connection", - "privilege": "DisassociateIamRoleFromConnection", + "description": "Grants permission to delete a repository", + "privilege": "DeleteRepository", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connections*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { - "access_level": "Write", - "description": "Grants permission to disassociate an IAM Identity Center application from an Amazon CodeCatalyst space", - "privilege": "DisassociateIdentityCenterApplicationFromSpace", + "access_level": "Permissions management", + "description": "Grants permission to delete the resource policy set on a repository", + "privilege": "DeleteRepositoryPermissionsPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identity-center-applications*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { - "access_level": "Write", - "description": "Grants permission to disassociate an identity from an IAM Identity Center application for an Amazon CodeCatalyst space", - "privilege": "DisassociateIdentityFromIdentityCenterApplication", + "access_level": "Read", + "description": "Grants permission to return information about a domain", + "privilege": "DescribeDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identity-center-applications*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "domain*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe the billing authorization for a connection", - "privilege": "GetBillingAuthorization", + "description": "Grants permission to retrieve information about a package", + "privilege": "DescribePackage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connections*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "package*" } ] }, { "access_level": "Read", - "description": "Grants permission to get a connection", - "privilege": "GetConnection", + "description": "Grants permission to return detailed information about a package group", + "privilege": "DescribePackageGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connections*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "package-group*" } ] }, { "access_level": "Read", - "description": "Grants permission to get information about an IAM Identity Center application", - "privilege": "GetIdentityCenterApplication", + "description": "Grants permission to return information about a package version", + "privilege": "DescribePackageVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identity-center-applications*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "package*" } ] }, { "access_level": "Read", - "description": "Grants permission to get a pending request to connect this account to an Amazon CodeCatalyst space", - "privilege": "GetPendingConnection", + "description": "Grants permission to return detailed information about a repository", + "privilege": "DescribeRepository", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { - "access_level": "List", - "description": "Grants permission to list connections that are not pending", - "privilege": "ListConnections", + "access_level": "Write", + "description": "Grants permission to disassociate an external connection from a repository", + "privilege": "DisassociateExternalConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { - "access_level": "List", - "description": "Grants permission to list IAM roles associated with a connection", - "privilege": "ListIamRolesForConnection", + "access_level": "Write", + "description": "Grants permission to set the status of package versions to Disposed and delete their assets", + "privilege": "DisposePackageVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connections*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "package*" } ] }, { - "access_level": "List", - "description": "Grants permission to view a list of all IAM Identity Center applications in the account", - "privilege": "ListIdentityCenterApplications", + "access_level": "Read", + "description": "Grants permission to return a package's associated package group", + "privilege": "GetAssociatedPackageGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "package-group*" } ] }, { - "access_level": "List", - "description": "Grants permission to view a list of IAM Identity Center applications by Amazon CodeCatalyst space", - "privilege": "ListIdentityCenterApplicationsForSpace", + "access_level": "Read", + "description": "Grants permission to generate a temporary authentication token for accessing repositories in a domain", + "privilege": "GetAuthorizationToken", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "domain*" } ] }, { - "access_level": "List", - "description": "Grants permission to view a list of Amazon CodeCatalyst spaces by IAM Identity Center application", - "privilege": "ListSpacesForIdentityCenterApplication", + "access_level": "Read", + "description": "Grants permission to return a domain's resource policy", + "privilege": "GetDomainPermissionsPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identity-center-applications*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "domain*" } ] }, { "access_level": "Read", - "description": "Grants permission to list tags for an Amazon CodeCatalyst resource", - "privilege": "ListTagsForResource", + "description": "Grants permission to return an asset (or file) that is part of a package version", + "privilege": "GetPackageVersionAsset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connections" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "identity-center-applications" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "package*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create or update the billing authorization for a connection", - "privilege": "PutBillingAuthorization", + "access_level": "Read", + "description": "Grants permission to return a package version's readme file", + "privilege": "GetPackageVersionReadme", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connections*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "package*" } ] }, { - "access_level": "Write", - "description": "Grants permission to reject a request to connect this account to an Amazon CodeCatalyst space", - "privilege": "RejectConnection", + "access_level": "Read", + "description": "Grants permission to return an endpoint for a repository", + "privilege": "GetRepositoryEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { - "access_level": "Write", - "description": "Grants permission to synchronize an IAM Identity Center application with the backing identity store", - "privilege": "SynchronizeIdentityCenterApplication", + "access_level": "Read", + "description": "Grants permission to return a repository's resource policy", + "privilege": "GetRepositoryPermissionsPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identity-center-applications*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag an Amazon CodeCatalyst resource", - "privilege": "TagResource", + "access_level": "List", + "description": "Grants permission to list the allowed repositories for a package group", + "privilege": "ListAllowedRepositoriesForGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connections" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "identity-center-applications" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "package-group*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag an Amazon CodeCatalyst resource", - "privilege": "UntagResource", + "access_level": "List", + "description": "Grants permission to list the packages associated to a package group", + "privilege": "ListAssociatedPackages", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connections" - }, + "resource_type": "package-group*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the domains in the current user's AWS account", + "privilege": "ListDomains", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identity-center-applications" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update an IAM Identity Center application", - "privilege": "UpdateIdentityCenterApplication", + "access_level": "List", + "description": "Grants permission to list the package groups in a domain", + "privilege": "ListPackageGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identity-center-applications*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "domain*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:codecatalyst:${Region}:${Account}:/connections/${ConnectionId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "connections" - }, - { - "arn": "arn:${Partition}:codecatalyst:${Region}:${Account}:/identity-center-applications/${IdentityCenterApplicationId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "identity-center-applications" - }, - { - "arn": "arn:${Partition}:codecatalyst:::space/${SpaceId}", - "condition_keys": [], - "resource": "space" - }, - { - "arn": "arn:${Partition}:codecatalyst:::space/${SpaceId}/project/${ProjectId}", - "condition_keys": [], - "resource": "project" - } - ], - "service_name": "Amazon CodeCatalyst" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tag key-value pairs attached to the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the presence of tag keys in the request", - "type": "ArrayOfString" }, { - "condition": "codecommit:References", - "description": "Filters access by Git reference to specified AWS CodeCommit actions", - "type": "String" - } - ], - "prefix": "codecommit", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to associate an approval rule template with a repository", - "privilege": "AssociateApprovalRuleTemplateWithRepository", + "access_level": "List", + "description": "Grants permission to list a package version's assets", + "privilege": "ListPackageVersionAssets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "package*" } ] }, { - "access_level": "Write", - "description": "Grants permission to associate an approval rule template with multiple repositories in a single operation", - "privilege": "BatchAssociateApprovalRuleTemplateWithRepositories", + "access_level": "List", + "description": "Grants permission to list the direct dependencies of a package version", + "privilege": "ListPackageVersionDependencies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "package*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about multiple merge conflicts when attempting to merge two commits using either the three-way merge or the squash merge option", - "privilege": "BatchDescribeMergeConflicts", + "access_level": "List", + "description": "Grants permission to list a package's versions", + "privilege": "ListPackageVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "package*" } ] }, { - "access_level": "Write", - "description": "Grants permission to remove the association between an approval rule template and multiple repositories in a single operation", - "privilege": "BatchDisassociateApprovalRuleTemplateFromRepositories", + "access_level": "List", + "description": "Grants permission to list the packages in a repository", + "privilege": "ListPackages", "resource_types": [ { "condition_keys": [], @@ -52461,119 +56062,115 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to return information about one or more commits in an AWS CodeCommit repository", - "privilege": "BatchGetCommits", + "access_level": "List", + "description": "Grants permission to list the repositories administered by the calling account", + "privilege": "ListRepositories", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return information about one or more pull requests in an AWS CodeCommit repository", - "privilege": "BatchGetPullRequests", + "access_level": "List", + "description": "Grants permission to list the repositories in a domain", + "privilege": "ListRepositoriesInDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "domain*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about multiple repositories", - "privilege": "BatchGetRepositories", + "access_level": "List", + "description": "Grants permission to list the sub package groups for a parent package group", + "privilege": "ListSubPackageGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "package-group*" } ] }, { - "access_level": "Read", - "description": "Grants permission to cancel the uploading of an archive to a pipeline in AWS CodePipeline", - "privilege": "CancelUploadArchive", + "access_level": "List", + "description": "Grants permission to list tags for a CodeArtifact resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "domain" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "package-group" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository" } ] }, { "access_level": "Write", - "description": "Grants permission to create an approval rule template that will automatically create approval rules in pull requests that match the conditions defined in the template; does not grant permission to create approval rules for individual pull requests", - "privilege": "CreateApprovalRuleTemplate", + "description": "Grants permission to publish assets and metadata to a repository endpoint", + "privilege": "PublishPackageVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "package*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a branch in an AWS CodeCommit repository with this API; does not control Git create branch actions", - "privilege": "CreateBranch", + "description": "Grants permission to attach a resource policy to a domain", + "privilege": "PutDomainPermissionsPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" - }, - { - "condition_keys": [ - "codecommit:References" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "domain*" } ] }, { "access_level": "Write", - "description": "Grants permission to add, copy, move or update single or multiple files in a branch in an AWS CodeCommit repository, and generate a commit for the changes in the specified branch", - "privilege": "CreateCommit", + "description": "Grants permission to add, modify or remove package metadata using a repository endpoint", + "privilege": "PutPackageMetadata", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" - }, - { - "condition_keys": [ - "codecommit:References" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "package*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a pull request in the specified repository", - "privilege": "CreatePullRequest", + "description": "Grants permission to set origin configuration for a package", + "privilege": "PutPackageOriginConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "package*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an approval rule specific to an individual pull request; does not grant permission to create approval rule templates", - "privilege": "CreatePullRequestApprovalRule", + "description": "Grants permission to attach a resource policy to a repository", + "privilege": "PutRepositoryPermissionsPolicy", "resource_types": [ { "condition_keys": [], @@ -52583,69 +56180,41 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create an AWS CodeCommit repository", - "privilege": "CreateRepository", + "access_level": "Read", + "description": "Grants permission to return package assets and metadata from a repository endpoint", + "privilege": "ReadFromRepository", "resource_types": [ { "condition_keys": [], "dependent_actions": [], "resource_type": "repository*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an unreferenced commit that contains the result of merging two commits using either the three-way or the squash merge option; does not control Git merge actions", - "privilege": "CreateUnreferencedMergeCommit", + "access_level": "Tagging", + "description": "Grants permission to tag a CodeArtifact resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "domain" }, - { - "condition_keys": [ - "codecommit:References" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete an approval rule template", - "privilege": "DeleteApprovalRuleTemplate", - "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a branch in an AWS CodeCommit repository with this API; does not control Git delete branch actions", - "privilege": "DeleteBranch", - "resource_types": [ + "resource_type": "package-group" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "repository" }, { "condition_keys": [ - "codecommit:References" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -52653,30 +56222,28 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete the content of a comment made on a change, file, or commit in a repository", - "privilege": "DeleteCommentContent", + "access_level": "Tagging", + "description": "Grants permission to remove a tag from a CodeArtifact resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a specified file from a specified branch", - "privilege": "DeleteFile", - "resource_types": [ + "resource_type": "domain" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "package-group" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository" }, { "condition_keys": [ - "codecommit:References" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -52685,44 +56252,44 @@ }, { "access_level": "Write", - "description": "Grants permission to delete approval rule created for a pull request if the rule was not created by an approval rule template", - "privilege": "DeletePullRequestApprovalRule", + "description": "Grants permission to modify the properties of a package group", + "privilege": "UpdatePackageGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "package-group*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an AWS CodeCommit repository", - "privilege": "DeleteRepository", + "description": "Grants permission to modify the package origin configuration of a package group", + "privilege": "UpdatePackageGroupOriginConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "package-group*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about specific merge conflicts when attempting to merge two commits using either the three-way or the squash merge option", - "privilege": "DescribeMergeConflicts", + "access_level": "Write", + "description": "Grants permission to modify the status of one or more versions of a package", + "privilege": "UpdatePackageVersionsStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "package*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return information about one or more pull request events", - "privilege": "DescribePullRequestEvents", + "access_level": "Write", + "description": "Grants permission to modify the properties of a repository", + "privilege": "UpdateRepository", "resource_types": [ { "condition_keys": [], @@ -52730,200 +56297,942 @@ "resource_type": "repository*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:codeartifact:${Region}:${Account}:domain/${DomainName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "domain" + }, + { + "arn": "arn:${Partition}:codeartifact:${Region}:${Account}:repository/${DomainName}/${RepositoryName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "repository" + }, + { + "arn": "arn:${Partition}:codeartifact:${Region}:${Account}:package-group/${DomainName}${EncodedPackageGroupPattern}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "package-group" + }, + { + "arn": "arn:${Partition}:codeartifact:${Region}:${Account}:package/${DomainName}/${RepositoryName}/${PackageFormat}/${PackageNamespace}/${PackageName}", + "condition_keys": [], + "resource": "package" + } + ], + "service_name": "AWS CodeArtifact" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by actions based on the presence of tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by actions based on tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by actions based on the presence of tag keys in the request", + "type": "ArrayOfString" + }, + { + "condition": "codebuild:artifacts", + "description": "Filters access by the API corresponding argument value", + "type": "Bool" + }, + { + "condition": "codebuild:artifacts.bucketOwnerAccess", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:artifacts.encryptionDisabled", + "description": "Filters access by the API corresponding argument value", + "type": "Bool" + }, + { + "condition": "codebuild:artifacts.location", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:authType", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:autoRetryLimit", + "description": "Filters access by the API corresponding argument value", + "type": "Numeric" + }, + { + "condition": "codebuild:buildArn", + "description": "Filters access by the ARN of the AWS CodeBuild build from which the request originated", + "type": "ARN" + }, + { + "condition": "codebuild:buildBatchConfig", + "description": "Filters access by the API corresponding argument value", + "type": "Bool" + }, + { + "condition": "codebuild:buildBatchConfig.restrictions.computeTypesAllowed", + "description": "Filters access by the API corresponding argument value", + "type": "ArrayOfString" + }, + { + "condition": "codebuild:buildBatchConfig.restrictions.fleetsAllowed", + "description": "Filters access by the API corresponding argument value", + "type": "ArrayOfString" + }, + { + "condition": "codebuild:buildBatchConfig.serviceRole", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:buildType", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:cache", + "description": "Filters access by the API corresponding argument value", + "type": "Bool" + }, + { + "condition": "codebuild:cache.location", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:cache.modes", + "description": "Filters access by the API corresponding argument value", + "type": "ArrayOfString" + }, + { + "condition": "codebuild:cache.type", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:computeConfiguration", + "description": "Filters access by the API corresponding argument value", + "type": "Bool" + }, + { + "condition": "codebuild:computeConfiguration.disk", + "description": "Filters access by the API corresponding argument value", + "type": "Numeric" + }, + { + "condition": "codebuild:computeConfiguration.instanceType", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:computeConfiguration.machineType", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:computeConfiguration.memory", + "description": "Filters access by the API corresponding argument value", + "type": "Numeric" + }, + { + "condition": "codebuild:computeConfiguration.vCpu", + "description": "Filters access by the API corresponding argument value", + "type": "Numeric" + }, + { + "condition": "codebuild:computeType", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:concurrentBuildLimit", + "description": "Filters access by the API corresponding argument value", + "type": "Numeric" + }, + { + "condition": "codebuild:encryptionKey", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:environment", + "description": "Filters access by the API corresponding argument value", + "type": "Bool" + }, + { + "condition": "codebuild:environment.certificate", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:environment.computeConfiguration", + "description": "Filters access by the API corresponding argument value", + "type": "Bool" + }, + { + "condition": "codebuild:environment.computeConfiguration.disk", + "description": "Filters access by the API corresponding argument value", + "type": "Numeric" + }, + { + "condition": "codebuild:environment.computeConfiguration.instanceType", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:environment.computeConfiguration.machineType", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:environment.computeConfiguration.memory", + "description": "Filters access by the API corresponding argument value", + "type": "Numeric" + }, + { + "condition": "codebuild:environment.computeConfiguration.vCpu", + "description": "Filters access by the API corresponding argument value", + "type": "Numeric" + }, + { + "condition": "codebuild:environment.computeType", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:environment.environmentVariables", + "description": "Filters access by the API corresponding argument value", + "type": "Bool" + }, + { + "condition": "codebuild:environment.environmentVariables.name", + "description": "Filters access by the API corresponding argument value", + "type": "ArrayOfString" + }, + { + "condition": "codebuild:environment.environmentVariables.value", + "description": "Filters access by the API corresponding argument value", + "type": "ArrayOfString" + }, + { + "condition": "codebuild:environment.environmentVariables/${name}.value", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:environment.fleet.fleetArn", + "description": "Filters access by the API corresponding argument value", + "type": "ARN" + }, + { + "condition": "codebuild:environment.image", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:environment.imagePullCredentialsType", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:environment.privilegedMode", + "description": "Filters access by the API corresponding argument value", + "type": "Bool" + }, + { + "condition": "codebuild:environment.registryCredential", + "description": "Filters access by the API corresponding argument value", + "type": "Bool" + }, + { + "condition": "codebuild:environment.registryCredential.credential", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:environment.registryCredential.credentialProvider", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:environment.type", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:environmentType", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:exportConfig.s3Destination.bucket", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:exportConfig.s3Destination.bucketOwner", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:exportConfig.s3Destination.encryptionDisabled", + "description": "Filters access by the API corresponding argument value", + "type": "Bool" + }, + { + "condition": "codebuild:exportConfig.s3Destination.encryptionKey", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:exportConfig.s3Destination.path", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:fileSystemLocations.identifier", + "description": "Filters access by the API corresponding argument value", + "type": "ArrayOfString" + }, + { + "condition": "codebuild:fileSystemLocations.location", + "description": "Filters access by the API corresponding argument value", + "type": "ArrayOfString" + }, + { + "condition": "codebuild:fileSystemLocations.type", + "description": "Filters access by the API corresponding argument value", + "type": "ArrayOfString" + }, + { + "condition": "codebuild:fileSystemLocations/${identifier}.location", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:fileSystemLocations/${identifier}.type", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:fleetServiceRole", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:imageId", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:logsConfig", + "description": "Filters access by the API corresponding argument value", + "type": "Bool" + }, + { + "condition": "codebuild:logsConfig.s3Logs", + "description": "Filters access by the API corresponding argument value", + "type": "Bool" + }, + { + "condition": "codebuild:logsConfig.s3Logs.bucketOwnerAccess", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:logsConfig.s3Logs.encryptionDisabled", + "description": "Filters access by the API corresponding argument value", + "type": "Bool" + }, + { + "condition": "codebuild:logsConfig.s3Logs.location", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:logsConfig.s3Logs.status", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:manualCreation", + "description": "Filters access by the API corresponding argument value", + "type": "Bool" + }, + { + "condition": "codebuild:projectArn", + "description": "Filters access by the ARN of the AWS CodeBuild project from which the request originated", + "type": "ARN" + }, + { + "condition": "codebuild:projectVisibility", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:scopeConfiguration.domain", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:scopeConfiguration.name", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:scopeConfiguration.scope", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:secondaryArtifacts", + "description": "Filters access by the API corresponding argument value", + "type": "Bool" + }, + { + "condition": "codebuild:secondaryArtifacts.artifactIdentifier", + "description": "Filters access by the API corresponding argument value", + "type": "ArrayOfString" + }, + { + "condition": "codebuild:secondaryArtifacts.bucketOwnerAccess", + "description": "Filters access by the API corresponding argument value", + "type": "ArrayOfString" + }, + { + "condition": "codebuild:secondaryArtifacts.encryptionDisabled", + "description": "Filters access by the API corresponding argument value", + "type": "ArrayOfBool" + }, + { + "condition": "codebuild:secondaryArtifacts.location", + "description": "Filters access by the API corresponding argument value", + "type": "ArrayOfString" + }, + { + "condition": "codebuild:secondaryArtifacts/${artifactIdentifier}.bucketOwnerAccess", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:secondaryArtifacts/${artifactIdentifier}.encryptionDisabled", + "description": "Filters access by the API corresponding argument value", + "type": "Bool" + }, + { + "condition": "codebuild:secondaryArtifacts/${artifactIdentifier}.location", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:secondarySources", + "description": "Filters access by the API corresponding argument value", + "type": "Bool" + }, + { + "condition": "codebuild:secondarySources.auth.resource", + "description": "Filters access by the API corresponding argument value", + "type": "ArrayOfString" + }, + { + "condition": "codebuild:secondarySources.auth.type", + "description": "Filters access by the API corresponding argument value", + "type": "ArrayOfString" + }, + { + "condition": "codebuild:secondarySources.buildStatusConfig.context", + "description": "Filters access by the API corresponding argument value", + "type": "ArrayOfString" + }, + { + "condition": "codebuild:secondarySources.buildStatusConfig.targetUrl", + "description": "Filters access by the API corresponding argument value", + "type": "ArrayOfString" + }, + { + "condition": "codebuild:secondarySources.buildspec", + "description": "Filters access by the API corresponding argument value", + "type": "Bool" + }, + { + "condition": "codebuild:secondarySources.insecureSsl", + "description": "Filters access by the API corresponding argument value", + "type": "ArrayOfBool" + }, + { + "condition": "codebuild:secondarySources.location", + "description": "Filters access by the API corresponding argument value", + "type": "ArrayOfString" + }, + { + "condition": "codebuild:secondarySources.sourceIdentifier", + "description": "Filters access by the API corresponding argument value", + "type": "ArrayOfString" + }, + { + "condition": "codebuild:secondarySources/${sourceIdentifier}.auth.resource", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:secondarySources/${sourceIdentifier}.auth.type", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:secondarySources/${sourceIdentifier}.buildStatusConfig.context", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:secondarySources/${sourceIdentifier}.buildStatusConfig.targetUrl", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:secondarySources/${sourceIdentifier}.buildspec", + "description": "Filters access by the API corresponding argument value", + "type": "Bool" + }, + { + "condition": "codebuild:secondarySources/${sourceIdentifier}.insecureSsl", + "description": "Filters access by the API corresponding argument value", + "type": "Bool" + }, + { + "condition": "codebuild:secondarySources/${sourceIdentifier}.location", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:serverType", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:serviceRole", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:shouldOverwrite", + "description": "Filters access by the API corresponding argument value", + "type": "Bool" + }, + { + "condition": "codebuild:source", + "description": "Filters access by the API corresponding argument value", + "type": "Bool" + }, + { + "condition": "codebuild:source.auth.resource", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:source.auth.type", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:source.buildStatusConfig.context", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:source.buildStatusConfig.targetUrl", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:source.buildspec", + "description": "Filters access by the API corresponding argument value", + "type": "Bool" + }, + { + "condition": "codebuild:source.insecureSsl", + "description": "Filters access by the API corresponding argument value", + "type": "Bool" + }, + { + "condition": "codebuild:source.location", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:token", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:username", + "description": "Filters access by the API corresponding argument value", + "type": "String" + }, + { + "condition": "codebuild:vpcConfig", + "description": "Filters access by the API corresponding argument value", + "type": "Bool" + }, + { + "condition": "codebuild:vpcConfig.securityGroupIds", + "description": "Filters access by the API corresponding argument value", + "type": "ArrayOfString" + }, + { + "condition": "codebuild:vpcConfig.subnets", + "description": "Filters access by the API corresponding argument value", + "type": "ArrayOfString" }, + { + "condition": "codebuild:vpcConfig.vpcId", + "description": "Filters access by the API corresponding argument value", + "type": "String" + } + ], + "prefix": "codebuild", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to remove the association between an approval rule template and a repository", - "privilege": "DisassociateApprovalRuleTemplateFromRepository", + "description": "Grants permission to delete one or more builds", + "privilege": "BatchDeleteBuilds", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "project*" } ] }, { "access_level": "Read", - "description": "Grants permission to evaluate whether a pull request is mergable based on its current approval state and approval rule requirements", - "privilege": "EvaluatePullRequestApprovalRules", + "description": "Grants permission to get information about one or more build batches", + "privilege": "BatchGetBuildBatches", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "project*" } ] }, { "access_level": "Read", - "description": "Grants permission to return information about an approval rule template", - "privilege": "GetApprovalRuleTemplate", + "description": "Grants permission to get information about one or more builds", + "privilege": "BatchGetBuilds", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "project*" } ] }, { "access_level": "Read", - "description": "Grants permission to view the encoded content of an individual file in an AWS CodeCommit repository from the AWS CodeCommit console", - "privilege": "GetBlob", + "description": "Grants permission to get information about one or more command executions", + "privilege": "BatchGetCommandExecutions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "sandbox*" } ] }, { "access_level": "Read", - "description": "Grants permission to get details about a branch in an AWS CodeCommit repository with this API; does not control Git branch actions", - "privilege": "GetBranch", + "description": "Grants permission to return an array of the Fleet objects specified by the input parameter", + "privilege": "BatchGetFleets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "fleet*" } ] }, { "access_level": "Read", - "description": "Grants permission to get the content of a comment made on a change, file, or commit in a repository", - "privilege": "GetComment", + "description": "Grants permission to get information about one or more build projects", + "privilege": "BatchGetProjects", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "project*" } ] }, { "access_level": "Read", - "description": "Grants permission to get the reactions on a comment", - "privilege": "GetCommentReactions", + "description": "Grants permission to return an array of ReportGroup objects that are specified by the input reportGroupArns parameter", + "privilege": "BatchGetReportGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "report-group*" } ] }, { "access_level": "Read", - "description": "Grants permission to get information about comments made on the comparison between two commits", - "privilege": "GetCommentsForComparedCommit", + "description": "Grants permission to return an array of the Report objects specified by the input reportArns parameter", + "privilege": "BatchGetReports", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "report-group*" } ] }, { "access_level": "Read", - "description": "Grants permission to get comments made on a pull request", - "privilege": "GetCommentsForPullRequest", + "description": "Grants permission to get information about one or more sandboxes", + "privilege": "BatchGetSandboxes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "project*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return information about a commit, including commit message and committer information, with this API; does not control Git log actions", - "privilege": "GetCommit", + "access_level": "Write", + "description": "Grants permission to add or update information about a report", + "privilege": "BatchPutCodeCoverages", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "report-group*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about the history of commits in a repository", - "privilege": "GetCommitHistory", + "access_level": "Write", + "description": "Grants permission to add or update information about a report", + "privilege": "BatchPutTestCases", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "report-group*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about the difference between commits in the context of a potential merge", - "privilege": "GetCommitsFromMergeBase", + "access_level": "Write", + "description": "Grants permission to create a compute fleet", + "privilege": "CreateFleet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "fleet*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "codebuild:imageId", + "codebuild:computeType", + "codebuild:vpcConfig", + "codebuild:vpcConfig.vpcId", + "codebuild:vpcConfig.securityGroupIds", + "codebuild:vpcConfig.subnets", + "codebuild:computeConfiguration", + "codebuild:computeConfiguration.disk", + "codebuild:computeConfiguration.instanceType", + "codebuild:computeConfiguration.machineType", + "codebuild:computeConfiguration.memory", + "codebuild:computeConfiguration.vCpu", + "codebuild:environmentType", + "codebuild:fleetServiceRole" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view information about the differences between valid commit specifiers such as a branch, tag, HEAD, commit ID, or other fully qualified reference", - "privilege": "GetDifferences", + "access_level": "Write", + "description": "Grants permission to create a build project", + "privilege": "CreateProject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "project*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "codebuild:autoRetryLimit", + "codebuild:concurrentBuildLimit", + "codebuild:artifacts", + "codebuild:artifacts.bucketOwnerAccess", + "codebuild:artifacts.encryptionDisabled", + "codebuild:artifacts.location", + "codebuild:secondaryArtifacts", + "codebuild:secondaryArtifacts.artifactIdentifier", + "codebuild:secondaryArtifacts.bucketOwnerAccess", + "codebuild:secondaryArtifacts.encryptionDisabled", + "codebuild:secondaryArtifacts.location", + "codebuild:secondaryArtifacts/${artifactIdentifier}.bucketOwnerAccess", + "codebuild:secondaryArtifacts/${artifactIdentifier}.encryptionDisabled", + "codebuild:secondaryArtifacts/${artifactIdentifier}.location", + "codebuild:source", + "codebuild:source.buildStatusConfig.targetUrl", + "codebuild:source.buildStatusConfig.context", + "codebuild:source.location", + "codebuild:source.insecureSsl", + "codebuild:source.buildspec", + "codebuild:source.auth.resource", + "codebuild:source.auth.type", + "codebuild:secondarySources", + "codebuild:secondarySources.sourceIdentifier", + "codebuild:secondarySources.buildStatusConfig.targetUrl", + "codebuild:secondarySources.buildStatusConfig.context", + "codebuild:secondarySources.location", + "codebuild:secondarySources.auth.resource", + "codebuild:secondarySources.auth.type", + "codebuild:secondarySources.buildspec", + "codebuild:secondarySources.insecureSsl", + "codebuild:secondarySources/${sourceIdentifier}.buildStatusConfig.targetUrl", + "codebuild:secondarySources/${sourceIdentifier}.buildStatusConfig.context", + "codebuild:secondarySources/${sourceIdentifier}.location", + "codebuild:secondarySources/${sourceIdentifier}.auth.resource", + "codebuild:secondarySources/${sourceIdentifier}.auth.type", + "codebuild:secondarySources/${sourceIdentifier}.buildspec", + "codebuild:secondarySources/${sourceIdentifier}.insecureSsl", + "codebuild:logsConfig", + "codebuild:logsConfig.s3Logs", + "codebuild:logsConfig.s3Logs.bucketOwnerAccess", + "codebuild:logsConfig.s3Logs.encryptionDisabled", + "codebuild:logsConfig.s3Logs.location", + "codebuild:logsConfig.s3Logs.status", + "codebuild:fileSystemLocations.identifier", + "codebuild:fileSystemLocations.type", + "codebuild:fileSystemLocations.location", + "codebuild:fileSystemLocations/${identifier}.type", + "codebuild:fileSystemLocations/${identifier}.location", + "codebuild:buildBatchConfig", + "codebuild:buildBatchConfig.serviceRole", + "codebuild:buildBatchConfig.restrictions.computeTypesAllowed", + "codebuild:buildBatchConfig.restrictions.fleetsAllowed", + "codebuild:vpcConfig", + "codebuild:vpcConfig.subnets", + "codebuild:vpcConfig.vpcId", + "codebuild:vpcConfig.securityGroupIds", + "codebuild:environment", + "codebuild:environment.type", + "codebuild:environment.fleet.fleetArn", + "codebuild:environment.computeType", + "codebuild:environment.image", + "codebuild:environment.imagePullCredentialsType", + "codebuild:environment.privilegedMode", + "codebuild:environment.certificate", + "codebuild:environment.computeConfiguration", + "codebuild:environment.computeConfiguration.disk", + "codebuild:environment.computeConfiguration.instanceType", + "codebuild:environment.computeConfiguration.machineType", + "codebuild:environment.computeConfiguration.memory", + "codebuild:environment.computeConfiguration.vCpu", + "codebuild:environment.environmentVariables", + "codebuild:environment.environmentVariables.name", + "codebuild:environment.environmentVariables.value", + "codebuild:environment.environmentVariables/${name}.value", + "codebuild:environment.registryCredential", + "codebuild:environment.registryCredential.credential", + "codebuild:environment.registryCredential.credentialProvider", + "codebuild:encryptionKey", + "codebuild:cache", + "codebuild:cache.type", + "codebuild:cache.location", + "codebuild:cache.modes", + "codebuild:serviceRole" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return the base-64 encoded contents of a specified file and its metadata", - "privilege": "GetFile", + "access_level": "Write", + "description": "Grants permission to create a report. A report is created when tests specified in the buildspec file for a report groups run during the build of a project", + "privilege": "CreateReport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "report-group*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return the contents of a specified folder in a repository", - "privilege": "GetFolder", + "access_level": "Write", + "description": "Grants permission to create a report group", + "privilege": "CreateReportGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "report-group*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "codebuild:exportConfig.s3Destination.bucket", + "codebuild:exportConfig.s3Destination.bucketOwner", + "codebuild:exportConfig.s3Destination.encryptionKey", + "codebuild:exportConfig.s3Destination.encryptionDisabled", + "codebuild:exportConfig.s3Destination.path" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about a merge commit created by one of the merge options for pull requests that creates merge commits. Not all merge options create merge commits. This permission does not control Git merge actions", - "privilege": "GetMergeCommit", + "access_level": "Write", + "description": "Grants permission to create webhook. For an existing AWS CodeBuild build project that has its source code stored in a GitHub or Bitbucket repository, enables AWS CodeBuild to start rebuilding the source code every time a code change is pushed to the repository", + "privilege": "CreateWebhook", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "project*" }, { "condition_keys": [ - "codecommit:References" + "codebuild:buildType", + "codebuild:manualCreation", + "codebuild:scopeConfiguration.domain", + "codebuild:scopeConfiguration.name", + "codebuild:scopeConfiguration.scope" ], "dependent_actions": [], "resource_type": "" @@ -52931,162 +57240,183 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get information about merge conflicts between the before and after commit IDs for a pull request in a repository", - "privilege": "GetMergeConflicts", + "access_level": "Write", + "description": "Grants permission to delete a build batch", + "privilege": "DeleteBuildBatch", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "project*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about merge options for pull requests that can be used to merge two commits; does not control Git merge actions", - "privilege": "GetMergeOptions", + "access_level": "Write", + "description": "Grants permission to delete a compute fleet", + "privilege": "DeleteFleet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "fleet*" } ] }, { - "access_level": "Read", - "description": "Grants permission to resolve blobs, trees, and commits to their identifier", - "privilege": "GetObjectIdentifier", + "access_level": "Write", + "description": "Grants permission to delete an OAuth token from a connected third-party OAuth provider. Only used in the AWS CodeBuild console", + "privilege": "DeleteOAuthToken", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about a pull request in a specified repository", - "privilege": "GetPullRequest", + "access_level": "Write", + "description": "Grants permission to delete a build project", + "privilege": "DeleteProject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "project*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the current approvals on an inputted pull request", - "privilege": "GetPullRequestApprovalStates", + "access_level": "Write", + "description": "Grants permission to delete a report", + "privilege": "DeleteReport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "report-group*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the current override state of a given pull request", - "privilege": "GetPullRequestOverrideState", + "access_level": "Write", + "description": "Grants permission to delete a report group", + "privilege": "DeleteReportGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "report-group*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details about references in an AWS CodeCommit repository; does not control Git reference actions", - "privilege": "GetReferences", + "access_level": "Permissions management", + "description": "Grants permission to delete a resource policy for the associated project or report group", + "privilege": "DeleteResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "project" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "report-group" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about an AWS CodeCommit repository", - "privilege": "GetRepository", + "access_level": "Write", + "description": "Grants permission to delete a set of GitHub, GitHub Enterprise, or Bitbucket source credentials", + "privilege": "DeleteSourceCredentials", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about triggers configured for a repository", - "privilege": "GetRepositoryTriggers", + "access_level": "Write", + "description": "Grants permission to delete webhook. For an existing AWS CodeBuild build project that has its source code stored in a GitHub or Bitbucket repository, stops AWS CodeBuild from rebuilding the source code every time a code change is pushed to the repository", + "privilege": "DeleteWebhook", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "project*" } ] }, { "access_level": "Read", - "description": "Grants permission to view the contents of a specified tree in an AWS CodeCommit repository from the AWS CodeCommit console", - "privilege": "GetTree", + "description": "Grants permission to return an array of CodeCoverage objects", + "privilege": "DescribeCodeCoverages", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "report-group*" } ] }, { "access_level": "Read", - "description": "Grants permission to get status information about an archive upload to a pipeline in AWS CodePipeline", - "privilege": "GetUploadArchiveStatus", + "description": "Grants permission to return an array of TestCase objects", + "privilege": "DescribeTestCases", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "report-group*" } ] }, { "access_level": "Read", - "description": "Grants permission to pull information from an AWS CodeCommit repository to a local repo", - "privilege": "GitPull", + "description": "Grants permission to analyze and accumulate test report values for the test reports in the specified report group", + "privilege": "GetReportGroupTrend", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "report-group*" } ] }, { - "access_level": "Write", - "description": "Grants permission to push information from a local repo to an AWS CodeCommit repository", - "privilege": "GitPush", + "access_level": "Read", + "description": "Grants permission to return a resource policy for the specified project or report group", + "privilege": "GetResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "project" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "report-group" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to import the source repository credentials for an AWS CodeBuild project that has its source code stored in a GitHub, GitHub Enterprise, or Bitbucket repository", + "privilege": "ImportSourceCredentials", + "resource_types": [ { "condition_keys": [ - "codecommit:References" + "codebuild:authType", + "codebuild:serverType", + "codebuild:shouldOverwrite", + "codebuild:token", + "codebuild:username" ], "dependent_actions": [], "resource_type": "" @@ -53094,81 +57424,81 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all approval rule templates in an AWS Region for the AWS account", - "privilege": "ListApprovalRuleTemplates", + "access_level": "Write", + "description": "Grants permission to reset the cache for a project", + "privilege": "InvalidateProjectCache", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "project*" } ] }, { "access_level": "List", - "description": "Grants permission to list approval rule templates that are associated with a repository", - "privilege": "ListAssociatedApprovalRuleTemplatesForRepository", + "description": "Grants permission to get a list of build batch IDs, with each build batch ID representing a single build batch", + "privilege": "ListBuildBatches", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list branches for an AWS CodeCommit repository with this API; does not control Git branch actions", - "privilege": "ListBranches", + "description": "Grants permission to get a list of build batch IDs for the specified build project, with each build batch ID representing a single build batch", + "privilege": "ListBuildBatchesForProject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "project*" } ] }, { "access_level": "List", - "description": "Grants permission to list commits and changes to a specified file", - "privilege": "ListFileCommitHistory", + "description": "Grants permission to get a list of build IDs, with each build ID representing a single build", + "privilege": "ListBuilds", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list pull requests for a specified repository", - "privilege": "ListPullRequests", + "description": "Grants permission to get a list of build IDs for the specified build project, with each build ID representing a single build", + "privilege": "ListBuildsForProject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "project*" } ] }, { "access_level": "List", - "description": "Grants permission to list information about AWS CodeCommit repositories in the current Region for your AWS account", - "privilege": "ListRepositories", + "description": "Grants permission to get a list of command execution IDs for the specified sandbox, with each command execution ID representing a single command execution", + "privilege": "ListCommandExecutionsForSandbox", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "sandbox*" } ] }, { "access_level": "List", - "description": "Grants permission to list repositories that are associated with an approval rule template", - "privilege": "ListRepositoriesForApprovalRuleTemplate", + "description": "Grants permission to list connected third-party OAuth providers. Only used in the AWS CodeBuild console", + "privilege": "ListConnectedOAuthAccounts", "resource_types": [ { "condition_keys": [], @@ -53179,268 +57509,277 @@ }, { "access_level": "List", - "description": "Grants permission to list the resource attached to a CodeCommit resource ARN", - "privilege": "ListTagsForResource", + "description": "Grants permission to get information about Docker images that are managed by AWS CodeBuild", + "privilege": "ListCuratedEnvironmentImages", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to merge two commits into the specified destination branch using the fast-forward merge option", - "privilege": "MergeBranchesByFastForward", + "access_level": "List", + "description": "Grants permission to get a list of compute fleet ARNs, with each compute fleet ARN representing a single fleet", + "privilege": "ListFleets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" - }, - { - "condition_keys": [ - "codecommit:References" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to merge two commits into the specified destination branch using the squash merge option", - "privilege": "MergeBranchesBySquash", + "access_level": "List", + "description": "Grants permission to get a list of build project names, with each build project name representing a single build project", + "privilege": "ListProjects", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" - }, - { - "condition_keys": [ - "codecommit:References" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to merge two commits into the specified destination branch using the three-way merge option", - "privilege": "MergeBranchesByThreeWay", + "access_level": "List", + "description": "Grants permission to return a list of report group ARNs. Each report group ARN represents one report group", + "privilege": "ListReportGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" - }, - { - "condition_keys": [ - "codecommit:References" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to close a pull request and attempt to merge it into the specified destination branch for that pull request at the specified commit using the fast-forward merge option", - "privilege": "MergePullRequestByFastForward", + "access_level": "List", + "description": "Grants permission to return a list of report ARNs. Each report ARN representing one report", + "privilege": "ListReports", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" - }, - { - "condition_keys": [ - "codecommit:References" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to close a pull request and attempt to merge it into the specified destination branch for that pull request at the specified commit using the squash merge option", - "privilege": "MergePullRequestBySquash", + "access_level": "List", + "description": "Grants permission to return a list of report ARNs that belong to the specified report group. Each report ARN represents one report", + "privilege": "ListReportsForReportGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" - }, - { - "condition_keys": [ - "codecommit:References" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "report-group*" } ] }, { - "access_level": "Write", - "description": "Grants permission to close a pull request and attempt to merge it into the specified destination branch for that pull request at the specified commit using the three-way merge option", - "privilege": "MergePullRequestByThreeWay", + "access_level": "List", + "description": "Grants permission to list source code repositories from a connected third-party OAuth provider. Only used in the AWS CodeBuild console", + "privilege": "ListRepositories", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" - }, - { - "condition_keys": [ - "codecommit:References" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to override all approval rules for a pull request, including approval rules created by a template", - "privilege": "OverridePullRequestApprovalRules", + "access_level": "List", + "description": "Grants permission to get a list of sandbox IDs, with each sandbox ID representing a single sandbox", + "privilege": "ListSandboxes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to post a comment on the comparison between two commits", - "privilege": "PostCommentForComparedCommit", + "access_level": "List", + "description": "Grants permission to get a list of sandbox IDs for the specified sandbox project, with each sandbox ID representing a single sandbox", + "privilege": "ListSandboxesForProject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "project*" } ] }, { - "access_level": "Write", - "description": "Grants permission to post a comment on a pull request", - "privilege": "PostCommentForPullRequest", + "access_level": "List", + "description": "Grants permission to return a list of project ARNs that have been shared with the requester. Each project ARN represents one project", + "privilege": "ListSharedProjects", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to post a comment in reply to a comment on a comparison between commits or a pull request", - "privilege": "PostCommentReply", + "access_level": "List", + "description": "Grants permission to return a list of report group ARNs that have been shared with the requester. Each report group ARN represents one report group", + "privilege": "ListSharedReportGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to post a reaction on a comment", - "privilege": "PutCommentReaction", + "access_level": "List", + "description": "Grants permission to return a list of SourceCredentialsInfo objects", + "privilege": "ListSourceCredentials", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to add or update a file in a branch in an AWS CodeCommit repository, and generate a commit for the addition in the specified branch", - "privilege": "PutFile", + "description": "Grants permission to save an OAuth token from a connected third-party OAuth provider. Only used in the AWS CodeBuild console", + "privilege": "PersistOAuthToken", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" - }, - { - "condition_keys": [ - "codecommit:References" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create, update, or delete triggers for a repository", - "privilege": "PutRepositoryTriggers", + "access_level": "Permissions management", + "description": "Grants permission to create a resource policy for the associated project or report group", + "privilege": "PutResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "project" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "report-group" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to attach resource tags to a CodeCommit resource ARN", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to retry a build", + "privilege": "RetryBuild", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "project*" } ] }, { "access_level": "Write", - "description": "Grants permission to test the functionality of repository triggers by sending information to the trigger target", - "privilege": "TestRepositoryTriggers", + "description": "Grants permission to retry a build batch", + "privilege": "RetryBuildBatch", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "project*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to disassociate resource tags from a CodeCommit resource ARN", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to start running a build", + "privilege": "StartBuild", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository" + "resource_type": "project*" }, { "condition_keys": [ - "aws:TagKeys", - "aws:ResourceTag/${TagKey}" + "codebuild:autoRetryLimit", + "codebuild:artifacts", + "codebuild:artifacts.bucketOwnerAccess", + "codebuild:artifacts.encryptionDisabled", + "codebuild:artifacts.location", + "codebuild:secondaryArtifacts", + "codebuild:secondaryArtifacts.artifactIdentifier", + "codebuild:secondaryArtifacts.bucketOwnerAccess", + "codebuild:secondaryArtifacts.encryptionDisabled", + "codebuild:secondaryArtifacts.location", + "codebuild:secondaryArtifacts/${artifactIdentifier}.bucketOwnerAccess", + "codebuild:secondaryArtifacts/${artifactIdentifier}.encryptionDisabled", + "codebuild:secondaryArtifacts/${artifactIdentifier}.location", + "codebuild:source", + "codebuild:source.buildStatusConfig.targetUrl", + "codebuild:source.buildStatusConfig.context", + "codebuild:source.location", + "codebuild:source.insecureSsl", + "codebuild:source.buildspec", + "codebuild:source.auth.resource", + "codebuild:source.auth.type", + "codebuild:secondarySources", + "codebuild:secondarySources.sourceIdentifier", + "codebuild:secondarySources.buildStatusConfig.targetUrl", + "codebuild:secondarySources.buildStatusConfig.context", + "codebuild:secondarySources.location", + "codebuild:secondarySources.auth.resource", + "codebuild:secondarySources.auth.type", + "codebuild:secondarySources.buildspec", + "codebuild:secondarySources.insecureSsl", + "codebuild:secondarySources/${sourceIdentifier}.buildStatusConfig.targetUrl", + "codebuild:secondarySources/${sourceIdentifier}.buildStatusConfig.context", + "codebuild:secondarySources/${sourceIdentifier}.location", + "codebuild:secondarySources/${sourceIdentifier}.auth.resource", + "codebuild:secondarySources/${sourceIdentifier}.auth.type", + "codebuild:secondarySources/${sourceIdentifier}.buildspec", + "codebuild:secondarySources/${sourceIdentifier}.insecureSsl", + "codebuild:logsConfig", + "codebuild:logsConfig.s3Logs", + "codebuild:logsConfig.s3Logs.bucketOwnerAccess", + "codebuild:logsConfig.s3Logs.encryptionDisabled", + "codebuild:logsConfig.s3Logs.location", + "codebuild:logsConfig.s3Logs.status", + "codebuild:environment", + "codebuild:environment.type", + "codebuild:environment.fleet.fleetArn", + "codebuild:environment.computeType", + "codebuild:environment.image", + "codebuild:environment.imagePullCredentialsType", + "codebuild:environment.privilegedMode", + "codebuild:environment.certificate", + "codebuild:environment.environmentVariables", + "codebuild:environment.environmentVariables.name", + "codebuild:environment.environmentVariables.value", + "codebuild:environment.environmentVariables/${name}.value", + "codebuild:environment.registryCredential", + "codebuild:environment.registryCredential.credential", + "codebuild:environment.registryCredential.credentialProvider", + "codebuild:encryptionKey", + "codebuild:cache", + "codebuild:cache.type", + "codebuild:cache.location", + "codebuild:cache.modes", + "codebuild:serviceRole" ], "dependent_actions": [], "resource_type": "" @@ -53449,274 +57788,450 @@ }, { "access_level": "Write", - "description": "Grants permission to update the content of approval rule templates; does not grant permission to update content of approval rules created specifically for pull requests", - "privilege": "UpdateApprovalRuleTemplateContent", + "description": "Grants permission to start running a build batch", + "privilege": "StartBuildBatch", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update the description of approval rule templates", - "privilege": "UpdateApprovalRuleTemplateDescription", + "resource_type": "project*" + }, + { + "condition_keys": [ + "codebuild:artifacts", + "codebuild:artifacts.bucketOwnerAccess", + "codebuild:artifacts.encryptionDisabled", + "codebuild:artifacts.location", + "codebuild:secondaryArtifacts", + "codebuild:secondaryArtifacts.artifactIdentifier", + "codebuild:secondaryArtifacts.bucketOwnerAccess", + "codebuild:secondaryArtifacts.encryptionDisabled", + "codebuild:secondaryArtifacts.location", + "codebuild:secondaryArtifacts/${artifactIdentifier}.bucketOwnerAccess", + "codebuild:secondaryArtifacts/${artifactIdentifier}.encryptionDisabled", + "codebuild:secondaryArtifacts/${artifactIdentifier}.location", + "codebuild:source", + "codebuild:source.location", + "codebuild:source.insecureSsl", + "codebuild:source.buildspec", + "codebuild:source.auth.resource", + "codebuild:source.auth.type", + "codebuild:secondarySources", + "codebuild:secondarySources.sourceIdentifier", + "codebuild:secondarySources.buildStatusConfig.targetUrl", + "codebuild:secondarySources.buildStatusConfig.context", + "codebuild:secondarySources.location", + "codebuild:secondarySources.auth.resource", + "codebuild:secondarySources.auth.type", + "codebuild:secondarySources.buildspec", + "codebuild:secondarySources.insecureSsl", + "codebuild:secondarySources/${sourceIdentifier}.buildStatusConfig.targetUrl", + "codebuild:secondarySources/${sourceIdentifier}.buildStatusConfig.context", + "codebuild:secondarySources/${sourceIdentifier}.location", + "codebuild:secondarySources/${sourceIdentifier}.auth.resource", + "codebuild:secondarySources/${sourceIdentifier}.auth.type", + "codebuild:secondarySources/${sourceIdentifier}.buildspec", + "codebuild:secondarySources/${sourceIdentifier}.insecureSsl", + "codebuild:logsConfig", + "codebuild:logsConfig.s3Logs", + "codebuild:logsConfig.s3Logs.bucketOwnerAccess", + "codebuild:logsConfig.s3Logs.encryptionDisabled", + "codebuild:logsConfig.s3Logs.location", + "codebuild:logsConfig.s3Logs.status", + "codebuild:buildBatchConfig", + "codebuild:buildBatchConfig.serviceRole", + "codebuild:buildBatchConfig.restrictions.computeTypesAllowed", + "codebuild:buildBatchConfig.restrictions.fleetsAllowed", + "codebuild:environment", + "codebuild:environment.type", + "codebuild:environment.computeType", + "codebuild:environment.image", + "codebuild:environment.imagePullCredentialsType", + "codebuild:environment.privilegedMode", + "codebuild:environment.certificate", + "codebuild:environment.environmentVariables", + "codebuild:environment.environmentVariables.name", + "codebuild:environment.environmentVariables.value", + "codebuild:environment.environmentVariables/${name}.value", + "codebuild:environment.registryCredential", + "codebuild:environment.registryCredential.credential", + "codebuild:environment.registryCredential.credentialProvider", + "codebuild:encryptionKey", + "codebuild:cache", + "codebuild:cache.type", + "codebuild:cache.location", + "codebuild:cache.modes", + "codebuild:serviceRole" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start running a command execution", + "privilege": "StartCommandExecution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "sandbox*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the name of approval rule templates", - "privilege": "UpdateApprovalRuleTemplateName", + "description": "Grants permission to start running a sandbox", + "privilege": "StartSandbox", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "project*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the contents of a comment if the identity matches the identity used to create the comment", - "privilege": "UpdateComment", + "description": "Grants permission to establish a connection to the sandbox", + "privilege": "StartSandboxConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "sandbox*" } ] }, { "access_level": "Write", - "description": "Grants permission to change the default branch in an AWS CodeCommit repository", - "privilege": "UpdateDefaultBranch", + "description": "Grants permission to attempt to stop running a build", + "privilege": "StopBuild", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "project*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the content for approval rules created for a specific pull requests; does not grant permission to update approval rule content for rules created with an approval rule template", - "privilege": "UpdatePullRequestApprovalRuleContent", + "description": "Grants permission to attempt to stop running a build batch", + "privilege": "StopBuildBatch", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "project*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the approval state for pull requests", - "privilege": "UpdatePullRequestApprovalState", + "description": "Grants permission to attempt to stop running a sandbox", + "privilege": "StopSandbox", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "project*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the description of a pull request", - "privilege": "UpdatePullRequestDescription", + "description": "Grants permission to change the settings of an existing compute fleet", + "privilege": "UpdateFleet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update the status of a pull request", - "privilege": "UpdatePullRequestStatus", - "resource_types": [ + "resource_type": "fleet*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "codebuild:imageId", + "codebuild:computeType", + "codebuild:vpcConfig", + "codebuild:vpcConfig.vpcId", + "codebuild:vpcConfig.securityGroupIds", + "codebuild:vpcConfig.subnets", + "codebuild:computeConfiguration", + "codebuild:computeConfiguration.disk", + "codebuild:computeConfiguration.instanceType", + "codebuild:computeConfiguration.machineType", + "codebuild:computeConfiguration.memory", + "codebuild:computeConfiguration.vCpu", + "codebuild:environmentType", + "codebuild:fleetServiceRole" + ], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the title of a pull request", - "privilege": "UpdatePullRequestTitle", + "description": "Grants permission to change the settings of an existing build project", + "privilege": "UpdateProject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "project*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "codebuild:autoRetryLimit", + "codebuild:concurrentBuildLimit", + "codebuild:artifacts", + "codebuild:artifacts.bucketOwnerAccess", + "codebuild:artifacts.encryptionDisabled", + "codebuild:artifacts.location", + "codebuild:secondaryArtifacts", + "codebuild:secondaryArtifacts.artifactIdentifier", + "codebuild:secondaryArtifacts.bucketOwnerAccess", + "codebuild:secondaryArtifacts.encryptionDisabled", + "codebuild:secondaryArtifacts.location", + "codebuild:secondaryArtifacts/${artifactIdentifier}.bucketOwnerAccess", + "codebuild:secondaryArtifacts/${artifactIdentifier}.encryptionDisabled", + "codebuild:secondaryArtifacts/${artifactIdentifier}.location", + "codebuild:source", + "codebuild:source.buildStatusConfig.targetUrl", + "codebuild:source.buildStatusConfig.context", + "codebuild:source.location", + "codebuild:source.insecureSsl", + "codebuild:source.buildspec", + "codebuild:source.auth.resource", + "codebuild:source.auth.type", + "codebuild:secondarySources", + "codebuild:secondarySources.sourceIdentifier", + "codebuild:secondarySources.buildStatusConfig.targetUrl", + "codebuild:secondarySources.buildStatusConfig.context", + "codebuild:secondarySources.location", + "codebuild:secondarySources.auth.resource", + "codebuild:secondarySources.auth.type", + "codebuild:secondarySources.buildspec", + "codebuild:secondarySources.insecureSsl", + "codebuild:secondarySources/${sourceIdentifier}.buildStatusConfig.targetUrl", + "codebuild:secondarySources/${sourceIdentifier}.buildStatusConfig.context", + "codebuild:secondarySources/${sourceIdentifier}.location", + "codebuild:secondarySources/${sourceIdentifier}.auth.resource", + "codebuild:secondarySources/${sourceIdentifier}.auth.type", + "codebuild:secondarySources/${sourceIdentifier}.buildspec", + "codebuild:secondarySources/${sourceIdentifier}.insecureSsl", + "codebuild:logsConfig", + "codebuild:logsConfig.s3Logs", + "codebuild:logsConfig.s3Logs.bucketOwnerAccess", + "codebuild:logsConfig.s3Logs.encryptionDisabled", + "codebuild:logsConfig.s3Logs.location", + "codebuild:logsConfig.s3Logs.status", + "codebuild:fileSystemLocations.identifier", + "codebuild:fileSystemLocations.type", + "codebuild:fileSystemLocations.location", + "codebuild:fileSystemLocations/${identifier}.type", + "codebuild:fileSystemLocations/${identifier}.location", + "codebuild:buildBatchConfig", + "codebuild:buildBatchConfig.serviceRole", + "codebuild:buildBatchConfig.restrictions.computeTypesAllowed", + "codebuild:buildBatchConfig.restrictions.fleetsAllowed", + "codebuild:vpcConfig", + "codebuild:vpcConfig.subnets", + "codebuild:vpcConfig.vpcId", + "codebuild:vpcConfig.securityGroupIds", + "codebuild:environment", + "codebuild:environment.type", + "codebuild:environment.fleet.fleetArn", + "codebuild:environment.computeType", + "codebuild:environment.image", + "codebuild:environment.imagePullCredentialsType", + "codebuild:environment.privilegedMode", + "codebuild:environment.certificate", + "codebuild:environment.computeConfiguration", + "codebuild:environment.computeConfiguration.disk", + "codebuild:environment.computeConfiguration.instanceType", + "codebuild:environment.computeConfiguration.machineType", + "codebuild:environment.computeConfiguration.memory", + "codebuild:environment.computeConfiguration.vCpu", + "codebuild:environment.environmentVariables", + "codebuild:environment.environmentVariables.name", + "codebuild:environment.environmentVariables.value", + "codebuild:environment.environmentVariables/${name}.value", + "codebuild:environment.registryCredential", + "codebuild:environment.registryCredential.credential", + "codebuild:environment.registryCredential.credentialProvider", + "codebuild:encryptionKey", + "codebuild:cache", + "codebuild:cache.type", + "codebuild:cache.location", + "codebuild:cache.modes", + "codebuild:serviceRole" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to change the description of an AWS CodeCommit repository", - "privilege": "UpdateRepositoryDescription", + "description": "Grants permission to change the public visibility of a project and its builds", + "privilege": "UpdateProjectVisibility", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "project*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "codebuild:projectVisibility" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to change the AWS KMS encryption key used to encrypt and decrypt an AWS CodeCommit repository", - "privilege": "UpdateRepositoryEncryptionKey", + "description": "Grants permission to update information about a report", + "privilege": "UpdateReport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "report-group*" } ] }, { "access_level": "Write", - "description": "Grants permission to change the name of an AWS CodeCommit repository", - "privilege": "UpdateRepositoryName", + "description": "Grants permission to change the settings of an existing report group", + "privilege": "UpdateReportGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "report-group*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "codebuild:exportConfig.s3Destination.bucket", + "codebuild:exportConfig.s3Destination.bucketOwner", + "codebuild:exportConfig.s3Destination.encryptionKey", + "codebuild:exportConfig.s3Destination.encryptionDisabled", + "codebuild:exportConfig.s3Destination.path" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to the service role for AWS CodePipeline to upload repository changes into a pipeline", - "privilege": "UploadArchive", + "description": "Grants permission to update the webhook associated with an AWS CodeBuild build project", + "privilege": "UpdateWebhook", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "project*" + }, + { + "condition_keys": [ + "codebuild:buildType", + "codebuild:manualCreation", + "codebuild:scopeConfiguration.domain", + "codebuild:scopeConfiguration.name", + "codebuild:scopeConfiguration.scope" + ], + "dependent_actions": [], + "resource_type": "" } ] } ], "resources": [ { - "arn": "arn:${Partition}:codecommit:${Region}:${Account}:${RepositoryName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "repository" - } - ], - "service_name": "AWS CodeCommit" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", - "type": "String" + "arn": "arn:${Partition}:codebuild:${Region}:${Account}:build/${BuildId}", + "condition_keys": [], + "resource": "build" }, { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", - "type": "ArrayOfString" + "arn": "arn:${Partition}:codebuild:${Region}:${Account}:build-batch/${BuildBatchId}", + "condition_keys": [], + "resource": "build-batch" }, { - "condition": "codeconnections:Branch", - "description": "Filters access by the branch name that is passed in the request", - "type": "String" + "arn": "arn:${Partition}:codebuild:${Region}:${Account}:project/${ProjectName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "project" }, { - "condition": "codeconnections:BranchName", - "description": "Filters access by the branch name that is passed in the request. Applies only to UseConnection requests for access to a specific repository branch", - "type": "String" + "arn": "arn:${Partition}:codebuild:${Region}:${Account}:report-group/${ReportGroupName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "report-group" }, { - "condition": "codeconnections:FullRepositoryId", - "description": "Filters access by the repository that is passed in the request. Applies only to UseConnection requests for access to a specific repository", - "type": "String" + "arn": "arn:${Partition}:codebuild:${Region}:${Account}:report/${ReportGroupName}:${ReportId}", + "condition_keys": [], + "resource": "report" }, { - "condition": "codeconnections:HostArn", - "description": "Filters access by the host resource associated with the connection used in the request", - "type": "ARN" + "arn": "arn:${Partition}:codebuild:${Region}:${Account}:fleet/${FleetName}:${FleetId}", + "condition_keys": [], + "resource": "fleet" }, { - "condition": "codeconnections:InstallationId", - "description": "Filters access by the third-party ID (such as the Bitbucket App installation ID for CodeConnections) that is used to update a Connection. Allows you to restrict which third-party App installations can be used to make a Connection", - "type": "String" - }, + "arn": "arn:${Partition}:codebuild:${Region}:${Account}:sandbox/${SandboxId}", + "condition_keys": [], + "resource": "sandbox" + } + ], + "service_name": "AWS CodeBuild" + }, + { + "conditions": [ { - "condition": "codeconnections:OwnerId", - "description": "Filters access by the owner of the third-party repository. Applies only to UseConnection requests for access to repositories owned by a specific user", + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by a tag's key and value in a request", "type": "String" }, { - "condition": "codeconnections:PassedToService", - "description": "Filters access by the service to which the principal is allowed to pass a Connection or RepositoryLink", + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request", "type": "String" }, { - "condition": "codeconnections:ProviderAction", - "description": "Filters access by the provider action in a UseConnection request such as ListRepositories. See documentation for all valid values", + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys in a request", "type": "ArrayOfString" - }, - { - "condition": "codeconnections:ProviderPermissionsRequired", - "description": "Filters access by the write permissions of a provider action in a UseConnection request. Valid types include read_only and read_write", - "type": "String" - }, - { - "condition": "codeconnections:ProviderType", - "description": "Filters access by the type of third-party provider passed in the request", - "type": "String" - }, - { - "condition": "codeconnections:ProviderTypeFilter", - "description": "Filters access by the type of third-party provider used to filter results", - "type": "String" - }, - { - "condition": "codeconnections:RepositoryName", - "description": "Filters access by the repository name that is passed in the request. Applies only to UseConnection requests for access to repositories owned by a specific user", - "type": "String" } ], - "prefix": "codeconnections", + "prefix": "codecatalyst", "privileges": [ { "access_level": "Write", - "description": "Grants permission to create a Connection resource", - "privilege": "CreateConnection", + "description": "Grants permission to accept a request to connect this account to an Amazon CodeCatalyst space", + "privilege": "AcceptConnection", "resource_types": [ { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "codeconnections:ProviderType" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -53725,14 +58240,19 @@ }, { "access_level": "Write", - "description": "Grants permission to create a host resource", - "privilege": "CreateHost", + "description": "Grants permission to associate an IAM role to a connection", + "privilege": "AssociateIamRoleToConnection", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "connections*" + }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "codeconnections:ProviderType" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -53741,21 +58261,17 @@ }, { "access_level": "Write", - "description": "Grants permission to create a repository link", - "privilege": "CreateRepositoryLink", + "description": "Grants permission to associate an IAM Identity Center application with an Amazon CodeCatalyst space", + "privilege": "AssociateIdentityCenterApplicationToSpace", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "codeconnections:PassConnection", - "codeconnections:UseConnection" - ], - "resource_type": "Connection*" + "dependent_actions": [], + "resource_type": "identity-center-applications*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -53764,20 +58280,17 @@ }, { "access_level": "Write", - "description": "Grants permission to create a template sync config", - "privilege": "CreateSyncConfiguration", + "description": "Grants permission to associate an identity with an IAM Identity Center application for an Amazon CodeCatalyst space", + "privilege": "AssociateIdentityToIdentityCenterApplication", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "codeconnections:PassRepository", - "iam:PassRole" - ], - "resource_type": "RepositoryLink*" + "dependent_actions": [], + "resource_type": "identity-center-applications*" }, { "condition_keys": [ - "codeconnections:Branch" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -53786,112 +58299,123 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a Connection resource", - "privilege": "DeleteConnection", + "description": "Grants permission to associate multiple identities with an IAM Identity Center application for an Amazon CodeCatalyst space", + "privilege": "BatchAssociateIdentitiesToIdentityCenterApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Connection*" + "resource_type": "identity-center-applications*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a host resource", - "privilege": "DeleteHost", + "description": "Grants permission to disassociate multiple identities from an IAM Identity Center application for an Amazon CodeCatalyst space", + "privilege": "BatchDisassociateIdentitiesFromIdentityCenterApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Host*" + "resource_type": "identity-center-applications*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a repository link", - "privilege": "DeleteRepositoryLink", + "description": "Grants permission to create an IAM Identity Center application", + "privilege": "CreateIdentityCenterApplication", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "RepositoryLink*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a sync configuration", - "privilege": "DeleteSyncConfiguration", + "description": "Grants permission to create an Amazon CodeCatalyst space", + "privilege": "CreateSpace", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details about a Connection resource", - "privilege": "GetConnection", + "access_level": "Write", + "description": "Grants permission to create an administrator role assignment for a given Amazon CodeCatalyst space and IAM Identity Center application", + "privilege": "CreateSpaceAdminRoleAssignment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Connection*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get a Connection token to call provider actions", - "privilege": "GetConnectionToken", - "resource_types": [ + "resource_type": "identity-center-applications*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "Connection*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details about a host resource", - "privilege": "GetHost", + "access_level": "Write", + "description": "Grants permission to delete a connection", + "privilege": "DeleteConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Host*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to associate a third party, such as a Bitbucket App installation, with a Connection", - "privilege": "GetIndividualAccessToken", - "resource_types": [ + "resource_type": "connections*" + }, { "condition_keys": [ - "codeconnections:ProviderType" - ], - "dependent_actions": [ - "codeconnections:StartOAuthHandshake" + "aws:ResourceTag/${TagKey}" ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to associate a third party, such as a Bitbucket App installation, with a Connection", - "privilege": "GetInstallationUrl", + "access_level": "Write", + "description": "Grants permission to delete an IAM Identity Center application", + "privilege": "DeleteIdentityCenterApplication", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "identity-center-applications*" + }, { "condition_keys": [ - "codeconnections:ProviderType" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -53899,30 +58423,37 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to describe a repository link", - "privilege": "GetRepositoryLink", + "access_level": "Write", + "description": "Grants permission to disassociate an IAM role from a connection", + "privilege": "DisassociateIamRoleFromConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RepositoryLink*" + "resource_type": "connections*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the latest sync status for a repository", - "privilege": "GetRepositorySyncStatus", + "access_level": "Write", + "description": "Grants permission to disassociate an IAM Identity Center application from an Amazon CodeCatalyst space", + "privilege": "DisassociateIdentityCenterApplicationFromSpace", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RepositoryLink*" + "resource_type": "identity-center-applications*" }, { "condition_keys": [ - "codeconnections:Branch" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -53930,54 +58461,75 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get the latest sync status for a resource (cfn stack or other resources)", - "privilege": "GetResourceSyncStatus", + "access_level": "Write", + "description": "Grants permission to disassociate an identity from an IAM Identity Center application for an Amazon CodeCatalyst space", + "privilege": "DisassociateIdentityFromIdentityCenterApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "identity-center-applications*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to describe service sync blockers on a resource (cfn stack or other resources)", - "privilege": "GetSyncBlockerSummary", + "description": "Grants permission to describe the billing authorization for a connection", + "privilege": "GetBillingAuthorization", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "connections*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a sync configuration", - "privilege": "GetSyncConfiguration", + "description": "Grants permission to get a connection", + "privilege": "GetConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "connections*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list Connection resources", - "privilege": "ListConnections", + "access_level": "Read", + "description": "Grants permission to get information about an IAM Identity Center application", + "privilege": "GetIdentityCenterApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Connection*" + "resource_type": "identity-center-applications*" }, { "condition_keys": [ - "codeconnections:ProviderTypeFilter" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -53985,14 +58537,12 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list host resources", - "privilege": "ListHosts", + "access_level": "Read", + "description": "Grants permission to get a pending request to connect this account to an Amazon CodeCatalyst space", + "privilege": "GetPendingConnection", "resource_types": [ { - "condition_keys": [ - "codeconnections:ProviderTypeFilter" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -54000,35 +58550,39 @@ }, { "access_level": "List", - "description": "Grants permission to associate a third party, such as a Bitbucket App installation, with a Connection", - "privilege": "ListInstallationTargets", + "description": "Grants permission to list connections that are not pending", + "privilege": "ListConnections", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "codeconnections:GetIndividualAccessToken", - "codeconnections:StartOAuthHandshake" - ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list repository links", - "privilege": "ListRepositoryLinks", + "description": "Grants permission to list IAM roles associated with a connection", + "privilege": "ListIamRolesForConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "connections*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list repository sync definitions", - "privilege": "ListRepositorySyncDefinitions", + "description": "Grants permission to view a list of all IAM Identity Center applications in the account", + "privilege": "ListIdentityCenterApplications", "resource_types": [ { "condition_keys": [], @@ -54039,8 +58593,8 @@ }, { "access_level": "List", - "description": "Grants permission to list sync configurations for a repository link", - "privilege": "ListSyncConfigurations", + "description": "Grants permission to view a list of IAM Identity Center applications by Amazon CodeCatalyst space", + "privilege": "ListIdentityCenterApplicationsForSpace", "resource_types": [ { "condition_keys": [], @@ -54051,39 +58605,41 @@ }, { "access_level": "List", - "description": "Grants permission to the set of key-value pairs that are used to manage the resource", - "privilege": "ListTagsForResource", + "description": "Grants permission to view a list of Amazon CodeCatalyst spaces by IAM Identity Center application", + "privilege": "ListSpacesForIdentityCenterApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Connection" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Host" + "resource_type": "identity-center-applications*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "RepositoryLink" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to pass a Connection resource to an AWS service that accepts a Connection ARN as input, such as codepipeline:CreatePipeline", - "privilege": "PassConnection", + "description": "Grants permission to list tags for an Amazon CodeCatalyst resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Connection*" + "resource_type": "connections" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "identity-center-applications" }, { "condition_keys": [ - "codeconnections:PassedToService" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -54091,18 +58647,18 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to pass a repository link resource to an AWS service that accepts a RepositoryLinkId as input, such as codeconnections:CreateSyncConfiguration", - "privilege": "PassRepository", + "access_level": "Write", + "description": "Grants permission to create or update the billing authorization for a connection", + "privilege": "PutBillingAuthorization", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RepositoryLink*" + "resource_type": "connections*" }, { "condition_keys": [ - "codeconnections:PassedToService" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -54110,41 +58666,30 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to associate a third party server, such as a GitHub Enterprise Server instance, with a Host", - "privilege": "RegisterAppCode", + "access_level": "Write", + "description": "Grants permission to reject a request to connect this account to an Amazon CodeCatalyst space", + "privilege": "RejectConnection", "resource_types": [ { - "condition_keys": [ - "codeconnections:HostArn" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to associate a third party server, such as a GitHub Enterprise Server instance, with a Host", - "privilege": "StartAppRegistrationHandshake", + "access_level": "Write", + "description": "Grants permission to synchronize an IAM Identity Center application with the backing identity store", + "privilege": "SynchronizeIdentityCenterApplication", "resource_types": [ { - "condition_keys": [ - "codeconnections:HostArn" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to associate a third party, such as a Bitbucket App installation, with a Connection", - "privilege": "StartOAuthHandshake", - "resource_types": [ + "resource_type": "identity-center-applications*" + }, { "condition_keys": [ - "codeconnections:ProviderType" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -54153,28 +58698,24 @@ }, { "access_level": "Tagging", - "description": "Grants permission to add or modify the tags of the given resource", + "description": "Grants permission to tag an Amazon CodeCatalyst resource", "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Connection" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Host" + "resource_type": "connections" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "RepositoryLink" + "resource_type": "identity-center-applications" }, { "condition_keys": [ "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -54183,51 +58724,23 @@ }, { "access_level": "Tagging", - "description": "Grants permission to remove tags from an AWS resource", + "description": "Grants permission to untag an Amazon CodeCatalyst resource", "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Connection" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Host" + "resource_type": "connections" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "RepositoryLink" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a Connection resource with an installation of the CodeStar Connections App", - "privilege": "UpdateConnectionInstallation", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "codeconnections:GetIndividualAccessToken", - "codeconnections:GetInstallationUrl", - "codeconnections:ListInstallationTargets", - "codeconnections:StartOAuthHandshake" - ], - "resource_type": "Connection*" + "resource_type": "identity-center-applications" }, { "condition_keys": [ - "codeconnections:InstallationId" + "aws:TagKeys", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -54236,72 +58749,17 @@ }, { "access_level": "Write", - "description": "Grants permission to update a host resource", - "privilege": "UpdateHost", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Host*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a repository link", - "privilege": "UpdateRepositoryLink", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "RepositoryLink*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a sync blocker for a resource (cfn stack or other resources)", - "privilege": "UpdateSyncBlocker", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a sync configuration", - "privilege": "UpdateSyncConfiguration", - "resource_types": [ - { - "condition_keys": [ - "codeconnections:Branch" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to use a Connection resource to call provider actions", - "privilege": "UseConnection", + "description": "Grants permission to update an IAM Identity Center application", + "privilege": "UpdateIdentityCenterApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Connection*" + "resource_type": "identity-center-applications*" }, { "condition_keys": [ - "codeconnections:BranchName", - "codeconnections:FullRepositoryId", - "codeconnections:OwnerId", - "codeconnections:ProviderAction", - "codeconnections:ProviderPermissionsRequired", - "codeconnections:RepositoryName" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -54311,149 +58769,157 @@ ], "resources": [ { - "arn": "arn:${Partition}:codeconnections:${Region}:${Account}:connection/${ConnectionId}", + "arn": "arn:${Partition}:codecatalyst:${Region}:${Account}:/connections/${ConnectionId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "Connection" + "resource": "connections" }, { - "arn": "arn:${Partition}:codeconnections:${Region}:${Account}:host/${HostId}", + "arn": "arn:${Partition}:codecatalyst:${Region}:${Account}:/identity-center-applications/${IdentityCenterApplicationId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "Host" + "resource": "identity-center-applications" }, { - "arn": "arn:${Partition}:codeconnections:${Region}:${Account}:repository-link/${RepositoryLinkId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "RepositoryLink" + "arn": "arn:${Partition}:codecatalyst:::space/${SpaceId}", + "condition_keys": [], + "resource": "space" + }, + { + "arn": "arn:${Partition}:codecatalyst:::space/${SpaceId}/project/${ProjectId}", + "condition_keys": [], + "resource": "project" } ], - "service_name": "AWS CodeConnections" + "service_name": "Amazon CodeCatalyst" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the presence of tag key-value pairs in the request", + "description": "Filters access by the presence of tag key-value pairs in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on tag key-value pairs attached to the resource", + "description": "Filters access by tag key-value pairs attached to the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters actions based on the presence of tag keys in the request", + "description": "Filters access by the presence of tag keys in the request", "type": "ArrayOfString" + }, + { + "condition": "codecommit:References", + "description": "Filters access by Git reference to specified AWS CodeCommit actions", + "type": "String" } ], - "prefix": "codedeploy", + "prefix": "codecommit", "privileges": [ { - "access_level": "Tagging", - "description": "Grants permission to add tags to one or more on-premises instances", - "privilege": "AddTagsToOnPremisesInstances", + "access_level": "Write", + "description": "Grants permission to associate an approval rule template with a repository", + "privilege": "AssociateApprovalRuleTemplateWithRepository", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "repository*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about one or more application revisions", - "privilege": "BatchGetApplicationRevisions", + "access_level": "Write", + "description": "Grants permission to associate an approval rule template with multiple repositories in a single operation", + "privilege": "BatchAssociateApprovalRuleTemplateWithRepositories", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "repository*" } ] }, { "access_level": "Read", - "description": "Grants permission to get information about multiple applications associated with the IAM user", - "privilege": "BatchGetApplications", + "description": "Grants permission to get information about multiple merge conflicts when attempting to merge two commits using either the three-way merge or the squash merge option", + "privilege": "BatchDescribeMergeConflicts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "repository*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about one or more deployment groups", - "privilege": "BatchGetDeploymentGroups", + "access_level": "Write", + "description": "Grants permission to remove the association between an approval rule template and multiple repositories in a single operation", + "privilege": "BatchDisassociateApprovalRuleTemplateFromRepositories", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deploymentgroup*" + "resource_type": "repository*" } ] }, { "access_level": "Read", - "description": "Grants permission to get information about one or more instance that are part of a deployment group", - "privilege": "BatchGetDeploymentInstances", + "description": "Grants permission to return information about one or more commits in an AWS CodeCommit repository", + "privilege": "BatchGetCommits", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deploymentgroup*" + "resource_type": "repository*" } ] }, { "access_level": "Read", - "description": "Grants permission to return an array of one or more targets associated with a deployment. This method works with all compute types and should be used instead of the deprecated BatchGetDeploymentInstances. The maximum number of targets that can be returned is 25", - "privilege": "BatchGetDeploymentTargets", + "description": "Grants permission to return information about one or more pull requests in an AWS CodeCommit repository", + "privilege": "BatchGetPullRequests", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { "access_level": "Read", - "description": "Grants permission to get information about multiple deployments associated with the IAM user", - "privilege": "BatchGetDeployments", + "description": "Grants permission to get information about multiple repositories", + "privilege": "BatchGetRepositories", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deploymentgroup*" + "resource_type": "repository*" } ] }, { "access_level": "Read", - "description": "Grants permission to get information about one or more on-premises instances", - "privilege": "BatchGetOnPremisesInstances", + "description": "Grants permission to cancel the uploading of an archive to a pipeline in AWS CodePipeline", + "privilege": "CancelUploadArchive", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "repository*" } ] }, { "access_level": "Write", - "description": "Grants permission to start the process of rerouting traffic from instances in the original environment to instances in thereplacement environment without waiting for a specified wait time to elapse", - "privilege": "ContinueDeployment", + "description": "Grants permission to create an approval rule template that will automatically create approval rules in pull requests that match the conditions defined in the template; does not grant permission to create approval rules for individual pull requests", + "privilege": "CreateApprovalRuleTemplate", "resource_types": [ { "condition_keys": [], @@ -54464,18 +58930,17 @@ }, { "access_level": "Write", - "description": "Grants permission to create an application associated with the IAM user", - "privilege": "CreateApplication", + "description": "Grants permission to create a branch in an AWS CodeCommit repository with this API; does not control Git create branch actions", + "privilege": "CreateBranch", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "repository*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "codecommit:References" ], "dependent_actions": [], "resource_type": "" @@ -54484,49 +58949,56 @@ }, { "access_level": "Write", - "description": "Grants permission to create CloudFormation deployment to cooperate ochestration for a CloudFormation stack update", - "privilege": "CreateCloudFormationDeployment", + "description": "Grants permission to add, copy, move or update single or multiple files in a branch in an AWS CodeCommit repository, and generate a commit for the changes in the specified branch", + "privilege": "CreateCommit", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "repository*" + }, + { + "condition_keys": [ + "codecommit:References" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a deployment for an application associated with the IAM user", - "privilege": "CreateDeployment", + "description": "Grants permission to create a pull request in the specified repository", + "privilege": "CreatePullRequest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deploymentgroup*" + "resource_type": "repository*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a custom deployment configuration associated with the IAM user", - "privilege": "CreateDeploymentConfig", + "description": "Grants permission to create an approval rule specific to an individual pull request; does not grant permission to create approval rule templates", + "privilege": "CreatePullRequestApprovalRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deploymentconfig*" + "resource_type": "repository*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a deployment group for an application associated with the IAM user", - "privilege": "CreateDeploymentGroup", + "description": "Grants permission to create an AWS CodeCommit repository", + "privilege": "CreateRepository", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deploymentgroup*" + "resource_type": "repository*" }, { "condition_keys": [ @@ -54540,646 +59012,571 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an application associated with the IAM user", - "privilege": "DeleteApplication", + "description": "Grants permission to create an unreferenced commit that contains the result of merging two commits using either the three-way or the squash merge option; does not control Git merge actions", + "privilege": "CreateUnreferencedMergeCommit", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "repository*" + }, + { + "condition_keys": [ + "codecommit:References" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a custom deployment configuration associated with the IAM user", - "privilege": "DeleteDeploymentConfig", + "description": "Grants permission to delete an approval rule template", + "privilege": "DeleteApprovalRuleTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deploymentconfig*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a deployment group for an application associated with the IAM user", - "privilege": "DeleteDeploymentGroup", + "description": "Grants permission to delete a branch in an AWS CodeCommit repository with this API; does not control Git delete branch actions", + "privilege": "DeleteBranch", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deploymentgroup*" + "resource_type": "repository*" + }, + { + "condition_keys": [ + "codecommit:References" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a GitHub account connection", - "privilege": "DeleteGitHubAccountToken", + "description": "Grants permission to delete the content of a comment made on a change, file, or commit in a repository", + "privilege": "DeleteCommentContent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete resources associated with the given external Id", - "privilege": "DeleteResourcesByExternalId", + "description": "Grants permission to delete a specified file from a specified branch", + "privilege": "DeleteFile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "repository*" + }, + { + "condition_keys": [ + "codecommit:References" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to deregister an on-premises instance", - "privilege": "DeregisterOnPremisesInstance", + "description": "Grants permission to delete approval rule created for a pull request if the rule was not created by an approval rule template", + "privilege": "DeletePullRequestApprovalRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "repository*" } ] }, { - "access_level": "List", - "description": "Grants permission to get information about a single application associated with the IAM user", - "privilege": "GetApplication", + "access_level": "Write", + "description": "Grants permission to delete an AWS CodeCommit repository", + "privilege": "DeleteRepository", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "repository*" } ] }, { - "access_level": "List", - "description": "Grants permission to get information about a single application revision for an application associated with the IAM user", - "privilege": "GetApplicationRevision", + "access_level": "Read", + "description": "Grants permission to get information about specific merge conflicts when attempting to merge two commits using either the three-way or the squash merge option", + "privilege": "DescribeMergeConflicts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "repository*" } ] }, { - "access_level": "List", - "description": "Grants permission to get information about a single deployment to a deployment group for an application associated with the IAM user", - "privilege": "GetDeployment", + "access_level": "Read", + "description": "Grants permission to return information about one or more pull request events", + "privilege": "DescribePullRequestEvents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deploymentgroup*" + "resource_type": "repository*" } ] }, { - "access_level": "List", - "description": "Grants permission to get information about a single deployment configuration associated with the IAM user", - "privilege": "GetDeploymentConfig", + "access_level": "Write", + "description": "Grants permission to remove the association between an approval rule template and a repository", + "privilege": "DisassociateApprovalRuleTemplateFromRepository", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deploymentconfig*" + "resource_type": "repository*" } ] }, { - "access_level": "List", - "description": "Grants permission to get information about a single deployment group for an application associated with the IAM user", - "privilege": "GetDeploymentGroup", + "access_level": "Read", + "description": "Grants permission to evaluate whether a pull request is mergable based on its current approval state and approval rule requirements", + "privilege": "EvaluatePullRequestApprovalRules", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deploymentgroup*" + "resource_type": "repository*" } ] }, { - "access_level": "List", - "description": "Grants permission to get information about a single instance in a deployment associated with the IAM user", - "privilege": "GetDeploymentInstance", + "access_level": "Read", + "description": "Grants permission to return information about an approval rule template", + "privilege": "GetApprovalRuleTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deploymentgroup*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to return information about a deployment target", - "privilege": "GetDeploymentTarget", + "description": "Grants permission to view the encoded content of an individual file in an AWS CodeCommit repository from the AWS CodeCommit console", + "privilege": "GetBlob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { - "access_level": "List", - "description": "Grants permission to get information about a single on-premises instance", - "privilege": "GetOnPremisesInstance", + "access_level": "Read", + "description": "Grants permission to get details about a branch in an AWS CodeCommit repository with this API; does not control Git branch actions", + "privilege": "GetBranch", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "repository*" } ] }, { - "access_level": "List", - "description": "Grants permission to get information about all application revisions for an application associated with the IAM user", - "privilege": "ListApplicationRevisions", + "access_level": "Read", + "description": "Grants permission to get the content of a comment made on a change, file, or commit in a repository", + "privilege": "GetComment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "repository*" } ] }, { - "access_level": "List", - "description": "Grants permission to get information about all applications associated with the IAM user", - "privilege": "ListApplications", + "access_level": "Read", + "description": "Grants permission to get the reactions on a comment", + "privilege": "GetCommentReactions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { - "access_level": "List", - "description": "Grants permission to get information about all deployment configurations associated with the IAM user", - "privilege": "ListDeploymentConfigs", + "access_level": "Read", + "description": "Grants permission to get information about comments made on the comparison between two commits", + "privilege": "GetCommentsForComparedCommit", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { - "access_level": "List", - "description": "Grants permission to get information about all deployment groups for an application associated with the IAM user", - "privilege": "ListDeploymentGroups", + "access_level": "Read", + "description": "Grants permission to get comments made on a pull request", + "privilege": "GetCommentsForPullRequest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "repository*" } ] }, { - "access_level": "List", - "description": "Grants permission to get information about all instances in a deployment associated with the IAM user", - "privilege": "ListDeploymentInstances", + "access_level": "Read", + "description": "Grants permission to return information about a commit, including commit message and committer information, with this API; does not control Git log actions", + "privilege": "GetCommit", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deploymentgroup*" + "resource_type": "repository*" } ] }, { - "access_level": "List", - "description": "Grants permission to return an array of target IDs that are associated a deployment", - "privilege": "ListDeploymentTargets", + "access_level": "Read", + "description": "Grants permission to get information about the history of commits in a repository", + "privilege": "GetCommitHistory", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { - "access_level": "List", - "description": "Grants permission to get information about all deployments to a deployment group associated with the IAM user, or to get all deployments associated with the IAM user", - "privilege": "ListDeployments", + "access_level": "Read", + "description": "Grants permission to get information about the difference between commits in the context of a potential merge", + "privilege": "GetCommitsFromMergeBase", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deploymentgroup*" + "resource_type": "repository*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the names of stored connections to GitHub accounts", - "privilege": "ListGitHubAccountTokenNames", + "access_level": "Read", + "description": "Grants permission to view information about the differences between valid commit specifiers such as a branch, tag, HEAD, commit ID, or other fully qualified reference", + "privilege": "GetDifferences", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { - "access_level": "List", - "description": "Grants permission to get a list of one or more on-premises instance names", - "privilege": "ListOnPremisesInstances", + "access_level": "Read", + "description": "Grants permission to return the base-64 encoded contents of a specified file and its metadata", + "privilege": "GetFile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { - "access_level": "List", - "description": "Grants permission to return a list of tags for the resource identified by a specified ARN. Tags are used to organize and categorize your CodeDeploy resources", - "privilege": "ListTagsForResource", + "access_level": "Read", + "description": "Grants permission to return the contents of a specified folder in a repository", + "privilege": "GetFolder", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "deploymentgroup" + "resource_type": "repository*" } ] }, { - "access_level": "Write", - "description": "Grants permission to notify a lifecycle event hook execution status for associated deployment with the IAM user", - "privilege": "PutLifecycleEventHookExecutionStatus", + "access_level": "Read", + "description": "Grants permission to get information about a merge commit created by one of the merge options for pull requests that creates merge commits. Not all merge options create merge commits. This permission does not control Git merge actions", + "privilege": "GetMergeCommit", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "repository*" + }, + { + "condition_keys": [ + "codecommit:References" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to register information about an application revision for an application associated with the IAM user", - "privilege": "RegisterApplicationRevision", + "access_level": "Read", + "description": "Grants permission to get information about merge conflicts between the before and after commit IDs for a pull request in a repository", + "privilege": "GetMergeConflicts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "repository*" } ] }, { - "access_level": "Write", - "description": "Grants permission to register an on-premises instance", - "privilege": "RegisterOnPremisesInstance", + "access_level": "Read", + "description": "Grants permission to get information about merge options for pull requests that can be used to merge two commits; does not control Git merge actions", + "privilege": "GetMergeOptions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "repository*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from one or more on-premises instances", - "privilege": "RemoveTagsFromOnPremisesInstances", + "access_level": "Read", + "description": "Grants permission to resolve blobs, trees, and commits to their identifier", + "privilege": "GetObjectIdentifier", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "repository*" } ] }, { - "access_level": "Write", - "description": "Grants permission to override any specified wait time and starts terminating instances immediately after the traffic routing is complete. This action applies to blue-green deployments only", - "privilege": "SkipWaitTimeForInstanceTermination", + "access_level": "Read", + "description": "Grants permission to get information about a pull request in a specified repository", + "privilege": "GetPullRequest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { - "access_level": "Write", - "description": "Grants permission to stop a deployment", - "privilege": "StopDeployment", + "access_level": "Read", + "description": "Grants permission to retrieve the current approvals on an inputted pull request", + "privilege": "GetPullRequestApprovalStates", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to associate the list of tags in the input Tags parameter with the resource identified by the ResourceArn input parameter", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to retrieve the current override state of a given pull request", + "privilege": "GetPullRequestOverrideState", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "deploymentgroup" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to disassociate a resource from a list of tags. The resource is identified by the ResourceArn input parameter. The tags are identfied by the list of keys in the TagKeys input parameter", - "privilege": "UntagResource", + "access_level": "Read", + "description": "Grants permission to get details about references in an AWS CodeCommit repository; does not control Git reference actions", + "privilege": "GetReferences", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "deploymentgroup" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update an application", - "privilege": "UpdateApplication", + "access_level": "Read", + "description": "Grants permission to get information about an AWS CodeCommit repository", + "privilege": "GetRepository", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "repository*" } ] }, { - "access_level": "Write", - "description": "Grants permission to change information about a single deployment group for an application associated with the IAM user", - "privilege": "UpdateDeploymentGroup", + "access_level": "Read", + "description": "Grants permission to get information about triggers configured for a repository", + "privilege": "GetRepositoryTriggers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deploymentgroup*" + "resource_type": "repository*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:codedeploy:${Region}:${Account}:application:${ApplicationName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "application" - }, - { - "arn": "arn:${Partition}:codedeploy:${Region}:${Account}:deploymentconfig:${DeploymentConfigurationName}", - "condition_keys": [], - "resource": "deploymentconfig" - }, - { - "arn": "arn:${Partition}:codedeploy:${Region}:${Account}:deploymentgroup:${ApplicationName}/${DeploymentGroupName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "deploymentgroup" }, - { - "arn": "arn:${Partition}:codedeploy:${Region}:${Account}:instance:${InstanceName}", - "condition_keys": [], - "resource": "instance" - } - ], - "service_name": "AWS CodeDeploy" - }, - { - "conditions": [], - "prefix": "codedeploy-commands-secure", - "privileges": [ { "access_level": "Read", - "description": "Grants permission to get deployment specification", - "privilege": "GetDeploymentSpecification", + "description": "Grants permission to view the contents of a specified tree in an AWS CodeCommit repository from the AWS CodeCommit console", + "privilege": "GetTree", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { "access_level": "Read", - "description": "Grants permission to request host agent commands", - "privilege": "PollHostCommand", + "description": "Grants permission to get status information about an archive upload to a pipeline in AWS CodePipeline", + "privilege": "GetUploadArchiveStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { - "access_level": "Write", - "description": "Grants permission to mark host agent commands acknowledged", - "privilege": "PutHostCommandAcknowledgement", + "access_level": "Read", + "description": "Grants permission to pull information from an AWS CodeCommit repository to a local repo", + "privilege": "GitPull", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { "access_level": "Write", - "description": "Grants permission to mark host agent commands completed", - "privilege": "PutHostCommandComplete", + "description": "Grants permission to push information from a local repo to an AWS CodeCommit repository", + "privilege": "GitPush", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - } - ], - "resources": [], - "service_name": "AWS CodeDeploy secure host commands service" - }, - { - "conditions": [], - "prefix": "codeguru", - "privileges": [ - { - "access_level": "Read", - "description": "Grants permission to get free trial summary for the CodeGuru service which includes expiration date", - "privilege": "GetCodeGuruFreeTrialSummary", - "resource_types": [ + "resource_type": "repository*" + }, { - "condition_keys": [], + "condition_keys": [ + "codecommit:References" + ], "dependent_actions": [], "resource_type": "" } ] - } - ], - "resources": [], - "service_name": "Amazon CodeGuru" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tag key-value pairs attached to the resource", - "type": "String" }, { - "condition": "aws:TagKeys", - "description": "Filters access by the presence of tag keys in the request", - "type": "ArrayOfString" - } - ], - "prefix": "codeguru-profiler", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to add up to 2 topic ARNs of existing AWS SNS topics to publish notifications", - "privilege": "AddNotificationChannels", + "access_level": "List", + "description": "Grants permission to list all approval rule templates in an AWS Region for the AWS account", + "privilege": "ListApprovalRuleTemplates", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ProfilingGroup*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to get the frame metric data for a Profiling Group", - "privilege": "BatchGetFrameMetricData", + "description": "Grants permission to list approval rule templates that are associated with a repository", + "privilege": "ListAssociatedApprovalRuleTemplatesForRepository", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ProfilingGroup*" + "resource_type": "repository*" } ] }, { - "access_level": "Write", - "description": "Grants permission to register with the orchestration service and retrieve profiling configuration information, used by agents", - "privilege": "ConfigureAgent", + "access_level": "List", + "description": "Grants permission to list branches for an AWS CodeCommit repository with this API; does not control Git branch actions", + "privilege": "ListBranches", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ProfilingGroup*" + "resource_type": "repository*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a profiling group", - "privilege": "CreateProfilingGroup", + "access_level": "List", + "description": "Grants permission to list commits and changes to a specified file", + "privilege": "ListFileCommitHistory", "resource_types": [ { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a profiling group", - "privilege": "DeleteProfilingGroup", + "access_level": "List", + "description": "Grants permission to list pull requests for a specified repository", + "privilege": "ListPullRequests", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ProfilingGroup*" + "resource_type": "repository*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a profiling group", - "privilege": "DescribeProfilingGroup", + "access_level": "List", + "description": "Grants permission to list information about AWS CodeCommit repositories in the current Region for your AWS account", + "privilege": "ListRepositories", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ProfilingGroup*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a summary of recent recommendations for each profiling group in the account", - "privilege": "GetFindingsReportAccountSummary", + "access_level": "List", + "description": "Grants permission to list repositories that are associated with an approval rule template", + "privilege": "ListRepositoriesForApprovalRuleTemplate", "resource_types": [ { "condition_keys": [], @@ -55189,194 +59586,204 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get the notification configuration", - "privilege": "GetNotificationConfiguration", + "access_level": "List", + "description": "Grants permission to list the resource attached to a CodeCommit resource ARN", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ProfilingGroup*" + "resource_type": "repository" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the resource policy associated with the specified Profiling Group", - "privilege": "GetPolicy", + "access_level": "Write", + "description": "Grants permission to merge two commits into the specified destination branch using the fast-forward merge option", + "privilege": "MergeBranchesByFastForward", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ProfilingGroup*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get aggregated profiles for a specific profiling group", - "privilege": "GetProfile", - "resource_types": [ + "resource_type": "repository*" + }, { - "condition_keys": [], + "condition_keys": [ + "codecommit:References" + ], "dependent_actions": [], - "resource_type": "ProfilingGroup*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get recommendations", - "privilege": "GetRecommendations", + "access_level": "Write", + "description": "Grants permission to merge two commits into the specified destination branch using the squash merge option", + "privilege": "MergeBranchesBySquash", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ProfilingGroup*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list the available recommendations reports for a specific profiling group", - "privilege": "ListFindingsReports", - "resource_types": [ + "resource_type": "repository*" + }, { - "condition_keys": [], + "condition_keys": [ + "codecommit:References" + ], "dependent_actions": [], - "resource_type": "ProfilingGroup*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the start times of the available aggregated profiles for a specific profiling group", - "privilege": "ListProfileTimes", + "access_level": "Write", + "description": "Grants permission to merge two commits into the specified destination branch using the three-way merge option", + "privilege": "MergeBranchesByThreeWay", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ProfilingGroup*" + "resource_type": "repository*" + }, + { + "condition_keys": [ + "codecommit:References" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list profiling groups in the account", - "privilege": "ListProfilingGroups", + "access_level": "Write", + "description": "Grants permission to close a pull request and attempt to merge it into the specified destination branch for that pull request at the specified commit using the fast-forward merge option", + "privilege": "MergePullRequestByFastForward", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "repository*" + }, + { + "condition_keys": [ + "codecommit:References" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list tags for a Profiling Group", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to close a pull request and attempt to merge it into the specified destination branch for that pull request at the specified commit using the squash merge option", + "privilege": "MergePullRequestBySquash", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ProfilingGroup*" + "resource_type": "repository*" + }, + { + "condition_keys": [ + "codecommit:References" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to submit a profile collected by an agent belonging to a specific profiling group for aggregation", - "privilege": "PostAgentProfile", + "description": "Grants permission to close a pull request and attempt to merge it into the specified destination branch for that pull request at the specified commit using the three-way merge option", + "privilege": "MergePullRequestByThreeWay", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ProfilingGroup*" + "resource_type": "repository*" + }, + { + "condition_keys": [ + "codecommit:References" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to update the list of principals allowed for an action group in the resource policy associated with the specified Profiling Group", - "privilege": "PutPermission", + "access_level": "Write", + "description": "Grants permission to override all approval rules for a pull request, including approval rules created by a template", + "privilege": "OverridePullRequestApprovalRules", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ProfilingGroup*" + "resource_type": "repository*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an already configured SNStopic arn from the notification configuration", - "privilege": "RemoveNotificationChannel", + "description": "Grants permission to post a comment on the comparison between two commits", + "privilege": "PostCommentForComparedCommit", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ProfilingGroup*" + "resource_type": "repository*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to remove the permission of specified Action Group from the resource policy associated with the specified Profiling Group", - "privilege": "RemovePermission", + "access_level": "Write", + "description": "Grants permission to post a comment on a pull request", + "privilege": "PostCommentForPullRequest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ProfilingGroup*" + "resource_type": "repository*" } ] }, { "access_level": "Write", - "description": "Grants permission to submit user feedback for useful or non useful anomaly", - "privilege": "SubmitFeedback", + "description": "Grants permission to post a comment in reply to a comment on a comparison between commits or a pull request", + "privilege": "PostCommentReply", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ProfilingGroup*" + "resource_type": "repository*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add or overwrite tags to a Profiling Group", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to post a reaction on a comment", + "privilege": "PutCommentReaction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ProfilingGroup*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from a Profiling Group", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to add or update a file in a branch in an AWS CodeCommit repository, and generate a commit for the addition in the specified branch", + "privilege": "PutFile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ProfilingGroup*" + "resource_type": "repository*" }, { "condition_keys": [ - "aws:TagKeys" + "codecommit:References" ], "dependent_actions": [], "resource_type": "" @@ -55385,90 +59792,31 @@ }, { "access_level": "Write", - "description": "Grants permission to update a specific profiling group", - "privilege": "UpdateProfilingGroup", + "description": "Grants permission to create, update, or delete triggers for a repository", + "privilege": "PutRepositoryTriggers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ProfilingGroup*" - } - ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:codeguru-profiler:${Region}:${Account}:profilingGroup/${ProfilingGroupName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "ProfilingGroup" - } - ], - "service_name": "Amazon CodeGuru Profiler" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access based on the presence of tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on tag key-value pairs attached to the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access based on the presence of tag keys in the request", - "type": "ArrayOfString" - } - ], - "prefix": "codeguru-reviewer", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to associates a repository with Amazon CodeGuru Reviewer", - "privilege": "AssociateRepository", - "resource_types": [ - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "codecommit:GetRepository", - "codecommit:ListRepositories", - "codecommit:TagResource", - "codestar-connections:PassConnection", - "events:PutRule", - "events:PutTargets", - "iam:CreateServiceLinkedRole", - "s3:CreateBucket", - "s3:ListBucket", - "s3:PutBucketPolicy", - "s3:PutLifecycleConfiguration" - ], - "resource_type": "" + "resource_type": "repository*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a code review", - "privilege": "CreateCodeReview", + "access_level": "Tagging", + "description": "Grants permission to attach resource tags to a CodeCommit resource ARN", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "s3:GetObject" - ], - "resource_type": "association*" + "dependent_actions": [], + "resource_type": "repository" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -55476,29 +59824,30 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to perform webbased oauth handshake for 3rd party providers", - "privilege": "CreateConnectionToken", + "access_level": "Write", + "description": "Grants permission to test the functionality of repository triggers by sending information to the trigger target", + "privilege": "TestRepositoryTriggers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a code review", - "privilege": "DescribeCodeReview", + "access_level": "Tagging", + "description": "Grants permission to disassociate resource tags from a CodeCommit resource ARN", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "association*" + "resource_type": "repository" }, { "condition_keys": [ + "aws:TagKeys", "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], @@ -55507,245 +59856,184 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to describe a recommendation feedback on a code review", - "privilege": "DescribeRecommendationFeedback", + "access_level": "Write", + "description": "Grants permission to update the content of approval rule templates; does not grant permission to update content of approval rules created specifically for pull requests", + "privilege": "UpdateApprovalRuleTemplateContent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "association*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a repository association", - "privilege": "DescribeRepositoryAssociation", + "access_level": "Write", + "description": "Grants permission to update the description of approval rule templates", + "privilege": "UpdateApprovalRuleTemplateDescription", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "association*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate a repository with Amazon CodeGuru Reviewer", - "privilege": "DisassociateRepository", + "description": "Grants permission to update the name of approval rule templates", + "privilege": "UpdateApprovalRuleTemplateName", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "codecommit:UntagResource", - "events:DeleteRule", - "events:RemoveTargets" - ], - "resource_type": "association*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view pull request metrics in console", - "privilege": "GetMetricsData", + "access_level": "Write", + "description": "Grants permission to update the contents of a comment if the identity matches the identity used to create the comment", + "privilege": "UpdateComment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { - "access_level": "List", - "description": "Grants permission to list summary of code reviews", - "privilege": "ListCodeReviews", + "access_level": "Write", + "description": "Grants permission to change the default branch in an AWS CodeCommit repository", + "privilege": "UpdateDefaultBranch", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { - "access_level": "List", - "description": "Grants permission to list summary of recommendation feedback on a code review", - "privilege": "ListRecommendationFeedback", + "access_level": "Write", + "description": "Grants permission to update the content for approval rules created for a specific pull requests; does not grant permission to update approval rule content for rules created with an approval rule template", + "privilege": "UpdatePullRequestApprovalRuleContent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "association*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { - "access_level": "List", - "description": "Grants permission to list summary of recommendations on a code review", - "privilege": "ListRecommendations", + "access_level": "Write", + "description": "Grants permission to update the approval state for pull requests", + "privilege": "UpdatePullRequestApprovalState", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "association*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { - "access_level": "List", - "description": "Grants permission to list summary of repository associations", - "privilege": "ListRepositoryAssociations", + "access_level": "Write", + "description": "Grants permission to update the description of a pull request", + "privilege": "UpdatePullRequestDescription", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the resource attached to a associated repository ARN", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to update the status of a pull request", + "privilege": "UpdatePullRequestStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "association*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list 3rd party providers repositories in console", - "privilege": "ListThirdPartyRepositories", + "access_level": "Write", + "description": "Grants permission to update the title of a pull request", + "privilege": "UpdatePullRequestTitle", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { "access_level": "Write", - "description": "Grants permission to put feedback for a recommendation on a code review", - "privilege": "PutRecommendationFeedback", + "description": "Grants permission to change the description of an AWS CodeCommit repository", + "privilege": "UpdateRepositoryDescription", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "association*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to attach resource tags to an associated repository ARN", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to change the AWS KMS encryption key used to encrypt and decrypt an AWS CodeCommit repository", + "privilege": "UpdateRepositoryEncryptionKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "association*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to disassociate resource tags from an associated repository ARN", - "privilege": "UnTagResource", + "access_level": "Write", + "description": "Grants permission to change the name of an AWS CodeCommit repository", + "privilege": "UpdateRepositoryName", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "association*" - }, + "resource_type": "repository*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to the service role for AWS CodePipeline to upload repository changes into a pipeline", + "privilege": "UploadArchive", + "resource_types": [ { - "condition_keys": [ - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:codeguru-reviewer:${Region}:${Account}:association:${ResourceId}", + "arn": "arn:${Partition}:codecommit:${Region}:${Account}:${RepositoryName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "association" - }, - { - "arn": "arn:${Partition}:codeguru-reviewer:${Region}:${Account}:association:${ResourceId}:codereview:${CodeReviewId}", - "condition_keys": [], - "resource": "codereview" + "resource": "repository" } ], - "service_name": "Amazon CodeGuru Reviewer" + "service_name": "AWS CodeCommit" }, { "conditions": [ @@ -55763,36 +60051,102 @@ "condition": "aws:TagKeys", "description": "Filters access by the tag keys that are passed in the request", "type": "ArrayOfString" + }, + { + "condition": "codeconnections:Branch", + "description": "Filters access by the branch name that is passed in the request", + "type": "String" + }, + { + "condition": "codeconnections:BranchName", + "description": "Filters access by the branch name that is passed in the request. Applies only to UseConnection requests for access to a specific repository branch", + "type": "String" + }, + { + "condition": "codeconnections:FullRepositoryId", + "description": "Filters access by the repository that is passed in the request. Applies only to UseConnection requests for access to a specific repository", + "type": "String" + }, + { + "condition": "codeconnections:HostArn", + "description": "Filters access by the host resource associated with the connection used in the request", + "type": "ARN" + }, + { + "condition": "codeconnections:InstallationId", + "description": "Filters access by the third-party ID (such as the Bitbucket App installation ID for CodeConnections) that is used to update a Connection. Allows you to restrict which third-party App installations can be used to make a Connection", + "type": "String" + }, + { + "condition": "codeconnections:OwnerId", + "description": "Filters access by the owner of the third-party repository. Applies only to UseConnection requests for access to repositories owned by a specific user", + "type": "String" + }, + { + "condition": "codeconnections:PassedToService", + "description": "Filters access by the service to which the principal is allowed to pass a Connection or RepositoryLink", + "type": "String" + }, + { + "condition": "codeconnections:ProviderAction", + "description": "Filters access by the provider action in a UseConnection request such as ListRepositories. See documentation for all valid values", + "type": "String" + }, + { + "condition": "codeconnections:ProviderPermissionsRequired", + "description": "Filters access by the write permissions of a provider action in a UseConnection request. Valid types include read_only and read_write", + "type": "String" + }, + { + "condition": "codeconnections:ProviderType", + "description": "Filters access by the type of third-party provider passed in the request", + "type": "String" + }, + { + "condition": "codeconnections:ProviderTypeFilter", + "description": "Filters access by the type of third-party provider used to filter results", + "type": "String" + }, + { + "condition": "codeconnections:RepositoryName", + "description": "Filters access by the repository name that is passed in the request. Applies only to UseConnection requests for access to repositories owned by a specific user", + "type": "String" + }, + { + "condition": "codeconnections:VpcId", + "description": "Filters access by the VpcId passed in the request", + "type": "String" } ], - "prefix": "codeguru-security", + "prefix": "codeconnections", "privileges": [ { - "access_level": "Read", - "description": "Grants permission to batch retrieve specific findings generated by CodeGuru Security", - "privilege": "BatchGetFindings", + "access_level": "Write", + "description": "Grants permission to create a Connection resource", + "privilege": "CreateConnection", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "codeconnections:ProviderType" + ], "dependent_actions": [], - "resource_type": "ScanName*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a CodeGuru Security scan", - "privilege": "CreateScan", + "description": "Grants permission to create a host resource", + "privilege": "CreateHost", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ScanName*" - }, { "condition_keys": [ + "aws:RequestTag/${TagKey}", "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "codeconnections:ProviderType", + "codeconnections:VpcId" ], "dependent_actions": [], "resource_type": "" @@ -55801,152 +60155,157 @@ }, { "access_level": "Write", - "description": "Grants permission to generate a presigned url for uploading code archives", - "privilege": "CreateUploadUrl", + "description": "Grants permission to create a repository link", + "privilege": "CreateRepositoryLink", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "codeconnections:PassConnection", + "codeconnections:UseConnection" + ], + "resource_type": "Connection*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "ScanName*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete all the scans and related findings from CodeGuru Security by given category", - "privilege": "DeleteScansByCategory", + "description": "Grants permission to create a template sync config", + "privilege": "CreateSyncConfiguration", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "codeconnections:PassRepository", + "iam:PassRole" + ], + "resource_type": "RepositoryLink*" + }, + { + "condition_keys": [ + "codeconnections:Branch" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the account level configurations", - "privilege": "GetAccountConfiguration", + "access_level": "Write", + "description": "Grants permission to delete a Connection resource", + "privilege": "DeleteConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Connection*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve findings for a scan generated by CodeGuru Security", - "privilege": "GetFindings", + "access_level": "Write", + "description": "Grants permission to delete a host resource", + "privilege": "DeleteHost", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ScanName*" + "resource_type": "Host*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve AWS accout level metrics summary generated by CodeGuru Security", - "privilege": "GetMetricsSummary", + "access_level": "Write", + "description": "Grants permission to delete a repository link", + "privilege": "DeleteRepositoryLink", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "RepositoryLink*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve CodeGuru Security scan metadata", - "privilege": "GetScan", + "access_level": "Write", + "description": "Grants permission to delete a sync configuration", + "privilege": "DeleteSyncConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ScanName*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve findings generated by CodeGuru Security", - "privilege": "ListFindings", + "access_level": "Read", + "description": "Grants permission to get details about a Connection resource", + "privilege": "GetConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Connection*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of account level findings metrics within a date range", - "privilege": "ListFindingsMetrics", + "access_level": "Read", + "description": "Grants permission to get a Connection token to call provider actions", + "privilege": "GetConnectionToken", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Connection*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve list of CodeGuru Security scan metadata", - "privilege": "ListScans", + "access_level": "Read", + "description": "Grants permission to get details about a host resource", + "privilege": "GetHost", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Host*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve a list of tags for a scan name ARN", - "privilege": "ListTagsForResource", + "description": "Grants permission to associate a third party, such as a Bitbucket App installation, with a Connection", + "privilege": "GetIndividualAccessToken", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ScanName*" - }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "codeconnections:ProviderType" + ], + "dependent_actions": [ + "codeconnections:StartOAuthHandshake" ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add tags to a scan name ARN", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to associate a third party, such as a Bitbucket App installation, with a Connection", + "privilege": "GetInstallationUrl", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ScanName*" - }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "codeconnections:ProviderType" ], "dependent_actions": [], "resource_type": "" @@ -55954,18 +60313,30 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from a scan name ARN", - "privilege": "UntagResource", + "access_level": "Read", + "description": "Grants permission to describe a repository link", + "privilege": "GetRepositoryLink", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ScanName*" + "resource_type": "RepositoryLink*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the latest sync status for a repository", + "privilege": "GetRepositorySyncStatus", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "RepositoryLink*" }, { "condition_keys": [ - "aws:TagKeys" + "codeconnections:Branch" ], "dependent_actions": [], "resource_type": "" @@ -55973,9 +60344,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update the account level configurations", - "privilege": "UpdateAccountConfiguration", + "access_level": "Read", + "description": "Grants permission to get the latest sync status for a resource (cfn stack or other resources)", + "privilege": "GetResourceSyncStatus", "resource_types": [ { "condition_keys": [], @@ -55983,43 +60354,11 @@ "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:codeguru-security:${Region}:${Account}:scans/${ScanName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "ScanName" - } - ], - "service_name": "Amazon CodeGuru Security" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the presence of tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on tag key-value pairs attached to the resource", - "type": "String" }, { - "condition": "aws:TagKeys", - "description": "Filters actions based on the presence of tag keys in the request", - "type": "ArrayOfString" - } - ], - "prefix": "codepipeline", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to view information about a specified job and whether that job has been received by the job worker", - "privilege": "AcknowledgeJob", + "access_level": "Read", + "description": "Grants permission to describe service sync blockers on a resource (cfn stack or other resources)", + "privilege": "GetSyncBlockerSummary", "resource_types": [ { "condition_keys": [], @@ -56029,9 +60368,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to confirm that a job worker has received the specified job (partner actions only)", - "privilege": "AcknowledgeThirdPartyJob", + "access_level": "Read", + "description": "Grants permission to describe a sync configuration", + "privilege": "GetSyncConfiguration", "resource_types": [ { "condition_keys": [], @@ -56041,19 +60380,18 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a custom action that you can use in the pipelines associated with your AWS account", - "privilege": "CreateCustomActionType", + "access_level": "List", + "description": "Grants permission to list Connection resources", + "privilege": "ListConnections", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "actiontype*" + "resource_type": "Connection*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "codeconnections:ProviderTypeFilter" ], "dependent_actions": [], "resource_type": "" @@ -56061,19 +60399,13 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a uniquely named pipeline", - "privilege": "CreatePipeline", + "access_level": "List", + "description": "Grants permission to list host resources", + "privilege": "ListHosts", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "pipeline*" - }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "codeconnections:ProviderTypeFilter" ], "dependent_actions": [], "resource_type": "" @@ -56081,216 +60413,293 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete a custom action", - "privilege": "DeleteCustomActionType", + "access_level": "List", + "description": "Grants permission to associate a third party, such as a Bitbucket App installation, with a Connection", + "privilege": "ListInstallationTargets", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "actiontype*" + "dependent_actions": [ + "codeconnections:GetIndividualAccessToken", + "codeconnections:StartOAuthHandshake" + ], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a specified pipeline", - "privilege": "DeletePipeline", + "access_level": "List", + "description": "Grants permission to list repository links", + "privilege": "ListRepositoryLinks", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a specified webhook", - "privilege": "DeleteWebhook", + "access_level": "List", + "description": "Grants permission to list repository sync definitions", + "privilege": "ListRepositorySyncDefinitions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "webhook*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to remove the registration of a webhook with the third party specified in its configuration", - "privilege": "DeregisterWebhookWithThirdParty", + "access_level": "List", + "description": "Grants permission to list sync configurations for a repository link", + "privilege": "ListSyncConfigurations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "webhook*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to prevent revisions from transitioning to the next stage in a pipeline", - "privilege": "DisableStageTransition", + "access_level": "List", + "description": "Grants permission to the set of key-value pairs that are used to manage the resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stage*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to allow revisions to transition to the next stage in a pipeline", - "privilege": "EnableStageTransition", - "resource_types": [ + "resource_type": "Connection" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "stage*" + "resource_type": "Host" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "RepositoryLink" } ] }, { "access_level": "Read", - "description": "Grants permission to view information about an action type", - "privilege": "GetActionType", + "description": "Grants permission to pass a Connection resource to an AWS service that accepts a Connection ARN as input, such as codepipeline:CreatePipeline", + "privilege": "PassConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "Connection*" + }, + { + "condition_keys": [ + "codeconnections:PassedToService" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to view information about a job (custom actions only)", - "privilege": "GetJobDetails", + "description": "Grants permission to pass a repository link resource to an AWS service that accepts a RepositoryLinkId as input, such as codeconnections:CreateSyncConfiguration", + "privilege": "PassRepository", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "RepositoryLink*" + }, + { + "condition_keys": [ + "codeconnections:PassedToService" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve information about a pipeline structure", - "privilege": "GetPipeline", + "description": "Grants permission to associate a third party server, such as a GitHub Enterprise Server instance, with a Host", + "privilege": "RegisterAppCode", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "codeconnections:HostArn" + ], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to view information about an execution of a pipeline, including details about artifacts, the pipeline execution ID, and the name, version, and status of the pipeline", - "privilege": "GetPipelineExecution", + "description": "Grants permission to associate a third party server, such as a GitHub Enterprise Server instance, with a Host", + "privilege": "StartAppRegistrationHandshake", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "codeconnections:HostArn" + ], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to view information about the current state of the stages and actions of a pipeline", - "privilege": "GetPipelineState", + "description": "Grants permission to associate a third party, such as a Bitbucket App installation, with a Connection", + "privilege": "StartOAuthHandshake", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "codeconnections:ProviderType" + ], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view the details of a job for a third-party action (partner actions only)", - "privilege": "GetThirdPartyJobDetails", + "access_level": "Tagging", + "description": "Grants permission to add or modify the tags of the given resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "Connection" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Host" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "RepositoryLink" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list the action executions that have occurred in a pipeline", - "privilege": "ListActionExecutions", + "access_level": "Tagging", + "description": "Grants permission to remove tags from an AWS resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "Connection" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Host" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "RepositoryLink" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list a summary of all the action types available for pipelines in your account", - "privilege": "ListActionTypes", + "access_level": "Write", + "description": "Grants permission to update a Connection resource with an installation of the CodeStar Connections App", + "privilege": "UpdateConnectionInstallation", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "codeconnections:GetIndividualAccessToken", + "codeconnections:GetInstallationUrl", + "codeconnections:ListInstallationTargets", + "codeconnections:StartOAuthHandshake" + ], + "resource_type": "Connection*" + }, + { + "condition_keys": [ + "codeconnections:InstallationId" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list a summary of the most recent executions for a pipeline", - "privilege": "ListPipelineExecutions", + "access_level": "Write", + "description": "Grants permission to update a host resource", + "privilege": "UpdateHost", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "Host*" + }, + { + "condition_keys": [ + "codeconnections:VpcId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list a summary of all the pipelines associated with your AWS account", - "privilege": "ListPipelines", + "access_level": "Write", + "description": "Grants permission to update a repository link", + "privilege": "UpdateRepositoryLink", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "RepositoryLink*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list the rule executions that have occurred in a pipeline", - "privilege": "ListRuleExecutions", + "access_level": "Write", + "description": "Grants permission to update a sync blocker for a resource (cfn stack or other resources)", + "privilege": "UpdateSyncBlocker", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list a summary of all the rule types available for pipelines in your account", - "privilege": "ListRuleTypes", + "access_level": "Write", + "description": "Grants permission to update a sync configuration", + "privilege": "UpdateSyncConfiguration", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "codeconnections:Branch" + ], "dependent_actions": [], "resource_type": "" } @@ -56298,102 +60707,138 @@ }, { "access_level": "Read", - "description": "Grants permission to list tags for a CodePipeline resource", - "privilege": "ListTagsForResource", + "description": "Grants permission to use a Connection resource to call provider actions", + "privilege": "UseConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "actiontype" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "pipeline" + "resource_type": "Connection*" }, { - "condition_keys": [], + "condition_keys": [ + "codeconnections:BranchName", + "codeconnections:FullRepositoryId", + "codeconnections:OwnerId", + "codeconnections:ProviderAction", + "codeconnections:ProviderPermissionsRequired", + "codeconnections:RepositoryName" + ], "dependent_actions": [], - "resource_type": "webhook" + "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:codeconnections:${Region}:${Account}:connection/${ConnectionId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Connection" }, { - "access_level": "List", - "description": "Grants permission to list all of the webhooks associated with your AWS account", - "privilege": "ListWebhooks", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "webhook*" - } - ] + "arn": "arn:${Partition}:codeconnections:${Region}:${Account}:host/${HostId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Host" }, { - "access_level": "Write", - "description": "Grants permission to resume the pipeline execution by overriding a condition in a stage", - "privilege": "OverrideStageCondition", + "arn": "arn:${Partition}:codeconnections:${Region}:${Account}:repository-link/${RepositoryLinkId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "RepositoryLink" + } + ], + "service_name": "AWS CodeConnections" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters actions based on the presence of tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters actions based on tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters actions based on the presence of tag keys in the request", + "type": "ArrayOfString" + } + ], + "prefix": "codedeploy", + "privileges": [ + { + "access_level": "Tagging", + "description": "Grants permission to add tags to one or more on-premises instances", + "privilege": "AddTagsToOnPremisesInstances", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stage*" + "resource_type": "instance*" } ] }, { - "access_level": "Write", - "description": "Grants permission to view information about any jobs for CodePipeline to act on", - "privilege": "PollForJobs", + "access_level": "Read", + "description": "Grants permission to get information about one or more application revisions", + "privilege": "BatchGetApplicationRevisions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "actiontype*" + "resource_type": "application*" } ] }, { - "access_level": "Write", - "description": "Grants permission to determine whether there are any third-party jobs for a job worker to act on (partner actions only)", - "privilege": "PollForThirdPartyJobs", + "access_level": "Read", + "description": "Grants permission to get information about multiple applications associated with the IAM user", + "privilege": "BatchGetApplications", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "application*" } ] }, { - "access_level": "Write", - "description": "Grants permission to edit actions in a pipeline", - "privilege": "PutActionRevision", + "access_level": "Read", + "description": "Grants permission to get information about one or more deployment groups", + "privilege": "BatchGetDeploymentGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "action*" + "resource_type": "deploymentgroup*" } ] }, { - "access_level": "Write", - "description": "Grants permission to provide a response (Approved or Rejected) to a manual approval request in CodePipeline", - "privilege": "PutApprovalResult", + "access_level": "Read", + "description": "Grants permission to get information about one or more instance that are part of a deployment group", + "privilege": "BatchGetDeploymentInstances", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "action*" + "resource_type": "deploymentgroup*" } ] }, { - "access_level": "Write", - "description": "Grants permission to represent the failure of a job as returned to the pipeline by a job worker (custom actions only)", - "privilege": "PutJobFailureResult", + "access_level": "Read", + "description": "Grants permission to return an array of one or more targets associated with a deployment. This method works with all compute types and should be used instead of the deprecated BatchGetDeploymentInstances. The maximum number of targets that can be returned is 25", + "privilege": "BatchGetDeploymentTargets", "resource_types": [ { "condition_keys": [], @@ -56403,33 +60848,33 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to represent the success of a job as returned to the pipeline by a job worker (custom actions only)", - "privilege": "PutJobSuccessResult", + "access_level": "Read", + "description": "Grants permission to get information about multiple deployments associated with the IAM user", + "privilege": "BatchGetDeployments", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "deploymentgroup*" } ] }, { - "access_level": "Write", - "description": "Grants permission to represent the failure of a third-party job as returned to the pipeline by a job worker (partner actions only)", - "privilege": "PutThirdPartyJobFailureResult", + "access_level": "Read", + "description": "Grants permission to get information about one or more on-premises instances", + "privilege": "BatchGetOnPremisesInstances", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "instance*" } ] }, { "access_level": "Write", - "description": "Grants permission to represent the success of a third-party job as returned to the pipeline by a job worker (partner actions only)", - "privilege": "PutThirdPartyJobSuccessResult", + "description": "Grants permission to start the process of rerouting traffic from instances in the original environment to instances in thereplacement environment without waiting for a specified wait time to elapse", + "privilege": "ContinueDeployment", "resource_types": [ { "condition_keys": [], @@ -56440,18 +60885,13 @@ }, { "access_level": "Write", - "description": "Grants permission to create or update a webhook", - "privilege": "PutWebhook", + "description": "Grants permission to create an application associated with the IAM user", + "privilege": "CreateApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "webhook*" + "resource_type": "application*" }, { "condition_keys": [ @@ -56465,303 +60905,208 @@ }, { "access_level": "Write", - "description": "Grants permission to register a webhook with the third party specified in its configuration", - "privilege": "RegisterWebhookWithThirdParty", + "description": "Grants permission to create CloudFormation deployment to cooperate ochestration for a CloudFormation stack update", + "privilege": "CreateCloudFormationDeployment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "webhook*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to resume the pipeline execution by retrying the last failed actions in a stage", - "privilege": "RetryStageExecution", + "description": "Grants permission to create a deployment for an application associated with the IAM user", + "privilege": "CreateDeployment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stage*" + "resource_type": "deploymentgroup*" } ] }, { "access_level": "Write", - "description": "Grants permission to rollback the stage to a previous successful execution", - "privilege": "RollbackStage", + "description": "Grants permission to create a custom deployment configuration associated with the IAM user", + "privilege": "CreateDeploymentConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stage*" + "resource_type": "deploymentconfig*" } ] }, { "access_level": "Write", - "description": "Grants permission to run the most recent revision through the pipeline", - "privilege": "StartPipelineExecution", + "description": "Grants permission to create a deployment group for an application associated with the IAM user", + "privilege": "CreateDeploymentGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "deploymentgroup*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to stop an in-progress pipeline execution", - "privilege": "StopPipelineExecution", + "description": "Grants permission to delete an application associated with the IAM user", + "privilege": "DeleteApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "application*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag a CodePipeline resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to delete a custom deployment configuration associated with the IAM user", + "privilege": "DeleteDeploymentConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "actiontype" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "pipeline" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "webhook" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "deploymentconfig*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove a tag from a CodePipeline resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to delete a deployment group for an application associated with the IAM user", + "privilege": "DeleteDeploymentGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "actiontype" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "pipeline" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "webhook" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "deploymentgroup*" } ] }, { "access_level": "Write", - "description": "Grants permission to update an action type", - "privilege": "UpdateActionType", + "description": "Grants permission to delete a GitHub account connection", + "privilege": "DeleteGitHubAccountToken", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "actiontype*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a pipeline with changes to the structure of the pipeline", - "privilege": "UpdatePipeline", + "description": "Grants permission to delete resources associated with the given external Id", + "privilege": "DeleteResourcesByExternalId", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:codepipeline:${Region}:${Account}:${PipelineName}/${StageName}/${ActionName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "action" - }, - { - "arn": "arn:${Partition}:codepipeline:${Region}:${Account}:actiontype:${Owner}/${Category}/${Provider}/${Version}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "actiontype" - }, - { - "arn": "arn:${Partition}:codepipeline:${Region}:${Account}:${PipelineName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "pipeline" - }, - { - "arn": "arn:${Partition}:codepipeline:${Region}:${Account}:${PipelineName}/${StageName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "stage" - }, - { - "arn": "arn:${Partition}:codepipeline:${Region}:${Account}:webhook:${WebhookName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "webhook" - } - ], - "service_name": "AWS CodePipeline" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by requests based on the allowed set of values for each of the tags", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by actions based on tag-value associated with the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by requests based on the presence of mandatory tags in the request", - "type": "ArrayOfString" }, { - "condition": "iam:ResourceTag/${TagKey}", - "description": "Filters access by actions based on tag-value associated with the resource", - "type": "String" - } - ], - "prefix": "codestar", - "privileges": [ - { - "access_level": "Permissions management", - "description": "Grants permission to add a user to the team for an AWS CodeStar project", - "privilege": "AssociateTeamMember", + "access_level": "Write", + "description": "Grants permission to deregister an on-premises instance", + "privilege": "DeregisterOnPremisesInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "instance*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to create a project with minimal structure, customer policies, and no resources", - "privilege": "CreateProject", + "access_level": "List", + "description": "Grants permission to get information about a single application associated with the IAM user", + "privilege": "GetApplication", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "application*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a profile for a user that includes user preferences, display name, and email", - "privilege": "CreateUserProfile", + "access_level": "List", + "description": "Grants permission to get information about a single application revision for an application associated with the IAM user", + "privilege": "GetApplicationRevision", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "application*" } ] }, { - "access_level": "Write", - "description": "Grants permission to extended delete APIs", - "privilege": "DeleteExtendedAccess", + "access_level": "List", + "description": "Grants permission to get information about a single deployment to a deployment group for an application associated with the IAM user", + "privilege": "GetDeployment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "deploymentgroup*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to delete a project, including project resources. Does not delete users associated with the project, but does delete the IAM roles that allowed access to the project", - "privilege": "DeleteProject", + "access_level": "List", + "description": "Grants permission to get information about a single deployment configuration associated with the IAM user", + "privilege": "GetDeploymentConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "deploymentconfig*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a user profile in AWS CodeStar, including all personal preference data associated with that profile, such as display name and email address. It does not delete the history of that user, for example the history of commits made by that user", - "privilege": "DeleteUserProfile", + "access_level": "List", + "description": "Grants permission to get information about a single deployment group for an application associated with the IAM user", + "privilege": "GetDeploymentGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "deploymentgroup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a project and its resources", - "privilege": "DescribeProject", + "access_level": "List", + "description": "Grants permission to get information about a single instance in a deployment associated with the IAM user", + "privilege": "GetDeploymentInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "deploymentgroup*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a user in AWS CodeStar and the user attributes across all projects", - "privilege": "DescribeUserProfile", + "description": "Grants permission to return information about a deployment target", + "privilege": "GetDeploymentTarget", "resource_types": [ { "condition_keys": [], @@ -56771,33 +61116,33 @@ ] }, { - "access_level": "Permissions management", - "description": "Grants permission to remove a user from a project. Removing a user from a project also removes the IAM policies from that user that allowed access to the project and its resources", - "privilege": "DisassociateTeamMember", + "access_level": "List", + "description": "Grants permission to get information about a single on-premises instance", + "privilege": "GetOnPremisesInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "instance*" } ] }, { - "access_level": "Read", - "description": "Grants permission to extended read APIs", - "privilege": "GetExtendedAccess", + "access_level": "List", + "description": "Grants permission to get information about all application revisions for an application associated with the IAM user", + "privilege": "ListApplicationRevisions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "application*" } ] }, { "access_level": "List", - "description": "Grants permission to list all projects in CodeStar associated with your AWS account", - "privilege": "ListProjects", + "description": "Grants permission to get information about all applications associated with the IAM user", + "privilege": "ListApplications", "resource_types": [ { "condition_keys": [], @@ -56808,44 +61153,44 @@ }, { "access_level": "List", - "description": "Grants permission to list all resources associated with a project in CodeStar", - "privilege": "ListResources", + "description": "Grants permission to get information about all deployment configurations associated with the IAM user", + "privilege": "ListDeploymentConfigs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list the tags associated with a project in CodeStar", - "privilege": "ListTagsForProject", + "description": "Grants permission to get information about all deployment groups for an application associated with the IAM user", + "privilege": "ListDeploymentGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "application*" } ] }, { "access_level": "List", - "description": "Grants permission to list all team members associated with a project", - "privilege": "ListTeamMembers", + "description": "Grants permission to get information about all instances in a deployment associated with the IAM user", + "privilege": "ListDeploymentInstances", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "deploymentgroup*" } ] }, { "access_level": "List", - "description": "Grants permission to list user profiles in AWS CodeStar", - "privilege": "ListUserProfiles", + "description": "Grants permission to return an array of target IDs that are associated a deployment", + "privilege": "ListDeploymentTargets", "resource_types": [ { "condition_keys": [], @@ -56855,214 +61200,113 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to extended write APIs", - "privilege": "PutExtendedAccess", + "access_level": "List", + "description": "Grants permission to get information about all deployments to a deployment group associated with the IAM user, or to get all deployments associated with the IAM user", + "privilege": "ListDeployments", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "deploymentgroup*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add tags to a project in CodeStar", - "privilege": "TagProject", + "access_level": "List", + "description": "Grants permission to list the names of stored connections to GitHub accounts", + "privilege": "ListGitHubAccountTokenNames", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to get a list of one or more on-premises instance names", + "privilege": "ListOnPremisesInstances", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from a project in CodeStar", - "privilege": "UntagProject", + "access_level": "List", + "description": "Grants permission to return a list of tags for the resource identified by a specified ARN. Tags are used to organize and categorize your CodeDeploy resources", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "application" }, { - "condition_keys": [ - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "deploymentgroup" } ] }, { "access_level": "Write", - "description": "Grants permission to update a project in CodeStar", - "privilege": "UpdateProject", + "description": "Grants permission to notify a lifecycle event hook execution status for associated deployment with the IAM user", + "privilege": "PutLifecycleEventHookExecutionStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to update team member attributes within a CodeStar project", - "privilege": "UpdateTeamMember", + "access_level": "Write", + "description": "Grants permission to register information about an application revision for an application associated with the IAM user", + "privilege": "RegisterApplicationRevision", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "application*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a profile for a user that includes user preferences, display name, and email", - "privilege": "UpdateUserProfile", + "description": "Grants permission to register an on-premises instance", + "privilege": "RegisterOnPremisesInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "instance*" } ] }, { - "access_level": "List", - "description": "Grants permission to verify whether the AWS CodeStar service role exists in the customer's account", - "privilege": "VerifyServiceRole", + "access_level": "Tagging", + "description": "Grants permission to remove tags from one or more on-premises instances", + "privilege": "RemoveTagsFromOnPremisesInstances", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "instance*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:codestar:${Region}:${Account}:project/${ProjectId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "project" - }, - { - "arn": "arn:${Partition}:iam::${Account}:user/${AwsUserName}", - "condition_keys": [ - "iam:ResourceTag/${TagKey}" - ], - "resource": "user" - } - ], - "service_name": "AWS CodeStar" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", - "type": "ArrayOfString" - }, - { - "condition": "codestar-connections:Branch", - "description": "Filters access by the branch name that is passed in the request", - "type": "String" - }, - { - "condition": "codestar-connections:BranchName", - "description": "Filters access by the branch name that is passed in the request. Applies only to UseConnection requests for access to a specific repository branch", - "type": "String" - }, - { - "condition": "codestar-connections:FullRepositoryId", - "description": "Filters access by the repository that is passed in the request. Applies only to UseConnection requests for access to a specific repository", - "type": "String" - }, - { - "condition": "codestar-connections:HostArn", - "description": "Filters access by the host resource associated with the connection used in the request", - "type": "ARN" - }, - { - "condition": "codestar-connections:InstallationId", - "description": "Filters access by the third-party ID (such as the Bitbucket App installation ID for CodeStar Connections) that is used to update a Connection. Allows you to restrict which third-party App installations can be used to make a Connection", - "type": "String" - }, - { - "condition": "codestar-connections:OwnerId", - "description": "Filters access by the owner of the third-party repository. Applies only to UseConnection requests for access to repositories owned by a specific user", - "type": "String" - }, - { - "condition": "codestar-connections:PassedToService", - "description": "Filters access by the service to which the principal is allowed to pass a Connection or RepositoryLink", - "type": "String" - }, - { - "condition": "codestar-connections:ProviderAction", - "description": "Filters access by the provider action in a UseConnection request such as ListRepositories. See documentation for all valid values", - "type": "ArrayOfString" - }, - { - "condition": "codestar-connections:ProviderPermissionsRequired", - "description": "Filters access by the write permissions of a provider action in a UseConnection request. Valid types include read_only and read_write", - "type": "String" - }, - { - "condition": "codestar-connections:ProviderType", - "description": "Filters access by the type of third-party provider passed in the request", - "type": "String" - }, - { - "condition": "codestar-connections:ProviderTypeFilter", - "description": "Filters access by the type of third-party provider used to filter results", - "type": "String" }, - { - "condition": "codestar-connections:RepositoryName", - "description": "Filters access by the repository name that is passed in the request. Applies only to UseConnection requests for access to repositories owned by a specific user", - "type": "String" - } - ], - "prefix": "codestar-connections", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to create a Connection resource", - "privilege": "CreateConnection", + "description": "Grants permission to override any specified wait time and starts terminating instances immediately after the traffic routing is complete. This action applies to blue-green deployments only", + "privilege": "SkipWaitTimeForInstanceTermination", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "codestar-connections:ProviderType" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -57070,32 +61314,30 @@ }, { "access_level": "Write", - "description": "Grants permission to create a host resource", - "privilege": "CreateHost", + "description": "Grants permission to stop a deployment", + "privilege": "StopDeployment", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "codestar-connections:ProviderType" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a repository link", - "privilege": "CreateRepositoryLink", + "access_level": "Tagging", + "description": "Grants permission to associate the list of tags in the input Tags parameter with the resource identified by the ResourceArn input parameter", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "codestar-connections:PassConnection", - "codestar-connections:UseConnection" - ], - "resource_type": "Connection*" + "dependent_actions": [], + "resource_type": "application" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "deploymentgroup" }, { "condition_keys": [ @@ -57108,21 +61350,23 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a template sync config", - "privilege": "CreateSyncConfiguration", + "access_level": "Tagging", + "description": "Grants permission to disassociate a resource from a list of tags. The resource is identified by the ResourceArn input parameter. The tags are identfied by the list of keys in the TagKeys input parameter", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "codestar-connections:PassRepository", - "iam:PassRole" - ], - "resource_type": "RepositoryLink*" + "dependent_actions": [], + "resource_type": "application" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "deploymentgroup" }, { "condition_keys": [ - "codestar-connections:Branch" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -57131,44 +61375,77 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a Connection resource", - "privilege": "DeleteConnection", + "description": "Grants permission to update an application", + "privilege": "UpdateApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Connection*" + "resource_type": "application*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a host resource", - "privilege": "DeleteHost", + "description": "Grants permission to change information about a single deployment group for an application associated with the IAM user", + "privilege": "UpdateDeploymentGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Host*" + "resource_type": "deploymentgroup*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:codedeploy:${Region}:${Account}:application:${ApplicationName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "application" }, { - "access_level": "Write", - "description": "Grants permission to delete a repository link", - "privilege": "DeleteRepositoryLink", + "arn": "arn:${Partition}:codedeploy:${Region}:${Account}:deploymentconfig:${DeploymentConfigurationName}", + "condition_keys": [], + "resource": "deploymentconfig" + }, + { + "arn": "arn:${Partition}:codedeploy:${Region}:${Account}:deploymentgroup:${ApplicationName}/${DeploymentGroupName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "deploymentgroup" + }, + { + "arn": "arn:${Partition}:codedeploy:${Region}:${Account}:instance:${InstanceName}", + "condition_keys": [], + "resource": "instance" + } + ], + "service_name": "AWS CodeDeploy" + }, + { + "conditions": [], + "prefix": "codedeploy-commands-secure", + "privileges": [ + { + "access_level": "Read", + "description": "Grants permission to get deployment specification", + "privilege": "GetDeploymentSpecification", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RepositoryLink*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a sync configuration", - "privilege": "DeleteSyncConfiguration", + "access_level": "Read", + "description": "Grants permission to request host agent commands", + "privilege": "PollHostCommand", "resource_types": [ { "condition_keys": [], @@ -57178,96 +61455,118 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get details about a Connection resource", - "privilege": "GetConnection", + "access_level": "Write", + "description": "Grants permission to mark host agent commands acknowledged", + "privilege": "PutHostCommandAcknowledgement", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Connection*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a Connection token to call provider actions", - "privilege": "GetConnectionToken", + "access_level": "Write", + "description": "Grants permission to mark host agent commands completed", + "privilege": "PutHostCommandComplete", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Connection*" + "resource_type": "" } ] - }, + } + ], + "resources": [], + "service_name": "AWS CodeDeploy secure host commands service" + }, + { + "conditions": [], + "prefix": "codeguru", + "privileges": [ { "access_level": "Read", - "description": "Grants permission to get details about a host resource", - "privilege": "GetHost", + "description": "Grants permission to get free trial summary for the CodeGuru service which includes expiration date", + "privilege": "GetCodeGuruFreeTrialSummary", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Host*" + "resource_type": "" } ] + } + ], + "resources": [], + "service_name": "Amazon CodeGuru" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request", + "type": "String" }, { - "access_level": "Read", - "description": "Grants permission to associate a third party, such as a Bitbucket App installation, with a Connection", - "privilege": "GetIndividualAccessToken", + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the presence of tag keys in the request", + "type": "ArrayOfString" + } + ], + "prefix": "codeguru-profiler", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to add up to 2 topic ARNs of existing AWS SNS topics to publish notifications", + "privilege": "AddNotificationChannels", "resource_types": [ { - "condition_keys": [ - "codestar-connections:ProviderType" - ], - "dependent_actions": [ - "codestar-connections:StartOAuthHandshake" - ], - "resource_type": "" + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ProfilingGroup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to associate a third party, such as a Bitbucket App installation, with a Connection", - "privilege": "GetInstallationUrl", + "access_level": "List", + "description": "Grants permission to get the frame metric data for a Profiling Group", + "privilege": "BatchGetFrameMetricData", "resource_types": [ { - "condition_keys": [ - "codestar-connections:ProviderType" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ProfilingGroup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a repository link", - "privilege": "GetRepositoryLink", + "access_level": "Write", + "description": "Grants permission to register with the orchestration service and retrieve profiling configuration information, used by agents", + "privilege": "ConfigureAgent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RepositoryLink*" + "resource_type": "ProfilingGroup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the latest sync status for a repository", - "privilege": "GetRepositorySyncStatus", + "access_level": "Write", + "description": "Grants permission to create a profiling group", + "privilege": "CreateProfilingGroup", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "RepositoryLink*" - }, { "condition_keys": [ - "codestar-connections:Branch" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -57275,33 +61574,33 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get the latest sync status for a resource (cfn stack or other resources)", - "privilege": "GetResourceSyncStatus", + "access_level": "Write", + "description": "Grants permission to delete a profiling group", + "privilege": "DeleteProfilingGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ProfilingGroup*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe service sync blockers on a resource (cfn stack or other resources)", - "privilege": "GetSyncBlockerSummary", + "description": "Grants permission to describe a profiling group", + "privilege": "DescribeProfilingGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ProfilingGroup*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a sync configuration", - "privilege": "GetSyncConfiguration", + "description": "Grants permission to get a summary of recent recommendations for each profiling group in the account", + "privilege": "GetFindingsReportAccountSummary", "resource_types": [ { "condition_keys": [], @@ -57311,81 +61610,81 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list Connection resources", - "privilege": "ListConnections", + "access_level": "Read", + "description": "Grants permission to get the notification configuration", + "privilege": "GetNotificationConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Connection*" - }, + "resource_type": "ProfilingGroup*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the resource policy associated with the specified Profiling Group", + "privilege": "GetPolicy", + "resource_types": [ { - "condition_keys": [ - "codestar-connections:ProviderTypeFilter" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ProfilingGroup*" } ] }, { - "access_level": "List", - "description": "Grants permission to list host resources", - "privilege": "ListHosts", + "access_level": "Read", + "description": "Grants permission to get aggregated profiles for a specific profiling group", + "privilege": "GetProfile", "resource_types": [ { - "condition_keys": [ - "codestar-connections:ProviderTypeFilter" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ProfilingGroup*" } ] }, { - "access_level": "List", - "description": "Grants permission to associate a third party, such as a Bitbucket App installation, with a Connection", - "privilege": "ListInstallationTargets", + "access_level": "Read", + "description": "Grants permission to get recommendations", + "privilege": "GetRecommendations", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "codestar-connections:GetIndividualAccessToken", - "codestar-connections:StartOAuthHandshake" - ], - "resource_type": "" + "dependent_actions": [], + "resource_type": "ProfilingGroup*" } ] }, { "access_level": "List", - "description": "Grants permission to list repository links", - "privilege": "ListRepositoryLinks", + "description": "Grants permission to list the available recommendations reports for a specific profiling group", + "privilege": "ListFindingsReports", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ProfilingGroup*" } ] }, { "access_level": "List", - "description": "Grants permission to list repository sync definitions", - "privilege": "ListRepositorySyncDefinitions", + "description": "Grants permission to list the start times of the available aggregated profiles for a specific profiling group", + "privilege": "ListProfileTimes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ProfilingGroup*" } ] }, { "access_level": "List", - "description": "Grants permission to list sync configurations for a repository link", - "privilege": "ListSyncConfigurations", + "description": "Grants permission to list profiling groups in the account", + "privilege": "ListProfilingGroups", "resource_types": [ { "condition_keys": [], @@ -57396,125 +61695,85 @@ }, { "access_level": "List", - "description": "Grants permission to the set of key-value pairs that are used to manage the resource", + "description": "Grants permission to list tags for a Profiling Group", "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Connection" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Host" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "RepositoryLink" + "resource_type": "ProfilingGroup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to pass a Connection resource to an AWS service that accepts a Connection ARN as input, such as codepipeline:CreatePipeline", - "privilege": "PassConnection", + "access_level": "Write", + "description": "Grants permission to submit a profile collected by an agent belonging to a specific profiling group for aggregation", + "privilege": "PostAgentProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Connection*" - }, - { - "condition_keys": [ - "codestar-connections:PassedToService" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "ProfilingGroup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to pass a repository link resource to an AWS service that accepts a RepositoryLinkId as input, such as codestar-connections:CreateSyncConfiguration", - "privilege": "PassRepository", + "access_level": "Permissions management", + "description": "Grants permission to update the list of principals allowed for an action group in the resource policy associated with the specified Profiling Group", + "privilege": "PutPermission", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RepositoryLink*" - }, - { - "condition_keys": [ - "codestar-connections:PassedToService" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "ProfilingGroup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to associate a third party server, such as a GitHub Enterprise Server instance, with a Host", - "privilege": "RegisterAppCode", + "access_level": "Write", + "description": "Grants permission to delete an already configured SNStopic arn from the notification configuration", + "privilege": "RemoveNotificationChannel", "resource_types": [ { - "condition_keys": [ - "codestar-connections:HostArn" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ProfilingGroup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to associate a third party server, such as a GitHub Enterprise Server instance, with a Host", - "privilege": "StartAppRegistrationHandshake", + "access_level": "Permissions management", + "description": "Grants permission to remove the permission of specified Action Group from the resource policy associated with the specified Profiling Group", + "privilege": "RemovePermission", "resource_types": [ { - "condition_keys": [ - "codestar-connections:HostArn" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ProfilingGroup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to associate a third party, such as a Bitbucket App installation, with a Connection", - "privilege": "StartOAuthHandshake", + "access_level": "Write", + "description": "Grants permission to submit user feedback for useful or non useful anomaly", + "privilege": "SubmitFeedback", "resource_types": [ { - "condition_keys": [ - "codestar-connections:ProviderType" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ProfilingGroup*" } ] }, { "access_level": "Tagging", - "description": "Grants permission to add or modify the tags of the given resource", + "description": "Grants permission to add or overwrite tags to a Profiling Group", "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Connection" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Host" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "RepositoryLink" + "resource_type": "ProfilingGroup*" }, { "condition_keys": [ @@ -57528,23 +61787,13 @@ }, { "access_level": "Tagging", - "description": "Grants permission to remove tags from an AWS resource", + "description": "Grants permission to remove tags from a Profiling Group", "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Connection" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Host" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "RepositoryLink" + "resource_type": "ProfilingGroup*" }, { "condition_keys": [ @@ -57557,73 +61806,103 @@ }, { "access_level": "Write", - "description": "Grants permission to update a Connection resource with an installation of the CodeStar Connections App", - "privilege": "UpdateConnectionInstallation", + "description": "Grants permission to update a specific profiling group", + "privilege": "UpdateProfilingGroup", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "codestar-connections:GetIndividualAccessToken", - "codestar-connections:GetInstallationUrl", - "codestar-connections:ListInstallationTargets", - "codestar-connections:StartOAuthHandshake" - ], - "resource_type": "Connection*" - }, - { - "condition_keys": [ - "codestar-connections:InstallationId" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "ProfilingGroup*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:codeguru-profiler:${Region}:${Account}:profilingGroup/${ProfilingGroupName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "ProfilingGroup" + } + ], + "service_name": "Amazon CodeGuru Profiler" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access based on the presence of tag key-value pairs in the request", + "type": "String" }, { - "access_level": "Write", - "description": "Grants permission to update a host resource", - "privilege": "UpdateHost", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Host*" - } - ] + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters actions based on tag key-value pairs attached to the resource", + "type": "String" }, + { + "condition": "aws:TagKeys", + "description": "Filters access based on the presence of tag keys in the request", + "type": "ArrayOfString" + } + ], + "prefix": "codeguru-reviewer", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to update a repository link", - "privilege": "UpdateRepositoryLink", + "description": "Grants permission to associates a repository with Amazon CodeGuru Reviewer", + "privilege": "AssociateRepository", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "RepositoryLink*" + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "codecommit:GetRepository", + "codecommit:ListRepositories", + "codecommit:TagResource", + "codestar-connections:PassConnection", + "events:PutRule", + "events:PutTargets", + "iam:CreateServiceLinkedRole", + "s3:CreateBucket", + "s3:ListBucket", + "s3:PutBucketPolicy", + "s3:PutLifecycleConfiguration" + ], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a sync blocker for a resource (cfn stack or other resources)", - "privilege": "UpdateSyncBlocker", + "description": "Grants permission to create a code review", + "privilege": "CreateCodeReview", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "s3:GetObject" + ], + "resource_type": "association*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a sync configuration", - "privilege": "UpdateSyncConfiguration", + "access_level": "Read", + "description": "Grants permission to perform webbased oauth handshake for 3rd party providers", + "privilege": "CreateConnectionToken", "resource_types": [ { - "condition_keys": [ - "codestar-connections:Branch" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -57631,95 +61910,36 @@ }, { "access_level": "Read", - "description": "Grants permission to use a Connection resource to call provider actions", - "privilege": "UseConnection", + "description": "Grants permission to describe a code review", + "privilege": "DescribeCodeReview", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Connection*" + "resource_type": "association*" }, { "condition_keys": [ - "codestar-connections:BranchName", - "codestar-connections:FullRepositoryId", - "codestar-connections:OwnerId", - "codestar-connections:ProviderAction", - "codestar-connections:ProviderPermissionsRequired", - "codestar-connections:RepositoryName" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:codestar-connections:${Region}:${Account}:connection/${ConnectionId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Connection" - }, - { - "arn": "arn:${Partition}:codestar-connections:${Region}:${Account}:host/${HostId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Host" - }, - { - "arn": "arn:${Partition}:codestar-connections:${Region}:${Account}:repository-link/${RepositoryLinkId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "RepositoryLink" - } - ], - "service_name": "AWS CodeStar Connections" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the presence of tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on tag key-value pairs attached to the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters actions based on the presence of tag keys in the request", - "type": "ArrayOfString" }, { - "condition": "codestar-notifications:NotificationsForResource", - "description": "Filters access based on the ARN of the resource for which notifications are configured", - "type": "ARN" - } - ], - "prefix": "codestar-notifications", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to create a notification rule for a resource", - "privilege": "CreateNotificationRule", + "access_level": "Read", + "description": "Grants permission to describe a recommendation feedback on a code review", + "privilege": "DescribeRecommendationFeedback", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "notificationrule*" + "resource_type": "association*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "codestar-notifications:NotificationsForResource" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -57727,21 +61947,18 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete a notification rule for a resource", - "privilege": "DeleteNotificationRule", + "access_level": "Read", + "description": "Grants permission to describe a repository association", + "privilege": "DescribeRepositoryAssociation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "notificationrule*" + "resource_type": "association*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "codestar-notifications:NotificationsForResource" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -57750,13 +61967,21 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a target for a notification rule", - "privilege": "DeleteTarget", + "description": "Grants permission to disassociate a repository with Amazon CodeGuru Reviewer", + "privilege": "DisassociateRepository", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "codecommit:UntagResource", + "events:DeleteRule", + "events:RemoveTargets" + ], + "resource_type": "association*" + }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -57765,30 +61990,20 @@ }, { "access_level": "Read", - "description": "Grants permission to get information about a notification rule", - "privilege": "DescribeNotificationRule", + "description": "Grants permission to view pull request metrics in console", + "privilege": "GetMetricsData", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "notificationrule*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "codestar-notifications:NotificationsForResource" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list notifications event types", - "privilege": "ListEventTypes", + "description": "Grants permission to list summary of code reviews", + "privilege": "ListCodeReviews", "resource_types": [ { "condition_keys": [], @@ -57799,30 +62014,36 @@ }, { "access_level": "List", - "description": "Grants permission to list notification rules in an AWS account", - "privilege": "ListNotificationRules", + "description": "Grants permission to list summary of recommendation feedback on a code review", + "privilege": "ListRecommendationFeedback", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "association*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list the tags attached to a notification rule resource ARN", - "privilege": "ListTagsForResource", + "description": "Grants permission to list summary of recommendations on a code review", + "privilege": "ListRecommendations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "notificationrule*" + "resource_type": "association*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -57831,35 +62052,29 @@ }, { "access_level": "List", - "description": "Grants permission to list the notification rule targets for an AWS account", - "privilege": "ListTargets", + "description": "Grants permission to list summary of repository associations", + "privilege": "ListRepositoryAssociations", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an association between a notification rule and an Amazon SNS topic", - "privilege": "Subscribe", + "access_level": "List", + "description": "Grants permission to list the resource attached to a associated repository ARN", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "notificationrule*" + "resource_type": "association*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "codestar-notifications:NotificationsForResource" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -57867,42 +62082,30 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to attach resource tags to a notification rule resource ARN", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to list 3rd party providers repositories in console", + "privilege": "ListThirdPartyRepositories", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "notificationrule*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to remove an association between a notification rule and an Amazon SNS topic", - "privilege": "Unsubscribe", + "description": "Grants permission to put feedback for a recommendation on a code review", + "privilege": "PutRecommendationFeedback", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "notificationrule*" + "resource_type": "association*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "codestar-notifications:NotificationsForResource" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -57911,17 +62114,17 @@ }, { "access_level": "Tagging", - "description": "Grants permission to disassociate resource tags from a notification rule resource ARN", - "privilege": "UntagResource", + "description": "Grants permission to attach resource tags to an associated repository ARN", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "notificationrule*" + "resource_type": "association*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -57930,21 +62133,18 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to change a notification rule for a resource", - "privilege": "UpdateNotificationRule", + "access_level": "Tagging", + "description": "Grants permission to disassociate resource tags from an associated repository ARN", + "privilege": "UnTagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "notificationrule*" + "resource_type": "association*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "codestar-notifications:NotificationsForResource" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -57954,14 +62154,19 @@ ], "resources": [ { - "arn": "arn:${Partition}:codestar-notifications:${Region}:${Account}:notificationrule/${NotificationRuleId}", + "arn": "arn:${Partition}:codeguru-reviewer:${Region}:${Account}:association:${ResourceId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "notificationrule" + "resource": "association" + }, + { + "arn": "arn:${Partition}:codeguru-reviewer:${Region}:${Account}:association:${ResourceId}:codereview:${CodeReviewId}", + "condition_keys": [], + "resource": "codereview" } ], - "service_name": "AWS CodeStar Notifications" + "service_name": "Amazon CodeGuru Reviewer" }, { "conditions": [ @@ -57972,7 +62177,7 @@ }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with CodeWhisperer resource", + "description": "Filters access by the tags associated with the resource", "type": "String" }, { @@ -57981,55 +62186,29 @@ "type": "ArrayOfString" } ], - "prefix": "codewhisperer", + "prefix": "codeguru-security", "privileges": [ { - "access_level": "Permissions management", - "description": "Grants permission to configure vended log delivery for CodeWhisperer customization resource", - "privilege": "AllowVendedLogDeliveryForResource", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "customization*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to invoke AssociateCustomizationPermission on CodeWhisperer", - "privilege": "AssociateCustomizationPermission", + "access_level": "Read", + "description": "Grants permission to batch retrieve specific findings generated by CodeGuru Security", + "privilege": "BatchGetFindings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "customization*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "ScanName*" } ] }, { "access_level": "Write", - "description": "Grants permission to invoke CreateCustomization on CodeWhisperer", - "privilege": "CreateCustomization", + "description": "Grants permission to create a CodeGuru Security scan", + "privilege": "CreateScan", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "customization*" + "resource_type": "ScanName*" }, { "condition_keys": [ @@ -58043,85 +62222,56 @@ }, { "access_level": "Write", - "description": "Grants permission to invoke CreateProfile on CodeWhisperer", - "privilege": "CreateProfile", + "description": "Grants permission to generate a presigned url for uploading code archives", + "privilege": "CreateUploadUrl", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "profile*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "ScanName*" } ] }, { "access_level": "Write", - "description": "Grants permission to invoke DeleteCustomization on CodeWhisperer", - "privilege": "DeleteCustomization", + "description": "Grants permission to delete all the scans and related findings from CodeGuru Security by given category", + "privilege": "DeleteScansByCategory", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "customization*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to invoke DeleteProfile on CodeWhisperer", - "privilege": "DeleteProfile", + "access_level": "Read", + "description": "Grants permission to retrieve the account level configurations", + "privilege": "GetAccountConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "profile*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to invoke DisassociateCustomizationPermission on CodeWhisperer", - "privilege": "DisassociateCustomizationPermission", + "access_level": "List", + "description": "Grants permission to retrieve findings for a scan generated by CodeGuru Security", + "privilege": "GetFindings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "customization*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "ScanName*" } ] }, { "access_level": "Read", - "description": "Grants permission to invoke GenerateRecommendations on CodeWhisperer", - "privilege": "GenerateRecommendations", + "description": "Grants permission to retrieve AWS accout level metrics summary generated by CodeGuru Security", + "privilege": "GetMetricsSummary", "resource_types": [ { "condition_keys": [], @@ -58132,13 +62282,13 @@ }, { "access_level": "Read", - "description": "Grants permission to invoke GetCustomization on CodeWhisperer", - "privilege": "GetCustomization", + "description": "Grants permission to retrieve CodeGuru Security scan metadata", + "privilege": "GetScan", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "customization*" + "resource_type": "ScanName*" }, { "condition_keys": [ @@ -58151,58 +62301,32 @@ }, { "access_level": "List", - "description": "Grants permission to invoke ListCustomizationPermissions on CodeWhisperer", - "privilege": "ListCustomizationPermissions", + "description": "Grants permission to retrieve findings generated by CodeGuru Security", + "privilege": "ListFindings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "customization*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to invoke ListCustomizationVersions on CodeWhisperer", - "privilege": "ListCustomizationVersions", + "description": "Grants permission to retrieve a list of account level findings metrics within a date range", + "privilege": "ListFindingsMetrics", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "customization*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to invoke ListCustomizations on CodeWhisperer", - "privilege": "ListCustomizations", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "customization*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to invoke ListProfiles on CodeWhisperer", - "privilege": "ListProfiles", + "description": "Grants permission to retrieve list of CodeGuru Security scan metadata", + "privilege": "ListScans", "resource_types": [ { "condition_keys": [], @@ -58212,19 +62336,14 @@ ] }, { - "access_level": "List", - "description": "Grants permission to invoke ListTagsForResource on CodeWhisperer", + "access_level": "Read", + "description": "Grants permission to retrieve a list of tags for a scan name ARN", "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "customization" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "profile" + "resource_type": "ScanName*" }, { "condition_keys": [ @@ -58237,22 +62356,16 @@ }, { "access_level": "Tagging", - "description": "Grants permission to invoke TagResource on CodeWhisperer", + "description": "Grants permission to add tags to a scan name ARN", "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "customization" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "profile" + "resource_type": "ScanName*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", "aws:TagKeys", "aws:RequestTag/${TagKey}" ], @@ -58263,22 +62376,16 @@ }, { "access_level": "Tagging", - "description": "Grants permission to invoke UntagResource on CodeWhisperer", + "description": "Grants permission to remove tags from a scan name ARN", "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "customization" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "profile" + "resource_type": "ScanName*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -58288,38 +62395,12 @@ }, { "access_level": "Write", - "description": "Grants permission to invoke UpdateCustomization on CodeWhisperer", - "privilege": "UpdateCustomization", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "customization*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to invoke UpdateProfile on CodeWhisperer", - "privilege": "UpdateProfile", + "description": "Grants permission to update the account level configurations", + "privilege": "UpdateAccountConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "profile*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] @@ -58327,21 +62408,14 @@ ], "resources": [ { - "arn": "arn:${Partition}:codewhisperer:${Region}:${Account}:profile/${Identifier}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "profile" - }, - { - "arn": "arn:${Partition}:codewhisperer:${Region}:${Account}:customization/${Identifier}", + "arn": "arn:${Partition}:codeguru-security:${Region}:${Account}:scans/${ScanName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "customization" + "resource": "ScanName" } ], - "service_name": "Amazon CodeWhisperer" + "service_name": "Amazon CodeGuru Security" }, { "conditions": [ @@ -58357,22 +62431,19 @@ }, { "condition": "aws:TagKeys", - "description": "Filters access by a key that is present in the request", + "description": "Filters actions based on the presence of tag keys in the request", "type": "ArrayOfString" } ], - "prefix": "cognito-identity", + "prefix": "codepipeline", "privileges": [ { "access_level": "Write", - "description": "Grants permission to create a new identity pool", - "privilege": "CreateIdentityPool", + "description": "Grants permission to view information about a specified job and whether that job has been received by the job worker", + "privilege": "AcknowledgeJob", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -58380,8 +62451,8 @@ }, { "access_level": "Write", - "description": "Grants permission to delete identities from an identity pool. You can specify a list of 1-60 identities that you want to delete", - "privilege": "DeleteIdentities", + "description": "Grants permission to confirm that a job worker has received the specified job (partner actions only)", + "privilege": "AcknowledgeThirdPartyJob", "resource_types": [ { "condition_keys": [], @@ -58392,116 +62463,132 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a user pool. Once a pool is deleted, users will not be able to authenticate with the pool", - "privilege": "DeleteIdentityPool", + "description": "Grants permission to create a custom action that you can use in the pipelines associated with your AWS account", + "privilege": "CreateCustomActionType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identitypool*" + "resource_type": "actiontype*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return metadata related to the given identity, including when the identity was created and any associated linked logins", - "privilege": "DescribeIdentity", + "access_level": "Write", + "description": "Grants permission to create a uniquely named pipeline", + "privilege": "CreatePipeline", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "pipeline*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details about a particular identity pool, including the pool name, ID description, creation date, and current number of users", - "privilege": "DescribeIdentityPool", + "access_level": "Write", + "description": "Grants permission to delete a custom action", + "privilege": "DeleteCustomActionType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identitypool*" + "resource_type": "actiontype*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return credentials for the provided identity ID", - "privilege": "GetCredentialsForIdentity", + "access_level": "Write", + "description": "Grants permission to delete a specified pipeline", + "privilege": "DeletePipeline", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "pipeline*" } ] }, { "access_level": "Write", - "description": "Grants permission to generate (or retrieve) a Cognito ID. Supplying multiple logins will create an implicit linked account", - "privilege": "GetId", + "description": "Grants permission to delete a specified webhook", + "privilege": "DeleteWebhook", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "webhook*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get analytics data about the total current identity count for all identity pool identity provider (IdPs)", - "privilege": "GetIdentityPoolAnalytics", + "access_level": "Write", + "description": "Grants permission to remove the registration of a webhook with the third party specified in its configuration", + "privilege": "DeregisterWebhookWithThirdParty", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identitypool*" + "resource_type": "webhook*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get analytics data about the number of new identities and total identities for all identity pool identity providers (IdPs)", - "privilege": "GetIdentityPoolDailyAnalytics", + "access_level": "Write", + "description": "Grants permission to prevent revisions from transitioning to the next stage in a pipeline", + "privilege": "DisableStageTransition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identitypool*" + "resource_type": "stage*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the roles for an identity pool", - "privilege": "GetIdentityPoolRoles", + "access_level": "Write", + "description": "Grants permission to allow revisions to transition to the next stage in a pipeline", + "privilege": "EnableStageTransition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identitypool*" + "resource_type": "stage*" } ] }, { "access_level": "Read", - "description": "Grants permission to get analytics data about the number of new identities and total identities for one identity pool identity provider (IdPs)", - "privilege": "GetIdentityProviderDailyAnalytics", + "description": "Grants permission to view information about an action type", + "privilege": "GetActionType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identitypool*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get an OpenID token, using a known Cognito ID", - "privilege": "GetOpenIdToken", + "description": "Grants permission to view information about a job (custom actions only)", + "privilege": "GetJobDetails", "resource_types": [ { "condition_keys": [], @@ -58512,44 +62599,44 @@ }, { "access_level": "Read", - "description": "Grants permission to register (or retrieve) a Cognito IdentityId and an OpenID Connect token for a user authenticated by your backend authentication process", - "privilege": "GetOpenIdTokenForDeveloperIdentity", + "description": "Grants permission to retrieve information about a pipeline structure", + "privilege": "GetPipeline", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identitypool*" + "resource_type": "pipeline*" } ] }, { "access_level": "Read", - "description": "Grants permission to get the principal tags for an identity pool and provider", - "privilege": "GetPrincipalTagAttributeMap", + "description": "Grants permission to view information about an execution of a pipeline, including details about artifacts, the pipeline execution ID, and the name, version, and status of the pipeline", + "privilege": "GetPipelineExecution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identitypool*" + "resource_type": "pipeline*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the identities in an identity pool", - "privilege": "ListIdentities", + "access_level": "Read", + "description": "Grants permission to view information about the current state of the stages and actions of a pipeline", + "privilege": "GetPipelineState", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identitypool*" + "resource_type": "pipeline*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all of the Cognito identity pools registered for your account", - "privilege": "ListIdentityPools", + "access_level": "Read", + "description": "Grants permission to view the details of a job for a third-party action (partner actions only)", + "privilege": "GetThirdPartyJobDetails", "resource_types": [ { "condition_keys": [], @@ -58560,56 +62647,56 @@ }, { "access_level": "Read", - "description": "Grants permission to list the tags that are assigned to an Amazon Cognito identity pool", - "privilege": "ListTagsForResource", + "description": "Grants permission to list the action executions that have occurred in a pipeline", + "privilege": "ListActionExecutions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identitypool" + "resource_type": "pipeline*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the IdentityId associated with a DeveloperUserIdentifier or the list of DeveloperUserIdentifiers associated with an IdentityId for an existing identity", - "privilege": "LookupDeveloperIdentity", + "description": "Grants permission to list a summary of all the action types available for pipelines in your account", + "privilege": "ListActionTypes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identitypool*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to merge two users having different IdentityIds, existing in the same identity pool, and identified by the same developer provider", - "privilege": "MergeDeveloperIdentities", + "access_level": "Read", + "description": "Grants permission to list the deployment details for deploy action executions that have occurred in a pipeline", + "privilege": "ListDeployActionExecutionTargets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identitypool*" + "resource_type": "pipeline*" } ] }, { - "access_level": "Write", - "description": "Grants permission to set the roles for an identity pool. These roles are used when making calls to GetCredentialsForIdentity action", - "privilege": "SetIdentityPoolRoles", + "access_level": "List", + "description": "Grants permission to list a summary of the most recent executions for a pipeline", + "privilege": "ListPipelineExecutions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "pipeline*" } ] }, { - "access_level": "Write", - "description": "Grants permission to set the principal tags for an identity pool and provider. These tags are used when making calls to GetOpenIdToken action", - "privilege": "SetPrincipalTagAttributeMap", + "access_level": "List", + "description": "Grants permission to list a summary of all the pipelines associated with your AWS account", + "privilege": "ListPipelines", "resource_types": [ { "condition_keys": [], @@ -58619,440 +62706,495 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to assign a set of tags to an Amazon Cognito identity pool", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to list the rule executions that have occurred in a pipeline", + "privilege": "ListRuleExecutions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identitypool" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "pipeline*" } ] }, { - "access_level": "Write", - "description": "Grants permission to unlink a DeveloperUserIdentifier from an existing identity", - "privilege": "UnlinkDeveloperIdentity", + "access_level": "Read", + "description": "Grants permission to list a summary of all the rule types available for pipelines in your account", + "privilege": "ListRuleTypes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identitypool*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to unlink a federated identity from an existing account", - "privilege": "UnlinkIdentity", + "access_level": "Read", + "description": "Grants permission to list tags for a CodePipeline resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to remove the specified tags from an Amazon Cognito identity pool", - "privilege": "UntagResource", - "resource_types": [ + "resource_type": "actiontype" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "identitypool" + "resource_type": "pipeline" }, { - "condition_keys": [ - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "webhook" } ] }, { - "access_level": "Write", - "description": "Grants permission to update an identity pool", - "privilege": "UpdateIdentityPool", + "access_level": "List", + "description": "Grants permission to list all of the webhooks associated with your AWS account", + "privilege": "ListWebhooks", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identitypool*" + "resource_type": "webhook*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:cognito-identity:${Region}:${Account}:identitypool/${IdentityPoolId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "identitypool" - } - ], - "service_name": "Amazon Cognito Identity" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tag key-value pairs attached to the resource", - "type": "String" }, - { - "condition": "aws:TagKeys", - "description": "Filters access by a key that is present in the request", - "type": "ArrayOfString" - } - ], - "prefix": "cognito-idp", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to add user attributes to the user pool schema", - "privilege": "AddCustomAttributes", + "description": "Grants permission to resume the pipeline execution by overriding a condition in a stage", + "privilege": "OverrideStageCondition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "stage*" } ] }, { "access_level": "Write", - "description": "Grants permission to add any user to any group", - "privilege": "AdminAddUserToGroup", + "description": "Grants permission to view information about any jobs for CodePipeline to act on", + "privilege": "PollForJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "actiontype*" } ] }, { "access_level": "Write", - "description": "Grants permission to confirm any user's registration without a confirmation code", - "privilege": "AdminConfirmSignUp", + "description": "Grants permission to determine whether there are any third-party jobs for a job worker to act on (partner actions only)", + "privilege": "PollForThirdPartyJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create new users and send welcome messages via email or SMS", - "privilege": "AdminCreateUser", + "description": "Grants permission to edit actions in a pipeline", + "privilege": "PutActionRevision", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "action*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete any user", - "privilege": "AdminDeleteUser", + "description": "Grants permission to provide a response (Approved or Rejected) to a manual approval request in CodePipeline", + "privilege": "PutApprovalResult", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "action*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete attributes from any user", - "privilege": "AdminDeleteUserAttributes", + "description": "Grants permission to represent the failure of a job as returned to the pipeline by a job worker (custom actions only)", + "privilege": "PutJobFailureResult", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to unlink any user pool user from a third-party identity provider (IdP) user", - "privilege": "AdminDisableProviderForUser", + "description": "Grants permission to represent the success of a job as returned to the pipeline by a job worker (custom actions only)", + "privilege": "PutJobSuccessResult", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to deactivate any user", - "privilege": "AdminDisableUser", + "description": "Grants permission to represent the failure of a third-party job as returned to the pipeline by a job worker (partner actions only)", + "privilege": "PutThirdPartyJobFailureResult", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to activate any user", - "privilege": "AdminEnableUser", + "description": "Grants permission to represent the success of a third-party job as returned to the pipeline by a job worker (partner actions only)", + "privilege": "PutThirdPartyJobSuccessResult", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to deregister any user's devices", - "privilege": "AdminForgetDevice", + "description": "Grants permission to create or update a webhook", + "privilege": "PutWebhook", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get information about any user's devices", - "privilege": "AdminGetDevice", - "resource_types": [ + "resource_type": "pipeline*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "webhook*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to look up any user by user name", - "privilege": "AdminGetUser", + "access_level": "Write", + "description": "Grants permission to register a webhook with the third party specified in its configuration", + "privilege": "RegisterWebhookWithThirdParty", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "webhook*" } ] }, { "access_level": "Write", - "description": "Grants permission to authenticate any user", - "privilege": "AdminInitiateAuth", + "description": "Grants permission to resume the pipeline execution by retrying the last failed actions in a stage", + "privilege": "RetryStageExecution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "stage*" } ] }, { "access_level": "Write", - "description": "Grants permission to link any user pool user to a third-party IdP user", - "privilege": "AdminLinkProviderForUser", + "description": "Grants permission to rollback the stage to a previous successful execution", + "privilege": "RollbackStage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "stage*" } ] }, { - "access_level": "List", - "description": "Grants permission to list any user's remembered devices", - "privilege": "AdminListDevices", + "access_level": "Write", + "description": "Grants permission to run the most recent revision through the pipeline", + "privilege": "StartPipelineExecution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "pipeline*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the groups that any user belongs to", - "privilege": "AdminListGroupsForUser", + "access_level": "Write", + "description": "Grants permission to stop an in-progress pipeline execution", + "privilege": "StopPipelineExecution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "pipeline*" } ] }, { - "access_level": "Read", - "description": "Grants permission to lists sign-in events for any user", - "privilege": "AdminListUserAuthEvents", + "access_level": "Tagging", + "description": "Grants permission to tag a CodePipeline resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "actiontype" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "pipeline" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "webhook" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to remove any user from any group", - "privilege": "AdminRemoveUserFromGroup", + "access_level": "Tagging", + "description": "Grants permission to remove a tag from a CodePipeline resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "actiontype" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "pipeline" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "webhook" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to reset any user's password", - "privilege": "AdminResetUserPassword", + "description": "Grants permission to update an action type", + "privilege": "UpdateActionType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "actiontype*" } ] }, { "access_level": "Write", - "description": "Grants permission to respond to an authentication challenge during the authentication of any user", - "privilege": "AdminRespondToAuthChallenge", + "description": "Grants permission to update a pipeline with changes to the structure of the pipeline", + "privilege": "UpdatePipeline", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "pipeline*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:codepipeline:${Region}:${Account}:${PipelineName}/${StageName}/${ActionName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "action" }, { - "access_level": "Write", - "description": "Grants permission to set any user's preferred MFA method", - "privilege": "AdminSetUserMFAPreference", + "arn": "arn:${Partition}:codepipeline:${Region}:${Account}:actiontype:${Owner}/${Category}/${Provider}/${Version}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "actiontype" + }, + { + "arn": "arn:${Partition}:codepipeline:${Region}:${Account}:${PipelineName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "pipeline" + }, + { + "arn": "arn:${Partition}:codepipeline:${Region}:${Account}:${PipelineName}/${StageName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "stage" + }, + { + "arn": "arn:${Partition}:codepipeline:${Region}:${Account}:webhook:${WebhookName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "webhook" + } + ], + "service_name": "AWS CodePipeline" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by requests based on the allowed set of values for each of the tags", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by actions based on tag-value associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by requests based on the presence of mandatory tags in the request", + "type": "ArrayOfString" + }, + { + "condition": "iam:ResourceTag/${TagKey}", + "description": "Filters access by actions based on tag-value associated with the resource", + "type": "String" + } + ], + "prefix": "codestar", + "privileges": [ + { + "access_level": "Permissions management", + "description": "Grants permission to add a user to the team for an AWS CodeStar project", + "privilege": "AssociateTeamMember", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "project*" } ] }, { - "access_level": "Write", - "description": "Grants permission to set any user's password", - "privilege": "AdminSetUserPassword", + "access_level": "Permissions management", + "description": "Grants permission to create a project with minimal structure, customer policies, and no resources", + "privilege": "CreateProject", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to set user settings for any user", - "privilege": "AdminSetUserSettings", + "description": "Grants permission to create a profile for a user that includes user preferences, display name, and email", + "privilege": "CreateUserProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "user*" } ] }, { "access_level": "Write", - "description": "Grants permission to update advanced security feedback for any user's authentication event", - "privilege": "AdminUpdateAuthEventFeedback", + "description": "Grants permission to extended delete APIs", + "privilege": "DeleteExtendedAccess", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "project*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the status of any user's remembered devices", - "privilege": "AdminUpdateDeviceStatus", + "access_level": "Permissions management", + "description": "Grants permission to delete a project, including project resources. Does not delete users associated with the project, but does delete the IAM roles that allowed access to the project", + "privilege": "DeleteProject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "project*" } ] }, { "access_level": "Write", - "description": "Grants permission to updates any user's standard or custom attributes", - "privilege": "AdminUpdateUserAttributes", + "description": "Grants permission to delete a user profile in AWS CodeStar, including all personal preference data associated with that profile, such as display name and email address. It does not delete the history of that user, for example the history of commits made by that user", + "privilege": "DeleteUserProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "user*" } ] }, { - "access_level": "Write", - "description": "Grants permission to sign out any user from all sessions", - "privilege": "AdminUserGlobalSignOut", + "access_level": "Read", + "description": "Grants permission to describe a project and its resources", + "privilege": "DescribeProject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "project*" } ] }, { - "access_level": "Write", - "description": "Grants permission to return a unique generated shared secret key code for the user", - "privilege": "AssociateSoftwareToken", + "access_level": "Read", + "description": "Grants permission to describe a user in AWS CodeStar and the user attributes across all projects", + "privilege": "DescribeUserProfile", "resource_types": [ { "condition_keys": [], @@ -59062,38 +63204,33 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to associate the user pool with an AWS WAF web ACL", - "privilege": "AssociateWebACL", + "access_level": "Permissions management", + "description": "Grants permission to remove a user from a project. Removing a user from a project also removes the IAM policies from that user that allowed access to the project and its resources", + "privilege": "DisassociateTeamMember", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "webacl*" + "resource_type": "project*" } ] }, { - "access_level": "Write", - "description": "Grants permission to change the password for a specified user in a user pool", - "privilege": "ChangePassword", + "access_level": "Read", + "description": "Grants permission to extended read APIs", + "privilege": "GetExtendedAccess", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "project*" } ] }, { - "access_level": "Write", - "description": "Grants permission to confirm tracking of the device. This API call is the call that begins device tracking", - "privilege": "ConfirmDevice", + "access_level": "List", + "description": "Grants permission to list all projects in CodeStar associated with your AWS account", + "privilege": "ListProjects", "resource_types": [ { "condition_keys": [], @@ -59103,99 +63240,98 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to allow a user to enter a confirmation code to reset a forgotten password", - "privilege": "ConfirmForgotPassword", + "access_level": "List", + "description": "Grants permission to list all resources associated with a project in CodeStar", + "privilege": "ListResources", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "project*" } ] }, { - "access_level": "Write", - "description": "Grants permission to confirm registration of a user and handles the existing alias from a previous user", - "privilege": "ConfirmSignUp", + "access_level": "List", + "description": "Grants permission to list the tags associated with a project in CodeStar", + "privilege": "ListTagsForProject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "project*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create new user pool groups", - "privilege": "CreateGroup", + "access_level": "List", + "description": "Grants permission to list all team members associated with a project", + "privilege": "ListTeamMembers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "project*" } ] }, { - "access_level": "Write", - "description": "Grants permission to add identity providers to user pools", - "privilege": "CreateIdentityProvider", + "access_level": "List", + "description": "Grants permission to list user profiles in AWS CodeStar", + "privilege": "ListUserProfiles", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a branding settings for managed login and associate it with an app client", - "privilege": "CreateManagedLoginBranding", + "description": "Grants permission to extended write APIs", + "privilege": "PutExtendedAccess", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "project*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create and configure scopes for OAuth 2.0 resource servers", - "privilege": "CreateResourceServer", + "access_level": "Tagging", + "description": "Grants permission to add tags to a project in CodeStar", + "privilege": "TagProject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "project*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create user CSV import jobs", - "privilege": "CreateUserImportJob", + "access_level": "Tagging", + "description": "Grants permission to remove tags from a project in CodeStar", + "privilege": "UntagProject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create and set password policy for user pools", - "privilege": "CreateUserPool", - "resource_types": [ + "resource_type": "project*" + }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "aws:ResourceTag/${TagKey}" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -59204,83 +63340,207 @@ }, { "access_level": "Write", - "description": "Grants permission to create user pool app clients", - "privilege": "CreateUserPoolClient", + "description": "Grants permission to update a project in CodeStar", + "privilege": "UpdateProject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "project*" } ] }, { - "access_level": "Write", - "description": "Grants permission to add user pool domains", - "privilege": "CreateUserPoolDomain", + "access_level": "Permissions management", + "description": "Grants permission to update team member attributes within a CodeStar project", + "privilege": "UpdateTeamMember", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "project*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete any empty user pool group", - "privilege": "DeleteGroup", + "description": "Grants permission to update a profile for a user that includes user preferences, display name, and email", + "privilege": "UpdateUserProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "user*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete any identity provider from user pools", - "privilege": "DeleteIdentityProvider", + "access_level": "List", + "description": "Grants permission to verify whether the AWS CodeStar service role exists in the customer's account", + "privilege": "VerifyServiceRole", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:codestar:${Region}:${Account}:project/${ProjectId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "project" + }, + { + "arn": "arn:${Partition}:iam::${Account}:user/${AwsUserName}", + "condition_keys": [ + "iam:ResourceTag/${TagKey}" + ], + "resource": "user" + } + ], + "service_name": "AWS CodeStar" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + }, + { + "condition": "codestar-connections:Branch", + "description": "Filters access by the branch name that is passed in the request", + "type": "String" + }, + { + "condition": "codestar-connections:BranchName", + "description": "Filters access by the branch name that is passed in the request. Applies only to UseConnection requests for access to a specific repository branch", + "type": "String" + }, + { + "condition": "codestar-connections:FullRepositoryId", + "description": "Filters access by the repository that is passed in the request. Applies only to UseConnection requests for access to a specific repository", + "type": "String" + }, + { + "condition": "codestar-connections:HostArn", + "description": "Filters access by the host resource associated with the connection used in the request", + "type": "ARN" + }, + { + "condition": "codestar-connections:InstallationId", + "description": "Filters access by the third-party ID (such as the Bitbucket App installation ID for CodeStar Connections) that is used to update a Connection. Allows you to restrict which third-party App installations can be used to make a Connection", + "type": "String" + }, + { + "condition": "codestar-connections:OwnerId", + "description": "Filters access by the owner of the third-party repository. Applies only to UseConnection requests for access to repositories owned by a specific user", + "type": "String" + }, + { + "condition": "codestar-connections:PassedToService", + "description": "Filters access by the service to which the principal is allowed to pass a Connection or RepositoryLink", + "type": "String" + }, + { + "condition": "codestar-connections:ProviderAction", + "description": "Filters access by the provider action in a UseConnection request such as ListRepositories. See documentation for all valid values", + "type": "String" + }, + { + "condition": "codestar-connections:ProviderPermissionsRequired", + "description": "Filters access by the write permissions of a provider action in a UseConnection request. Valid types include read_only and read_write", + "type": "String" + }, + { + "condition": "codestar-connections:ProviderType", + "description": "Filters access by the type of third-party provider passed in the request", + "type": "String" + }, + { + "condition": "codestar-connections:ProviderTypeFilter", + "description": "Filters access by the type of third-party provider used to filter results", + "type": "String" + }, + { + "condition": "codestar-connections:RepositoryName", + "description": "Filters access by the repository name that is passed in the request. Applies only to UseConnection requests for access to repositories owned by a specific user", + "type": "String" }, + { + "condition": "codestar-connections:VpcId", + "description": "Filters access by the VpcId passed in the request", + "type": "String" + } + ], + "prefix": "codestar-connections", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to delete the managed login branding style for any app client", - "privilege": "DeleteManagedLoginBranding", + "description": "Grants permission to create a Connection resource", + "privilege": "CreateConnection", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "codestar-connections:ProviderType" + ], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete any OAuth 2.0 resource server from user pools", - "privilege": "DeleteResourceServer", + "description": "Grants permission to create a host resource", + "privilege": "CreateHost", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "codestar-connections:ProviderType", + "codestar-connections:VpcId" + ], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to allow a user to delete one's self", - "privilege": "DeleteUser", + "description": "Grants permission to create a repository link", + "privilege": "CreateRepositoryLink", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "codestar-connections:PassConnection", + "codestar-connections:UseConnection" + ], + "resource_type": "Connection*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -59288,11 +63548,21 @@ }, { "access_level": "Write", - "description": "Grants permission to delete the attributes for a user", - "privilege": "DeleteUserAttributes", + "description": "Grants permission to create a template sync config", + "privilege": "CreateSyncConfiguration", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "codestar-connections:PassRepository", + "iam:PassRole" + ], + "resource_type": "RepositoryLink*" + }, + { + "condition_keys": [ + "codestar-connections:Branch" + ], "dependent_actions": [], "resource_type": "" } @@ -59300,140 +63570,153 @@ }, { "access_level": "Write", - "description": "Grants permission to delete user pools", - "privilege": "DeleteUserPool", + "description": "Grants permission to delete a Connection resource", + "privilege": "DeleteConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "Connection*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete any user pool app client", - "privilege": "DeleteUserPoolClient", + "description": "Grants permission to delete a host resource", + "privilege": "DeleteHost", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "Host*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete any user pool domain", - "privilege": "DeleteUserPoolDomain", + "description": "Grants permission to delete a repository link", + "privilege": "DeleteRepositoryLink", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "RepositoryLink*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe any user pool identity provider", - "privilege": "DescribeIdentityProvider", + "access_level": "Write", + "description": "Grants permission to delete a sync configuration", + "privilege": "DeleteSyncConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get the detailed information about the branding style of managed login", - "privilege": "DescribeManagedLoginBranding", + "description": "Grants permission to get details about a Connection resource", + "privilege": "GetConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "Connection*" } ] }, { "access_level": "Read", - "description": "Grants permission to get the detailed information about the branding style of managed login associated with an appclient", - "privilege": "DescribeManagedLoginBrandingByClient", + "description": "Grants permission to get a Connection token to call provider actions", + "privilege": "GetConnectionToken", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "Connection*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe any OAuth 2.0 resource server", - "privilege": "DescribeResourceServer", + "description": "Grants permission to get details about a host resource", + "privilege": "GetHost", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "Host*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe the risk configuration settings of user pools and app clients", - "privilege": "DescribeRiskConfiguration", + "description": "Grants permission to associate a third party, such as a Bitbucket App installation, with a Connection", + "privilege": "GetIndividualAccessToken", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "userpool*" + "condition_keys": [ + "codestar-connections:ProviderType" + ], + "dependent_actions": [ + "codestar-connections:StartOAuthHandshake" + ], + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to describe any user import job", - "privilege": "DescribeUserImportJob", + "description": "Grants permission to associate a third party, such as a Bitbucket App installation, with a Connection", + "privilege": "GetInstallationUrl", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "codestar-connections:ProviderType" + ], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to describe user pools", - "privilege": "DescribeUserPool", + "description": "Grants permission to describe a repository link", + "privilege": "GetRepositoryLink", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "RepositoryLink*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe any user pool app client", - "privilege": "DescribeUserPoolClient", + "description": "Grants permission to get the latest sync status for a repository", + "privilege": "GetRepositorySyncStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "RepositoryLink*" + }, + { + "condition_keys": [ + "codestar-connections:Branch" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to describe any user pool domain", - "privilege": "DescribeUserPoolDomain", + "description": "Grants permission to get the latest sync status for a resource (cfn stack or other resources)", + "privilege": "GetResourceSyncStatus", "resource_types": [ { "condition_keys": [], @@ -59443,21 +63726,21 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to disassociate the user pool with an AWS WAF web ACL", - "privilege": "DisassociateWebACL", + "access_level": "Read", + "description": "Grants permission to describe service sync blockers on a resource (cfn stack or other resources)", + "privilege": "GetSyncBlockerSummary", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to forget the specified device", - "privilege": "ForgetDevice", + "access_level": "Read", + "description": "Grants permission to describe a sync configuration", + "privilege": "GetSyncConfiguration", "resource_types": [ { "condition_keys": [], @@ -59467,309 +63750,503 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to send a message to the end user with a confirmation code that is required to change the user's password", - "privilege": "ForgotPassword", + "access_level": "List", + "description": "Grants permission to list Connection resources", + "privilege": "ListConnections", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "Connection*" + }, + { + "condition_keys": [ + "codestar-connections:ProviderTypeFilter" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to generate headers for a user import .csv file", - "privilege": "GetCSVHeader", + "access_level": "List", + "description": "Grants permission to list host resources", + "privilege": "ListHosts", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "codestar-connections:ProviderTypeFilter" + ], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the device", - "privilege": "GetDevice", + "access_level": "List", + "description": "Grants permission to associate a third party, such as a Bitbucket App installation, with a Connection", + "privilege": "ListInstallationTargets", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "codestar-connections:GetIndividualAccessToken", + "codestar-connections:StartOAuthHandshake" + ], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a user pool group", - "privilege": "GetGroup", + "access_level": "List", + "description": "Grants permission to list repository links", + "privilege": "ListRepositoryLinks", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to correlate a user pool IdP identifier to the IdP Name", - "privilege": "GetIdentityProviderByIdentifier", + "access_level": "List", + "description": "Grants permission to list repository sync definitions", + "privilege": "ListRepositorySyncDefinitions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the detailed activity logging configuration for a user pool", - "privilege": "GetLogDeliveryConfiguration", + "access_level": "List", + "description": "Grants permission to list sync configurations for a repository link", + "privilege": "ListSyncConfigurations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to look up signing certificates for user pools", - "privilege": "GetSigningCertificate", + "access_level": "List", + "description": "Grants permission to the set of key-value pairs that are used to manage the resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get UI customization information for the hosted UI of any app client", - "privilege": "GetUICustomization", - "resource_types": [ + "resource_type": "Connection" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "Host" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "RepositoryLink" } ] }, { "access_level": "Read", - "description": "Grants permission to get the user attributes and metadata for a user", - "privilege": "GetUser", + "description": "Grants permission to pass a Connection resource to an AWS service that accepts a Connection ARN as input, such as codepipeline:CreatePipeline", + "privilege": "PassConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "Connection*" + }, + { + "condition_keys": [ + "codestar-connections:PassedToService" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get the user attribute verification code for the specified attribute name", - "privilege": "GetUserAttributeVerificationCode", + "description": "Grants permission to pass a repository link resource to an AWS service that accepts a RepositoryLinkId as input, such as codestar-connections:CreateSyncConfiguration", + "privilege": "PassRepository", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "RepositoryLink*" + }, + { + "condition_keys": [ + "codestar-connections:PassedToService" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to look up the MFA configuration of user pools", - "privilege": "GetUserPoolMfaConfig", + "description": "Grants permission to associate a third party server, such as a GitHub Enterprise Server instance, with a Host", + "privilege": "RegisterAppCode", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "codestar-connections:HostArn" + ], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get the AWS WAF web ACL that is associated with an Amazon Cognito user pool", - "privilege": "GetWebACLForResource", + "description": "Grants permission to associate a third party server, such as a GitHub Enterprise Server instance, with a Host", + "privilege": "StartAppRegistrationHandshake", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "codestar-connections:HostArn" + ], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to sign out users from all devices", - "privilege": "GlobalSignOut", + "access_level": "Read", + "description": "Grants permission to associate a third party, such as a Bitbucket App installation, with a Connection", + "privilege": "StartOAuthHandshake", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "codestar-connections:ProviderType" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to initiate the authentication flow", - "privilege": "InitiateAuth", + "access_level": "Tagging", + "description": "Grants permission to add or modify the tags of the given resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "Connection" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Host" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "RepositoryLink" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the devices", - "privilege": "ListDevices", + "access_level": "Tagging", + "description": "Grants permission to remove tags from an AWS resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "Connection" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Host" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "RepositoryLink" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all groups in user pools", - "privilege": "ListGroups", + "access_level": "Write", + "description": "Grants permission to update a Connection resource with an installation of the CodeStar Connections App", + "privilege": "UpdateConnectionInstallation", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "codestar-connections:GetIndividualAccessToken", + "codestar-connections:GetInstallationUrl", + "codestar-connections:ListInstallationTargets", + "codestar-connections:StartOAuthHandshake" + ], + "resource_type": "Connection*" + }, + { + "condition_keys": [ + "codestar-connections:InstallationId" + ], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all identity providers in user pools", - "privilege": "ListIdentityProviders", + "access_level": "Write", + "description": "Grants permission to update a host resource", + "privilege": "UpdateHost", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "Host*" + }, + { + "condition_keys": [ + "codestar-connections:VpcId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all resource servers in user pools", - "privilege": "ListResourceServers", + "access_level": "Write", + "description": "Grants permission to update a repository link", + "privilege": "UpdateRepositoryLink", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "RepositoryLink*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the user pools that are associated with an AWS WAF web ACL", - "privilege": "ListResourcesForWebACL", + "access_level": "Write", + "description": "Grants permission to update a sync blocker for a resource (cfn stack or other resources)", + "privilege": "UpdateSyncBlocker", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "webacl*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the tags that are assigned to an Amazon Cognito user pool", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to update a sync configuration", + "privilege": "UpdateSyncConfiguration", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "codestar-connections:Branch" + ], "dependent_actions": [], - "resource_type": "userpool" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all user import jobs", - "privilege": "ListUserImportJobs", + "access_level": "Read", + "description": "Grants permission to use a Connection resource to call provider actions", + "privilege": "UseConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list all app clients in user pools", - "privilege": "ListUserPoolClients", + "resource_type": "Connection*" + }, + { + "condition_keys": [ + "codestar-connections:BranchName", + "codestar-connections:FullRepositoryId", + "codestar-connections:OwnerId", + "codestar-connections:ProviderAction", + "codestar-connections:ProviderPermissionsRequired", + "codestar-connections:RepositoryName" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:codestar-connections:${Region}:${Account}:connection/${ConnectionId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Connection" + }, + { + "arn": "arn:${Partition}:codestar-connections:${Region}:${Account}:host/${HostId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Host" + }, + { + "arn": "arn:${Partition}:codestar-connections:${Region}:${Account}:repository-link/${RepositoryLinkId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "RepositoryLink" + } + ], + "service_name": "AWS CodeStar Connections" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters actions based on the presence of tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters actions based on tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters actions based on the presence of tag keys in the request", + "type": "ArrayOfString" + }, + { + "condition": "codestar-notifications:NotificationsForResource", + "description": "Filters access based on the ARN of the resource for which notifications are configured", + "type": "ARN" + } + ], + "prefix": "codestar-notifications", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create a notification rule for a resource", + "privilege": "CreateNotificationRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "notificationrule*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "codestar-notifications:NotificationsForResource" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all user pools", - "privilege": "ListUserPools", + "access_level": "Write", + "description": "Grants permission to delete a notification rule for a resource", + "privilege": "DeleteNotificationRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "notificationrule*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "codestar-notifications:NotificationsForResource" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all user pool users", - "privilege": "ListUsers", + "access_level": "Write", + "description": "Grants permission to delete a target for a notification rule", + "privilege": "DeleteTarget", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get information about a notification rule", + "privilege": "DescribeNotificationRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "notificationrule*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "codestar-notifications:NotificationsForResource" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list the users in any group", - "privilege": "ListUsersInGroup", + "description": "Grants permission to list notifications event types", + "privilege": "ListEventTypes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to resend the confirmation (for confirmation of registration) to a specific user in the user pool", - "privilege": "ResendConfirmationCode", + "access_level": "List", + "description": "Grants permission to list notification rules in an AWS account", + "privilege": "ListNotificationRules", "resource_types": [ { "condition_keys": [], @@ -59779,24 +64256,35 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to respond to the authentication challenge", - "privilege": "RespondToAuthChallenge", + "access_level": "List", + "description": "Grants permission to list the tags attached to a notification rule resource ARN", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "notificationrule*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to revoke all of the access tokens generated by the specified refresh token", - "privilege": "RevokeToken", + "access_level": "List", + "description": "Grants permission to list the notification rule targets for an AWS account", + "privilege": "ListTargets", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -59804,126 +64292,234 @@ }, { "access_level": "Write", - "description": "Grants permission to set up or modify the detailed activity logging configuration of a user pool", - "privilege": "SetLogDeliveryConfiguration", + "description": "Grants permission to create an association between a notification rule and an Amazon SNS topic", + "privilege": "Subscribe", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "notificationrule*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "codestar-notifications:NotificationsForResource" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to set risk configuration for user pools and app clients", - "privilege": "SetRiskConfiguration", + "access_level": "Tagging", + "description": "Grants permission to attach resource tags to a notification rule resource ARN", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "notificationrule*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to customize the hosted UI for any app client", - "privilege": "SetUICustomization", + "description": "Grants permission to remove an association between a notification rule and an Amazon SNS topic", + "privilege": "Unsubscribe", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "notificationrule*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "codestar-notifications:NotificationsForResource" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to set MFA preference for the user in the userpool", - "privilege": "SetUserMFAPreference", + "access_level": "Tagging", + "description": "Grants permission to disassociate resource tags from a notification rule resource ARN", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "notificationrule*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to set user pool MFA configuration", - "privilege": "SetUserPoolMfaConfig", + "description": "Grants permission to change a notification rule for a resource", + "privilege": "UpdateNotificationRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "notificationrule*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "codestar-notifications:NotificationsForResource" + ], + "dependent_actions": [], + "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:codestar-notifications:${Region}:${Account}:notificationrule/${NotificationRuleId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "notificationrule" + } + ], + "service_name": "AWS CodeStar Notifications" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" }, { - "access_level": "Write", - "description": "Grants permission to set the user settings like multi-factor authentication (MFA)", - "privilege": "SetUserSettings", + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with CodeWhisperer resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "codewhisperer", + "privileges": [ + { + "access_level": "Permissions management", + "description": "Grants permission to configure vended log delivery for CodeWhisperer customization resource", + "privilege": "AllowVendedLogDeliveryForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "customization*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to register the user in the specified user pool and creates a user name, password, and user attributes", - "privilege": "SignUp", + "description": "Grants permission to invoke AssociateCustomizationPermission on CodeWhisperer", + "privilege": "AssociateCustomizationPermission", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "customization*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start any user import job", - "privilege": "StartUserImportJob", + "description": "Grants permission to invoke CreateCustomization on CodeWhisperer", + "privilege": "CreateCustomization", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "customization*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to stop any user import job", - "privilege": "StopUserImportJob", + "description": "Grants permission to invoke CreateProfile on CodeWhisperer", + "privilege": "CreateProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "profile*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag a user pool", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to invoke DeleteCustomization on CodeWhisperer", + "privilege": "DeleteCustomization", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool" + "resource_type": "customization*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -59931,18 +64527,18 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag a user pool", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to invoke DeleteProfile on CodeWhisperer", + "privilege": "DeleteProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool" + "resource_type": "profile*" }, { "condition_keys": [ - "aws:TagKeys" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -59951,20 +64547,27 @@ }, { "access_level": "Write", - "description": "Grants permission to update the feedback for the user authentication event", - "privilege": "UpdateAuthEventFeedback", + "description": "Grants permission to invoke DisassociateCustomizationPermission on CodeWhisperer", + "privilege": "DisassociateCustomizationPermission", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "customization*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the device status", - "privilege": "UpdateDeviceStatus", + "access_level": "Read", + "description": "Grants permission to invoke GenerateRecommendations on CodeWhisperer", + "privilege": "GenerateRecommendations", "resource_types": [ { "condition_keys": [], @@ -59974,57 +64577,78 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update the configuration of any group", - "privilege": "UpdateGroup", + "access_level": "Read", + "description": "Grants permission to invoke GetCustomization on CodeWhisperer", + "privilege": "GetCustomization", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "customization*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the configuration of any user pool IdP", - "privilege": "UpdateIdentityProvider", + "access_level": "List", + "description": "Grants permission to invoke ListCustomizationPermissions on CodeWhisperer", + "privilege": "ListCustomizationPermissions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "customization*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the branding settings of a managed login", - "privilege": "UpdateManagedLoginBranding", + "access_level": "List", + "description": "Grants permission to invoke ListCustomizationVersions on CodeWhisperer", + "privilege": "ListCustomizationVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "customization*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the configuration of any OAuth 2.0 resource server", - "privilege": "UpdateResourceServer", + "access_level": "List", + "description": "Grants permission to invoke ListCustomizations on CodeWhisperer", + "privilege": "ListCustomizations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "customization*" } ] }, { - "access_level": "Write", - "description": "Grants permission to allow a user to update a specific attribute (one at a time)", - "privilege": "UpdateUserAttributes", + "access_level": "List", + "description": "Grants permission to invoke ListProfiles on CodeWhisperer", + "privilege": "ListProfiles", "resource_types": [ { "condition_keys": [], @@ -60034,19 +64658,23 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to updates the configuration of user pools", - "privilege": "UpdateUserPool", + "access_level": "List", + "description": "Grants permission to invoke ListTagsForResource on CodeWhisperer", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "customization" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "profile" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -60054,49 +64682,90 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update any user pool client", - "privilege": "UpdateUserPoolClient", + "access_level": "Tagging", + "description": "Grants permission to invoke TagResource on CodeWhisperer", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "customization" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "profile" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to replace the certificate for any custom domain", - "privilege": "UpdateUserPoolDomain", + "access_level": "Tagging", + "description": "Grants permission to invoke UntagResource on CodeWhisperer", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "customization" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "profile" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to register a user's entered TOTP code and mark the user's software token MFA status as verified if successful", - "privilege": "VerifySoftwareToken", + "description": "Grants permission to invoke UpdateCustomization on CodeWhisperer", + "privilege": "UpdateCustomization", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "customization*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to verify a user attribute using a one time verification code", - "privilege": "VerifyUserAttribute", + "description": "Grants permission to invoke UpdateProfile on CodeWhisperer", + "privilege": "UpdateProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "profile*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] @@ -60104,112 +64773,133 @@ ], "resources": [ { - "arn": "arn:${Partition}:cognito-idp:${Region}:${Account}:userpool/${UserPoolId}", + "arn": "arn:${Partition}:codewhisperer:${Region}:${Account}:profile/${Identifier}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "userpool" + "resource": "profile" }, { - "arn": "arn:${Partition}:wafv2:${Region}:${Account}:${Scope}/webacl/${Name}/${Id}", - "condition_keys": [], - "resource": "webacl" + "arn": "arn:${Partition}:codewhisperer:${Region}:${Account}:customization/${Identifier}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "customization" } ], - "service_name": "Amazon Cognito User Pools" + "service_name": "Amazon CodeWhisperer" }, { - "conditions": [], - "prefix": "cognito-sync", + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters actions based on the presence of tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters actions based on tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by a key that is present in the request", + "type": "ArrayOfString" + } + ], + "prefix": "cognito-identity", "privileges": [ { "access_level": "Write", - "description": "Grants permission to initiate a bulk publish of all existing datasets for an Identity Pool to the configured stream", - "privilege": "BulkPublish", + "description": "Grants permission to create a new identity pool", + "privilege": "CreateIdentityPool", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "identitypool*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a specific dataset", - "privilege": "DeleteDataset", + "description": "Grants permission to delete identities from an identity pool. You can specify a list of 1-60 identities that you want to delete", + "privilege": "DeleteIdentities", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get metadata about a dataset by identity and dataset name", - "privilege": "DescribeDataset", + "access_level": "Write", + "description": "Grants permission to delete a user pool. Once a pool is deleted, users will not be able to authenticate with the pool", + "privilege": "DeleteIdentityPool", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" + "resource_type": "identitypool*" } ] }, { "access_level": "Read", - "description": "Grants permission to get usage details (for example, data storage) about a particular identity pool", - "privilege": "DescribeIdentityPoolUsage", + "description": "Grants permission to return metadata related to the given identity, including when the identity was created and any associated linked logins", + "privilege": "DescribeIdentity", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identitypool*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get usage information for an identity, including number of datasets and data usage", - "privilege": "DescribeIdentityUsage", + "description": "Grants permission to get details about a particular identity pool, including the pool name, ID description, creation date, and current number of users", + "privilege": "DescribeIdentityPool", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identity*" + "resource_type": "identitypool*" } ] }, { "access_level": "Read", - "description": "Grants permission to get the status of the last BulkPublish operation for an identity pool", - "privilege": "GetBulkPublishDetails", + "description": "Grants permission to return credentials for the provided identity ID", + "privilege": "GetCredentialsForIdentity", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identitypool*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the events and the corresponding Lambda functions associated with an identity pool", - "privilege": "GetCognitoEvents", + "access_level": "Write", + "description": "Grants permission to generate (or retrieve) a Cognito ID. Supplying multiple logins will create an implicit linked account", + "privilege": "GetId", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identitypool*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get the configuration settings of an identity pool", - "privilege": "GetIdentityPoolConfiguration", + "description": "Grants permission to get analytics data about the total current identity count for all identity pool identity provider (IdPs)", + "privilege": "GetIdentityPoolAnalytics", "resource_types": [ { "condition_keys": [], @@ -60219,21 +64909,21 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list datasets for an identity", - "privilege": "ListDatasets", + "access_level": "Read", + "description": "Grants permission to get analytics data about the number of new identities and total identities for all identity pool identity providers (IdPs)", + "privilege": "GetIdentityPoolDailyAnalytics", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" + "resource_type": "identitypool*" } ] }, { "access_level": "Read", - "description": "Grants permission to get a list of identity pools registered with Cognito", - "privilege": "ListIdentityPoolUsage", + "description": "Grants permission to get the roles for an identity pool", + "privilege": "GetIdentityPoolRoles", "resource_types": [ { "condition_keys": [], @@ -60244,20 +64934,20 @@ }, { "access_level": "Read", - "description": "Grants permission to get paginated records, optionally changed after a particular sync count for a dataset and identity", - "privilege": "ListRecords", + "description": "Grants permission to get analytics data about the number of new identities and total identities for one identity pool identity provider (IdPs)", + "privilege": "GetIdentityProviderDailyAnalytics", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" + "resource_type": "identitypool*" } ] }, { "access_level": "Read", - "description": "Grants permission to query records", - "privilege": "QueryRecords", + "description": "Grants permission to get an OpenID token, using a known Cognito ID", + "privilege": "GetOpenIdToken", "resource_types": [ { "condition_keys": [], @@ -60267,21 +64957,21 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to register a device to receive push sync notifications", - "privilege": "RegisterDevice", + "access_level": "Read", + "description": "Grants permission to register (or retrieve) a Cognito IdentityId and an OpenID Connect token for a user authenticated by your backend authentication process", + "privilege": "GetOpenIdTokenForDeveloperIdentity", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identity*" + "resource_type": "identitypool*" } ] }, { - "access_level": "Write", - "description": "Grants permission to set the AWS Lambda function for a given event type for an identity pool", - "privilege": "SetCognitoEvents", + "access_level": "Read", + "description": "Grants permission to get the principal tags for an identity pool and provider", + "privilege": "GetPrincipalTagAttributeMap", "resource_types": [ { "condition_keys": [], @@ -60291,144 +64981,69 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to configure datasets", - "privilege": "SetDatasetConfiguration", + "access_level": "List", + "description": "Grants permission to list the identities in an identity pool", + "privilege": "ListIdentities", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" + "resource_type": "identitypool*" } ] }, { - "access_level": "Write", - "description": "Grants permission to set the necessary configuration for push sync", - "privilege": "SetIdentityPoolConfiguration", + "access_level": "List", + "description": "Grants permission to list all of the Cognito identity pools registered for your account", + "privilege": "ListIdentityPools", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identitypool*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to subscribe to receive notifications when a dataset is modified by another device", - "privilege": "SubscribeToDataset", + "access_level": "Read", + "description": "Grants permission to list the tags that are assigned to an Amazon Cognito identity pool", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" + "resource_type": "identitypool" } ] }, { - "access_level": "Write", - "description": "Grants permission to unsubscribe from receiving notifications when a dataset is modified by another device", - "privilege": "UnsubscribeFromDataset", + "access_level": "Read", + "description": "Grants permission to retrieve the IdentityId associated with a DeveloperUserIdentifier or the list of DeveloperUserIdentifiers associated with an IdentityId for an existing identity", + "privilege": "LookupDeveloperIdentity", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" + "resource_type": "identitypool*" } ] }, { "access_level": "Write", - "description": "Grants permission to post updates to records and add and delete records for a dataset and user", - "privilege": "UpdateRecords", + "description": "Grants permission to merge two users having different IdentityIds, existing in the same identity pool, and identified by the same developer provider", + "privilege": "MergeDeveloperIdentities", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" + "resource_type": "identitypool*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:cognito-sync:${Region}:${Account}:identitypool/${IdentityPoolId}/identity/${IdentityId}/dataset/${DatasetName}", - "condition_keys": [], - "resource": "dataset" - }, - { - "arn": "arn:${Partition}:cognito-sync:${Region}:${Account}:identitypool/${IdentityPoolId}/identity/${IdentityId}", - "condition_keys": [], - "resource": "identity" - }, - { - "arn": "arn:${Partition}:cognito-sync:${Region}:${Account}:identitypool/${IdentityPoolId}", - "condition_keys": [], - "resource": "identitypool" - } - ], - "service_name": "Amazon Cognito Sync" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by requiring tag values present in a resource creation request", - "type": "String" }, { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by requiring tag value associated with the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by requiring the presence of mandatory tags in the request", - "type": "ArrayOfString" - }, - { - "condition": "comprehend:DataLakeKmsKey", - "description": "Filters access by the DataLake Kms Key associated with the flywheel resource in the request", - "type": "ARN" - }, - { - "condition": "comprehend:FlywheelIterationId", - "description": "Filters access by particular Iteration Id for a flywheel", - "type": "String" - }, - { - "condition": "comprehend:ModelKmsKey", - "description": "Filters access by the model KMS key associated with the resource in the request", - "type": "ARN" - }, - { - "condition": "comprehend:OutputKmsKey", - "description": "Filters access by the output KMS key associated with the resource in the request", - "type": "ARN" - }, - { - "condition": "comprehend:VolumeKmsKey", - "description": "Filters access by the volume KMS key associated with the resource in the request", - "type": "ARN" - }, - { - "condition": "comprehend:VpcSecurityGroupIds", - "description": "Filters access by the list of all VPC security group ids associated with the resource in the request", - "type": "ArrayOfString" - }, - { - "condition": "comprehend:VpcSubnets", - "description": "Filters access by the list of all VPC subnets associated with the resource in the request", - "type": "ArrayOfString" - } - ], - "prefix": "comprehend", - "privileges": [ - { - "access_level": "Read", - "description": "Grants permission to detect the language or languages present in the list of text documents", - "privilege": "BatchDetectDominantLanguage", + "access_level": "Write", + "description": "Grants permission to set the roles for an identity pool. These roles are used when making calls to GetCredentialsForIdentity action", + "privilege": "SetIdentityPoolRoles", "resource_types": [ { "condition_keys": [], @@ -60438,9 +65053,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to detect the named entities (\"People\", \"Places\", \"Locations\", etc) within the given list of text documents", - "privilege": "BatchDetectEntities", + "access_level": "Write", + "description": "Grants permission to set the principal tags for an identity pool and provider. These tags are used when making calls to GetOpenIdToken action", + "privilege": "SetPrincipalTagAttributeMap", "resource_types": [ { "condition_keys": [], @@ -60450,33 +65065,41 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to detect the phrases in the list of text documents that are most indicative of the content", - "privilege": "BatchDetectKeyPhrases", + "access_level": "Tagging", + "description": "Grants permission to assign a set of tags to an Amazon Cognito identity pool", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "identitypool" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to detect the sentiment of a text in the list of documents (Positive, Negative, Neutral, or Mixed)", - "privilege": "BatchDetectSentiment", + "access_level": "Write", + "description": "Grants permission to unlink a DeveloperUserIdentifier from an existing identity", + "privilege": "UnlinkDeveloperIdentity", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "identitypool*" } ] }, { - "access_level": "Read", - "description": "Grants permission to detect syntactic information (like Part of Speech, Tokens) in a list of text documents", - "privilege": "BatchDetectSyntax", + "access_level": "Write", + "description": "Grants permission to unlink a federated identity from an existing account", + "privilege": "UnlinkIdentity", "resource_types": [ { "condition_keys": [], @@ -60486,461 +65109,425 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to detect the sentiments associated with specific entities (such as brands or products) within the given list of text documents", - "privilege": "BatchDetectTargetedSentiment", + "access_level": "Tagging", + "description": "Grants permission to remove the specified tags from an Amazon Cognito identity pool", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "identitypool" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to create a new document classification request to analyze a single document in real-time, using a previously created and trained custom model and an endpoint", - "privilege": "ClassifyDocument", + "access_level": "Write", + "description": "Grants permission to update an identity pool", + "privilege": "UpdateIdentityPool", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "document-classifier-endpoint*" + "resource_type": "identitypool*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:cognito-identity:${Region}:${Account}:identitypool/${IdentityPoolId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "identitypool" + } + ], + "service_name": "Amazon Cognito Identity" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request", + "type": "String" }, { - "access_level": "Read", - "description": "Grants permission to classify the personally identifiable information within given documents in real-time", - "privilege": "ContainsPiiEntities", + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by a key that is present in the request", + "type": "ArrayOfString" + } + ], + "prefix": "cognito-idp", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to add user attributes to the user pool schema", + "privilege": "AddCustomAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new dataset within a flywheel", - "privilege": "CreateDataset", + "description": "Grants permission to add any user to any group", + "privilege": "AdminAddUserToGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "flywheel*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new document classifier that you can use to categorize documents", - "privilege": "CreateDocumentClassifier", + "description": "Grants permission to confirm any user's registration without a confirmation code", + "privilege": "AdminConfirmSignUp", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "document-classifier*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "comprehend:VolumeKmsKey", - "comprehend:ModelKmsKey", - "comprehend:OutputKmsKey", - "comprehend:VpcSecurityGroupIds", - "comprehend:VpcSubnets" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a model-specific endpoint for synchronous inference for a previously trained custom model", - "privilege": "CreateEndpoint", + "description": "Grants permission to create new users and send welcome messages via email or SMS", + "privilege": "AdminCreateUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "document-classifier*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "document-classifier-endpoint*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "entity-recognizer*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "entity-recognizer-endpoint*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "flywheel" + "resource_type": "userpool*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an entity recognizer using submitted files", - "privilege": "CreateEntityRecognizer", + "description": "Grants permission to delete any user", + "privilege": "AdminDeleteUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "entity-recognizer*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "comprehend:VolumeKmsKey", - "comprehend:ModelKmsKey", - "comprehend:VpcSecurityGroupIds", - "comprehend:VpcSubnets" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new flywheel that you can use to train model versions", - "privilege": "CreateFlywheel", + "description": "Grants permission to delete attributes from any user", + "privilege": "AdminDeleteUserAttributes", "resource_types": [ - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "comprehend:VolumeKmsKey", - "comprehend:ModelKmsKey", - "comprehend:DataLakeKmsKey", - "comprehend:VpcSecurityGroupIds", - "comprehend:VpcSubnets" - ], - "dependent_actions": [], - "resource_type": "flywheel*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "document-classifier" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "entity-recognizer" + "resource_type": "userpool*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a previously created document classifier", - "privilege": "DeleteDocumentClassifier", + "description": "Grants permission to unlink any user pool user from a third-party identity provider (IdP) user", + "privilege": "AdminDisableProviderForUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "document-classifier*" + "resource_type": "userpool*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a model-specific endpoint for a previously-trained custom model. All endpoints must be deleted in order for the model to be deleted", - "privilege": "DeleteEndpoint", + "description": "Grants permission to deactivate any user", + "privilege": "AdminDisableUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "document-classifier-endpoint*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "entity-recognizer-endpoint*" + "resource_type": "userpool*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a submitted entity recognizer", - "privilege": "DeleteEntityRecognizer", + "description": "Grants permission to activate any user", + "privilege": "AdminEnableUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "entity-recognizer*" + "resource_type": "userpool*" } ] }, { "access_level": "Write", - "description": "Grants permission to Delete a flywheel", - "privilege": "DeleteFlywheel", + "description": "Grants permission to deregister any user's devices", + "privilege": "AdminForgetDevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "flywheel*" + "resource_type": "userpool*" } ] }, { - "access_level": "Write", - "description": "Grants permission to remove policy on resource", - "privilege": "DeleteResourcePolicy", + "access_level": "Read", + "description": "Grants permission to get information about any user's devices", + "privilege": "AdminGetDevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "document-classifier*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "entity-recognizer*" + "resource_type": "userpool*" } ] }, { "access_level": "Read", - "description": "Grants permission to get the properties associated with a dataset", - "privilege": "DescribeDataset", + "description": "Grants permission to look up any user by user name", + "privilege": "AdminGetUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "flywheel-dataset*" + "resource_type": "userpool*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the properties associated with a document classification job", - "privilege": "DescribeDocumentClassificationJob", + "access_level": "Write", + "description": "Grants permission to authenticate any user", + "privilege": "AdminInitiateAuth", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "document-classification-job*" + "resource_type": "userpool*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the properties associated with a document classifier", - "privilege": "DescribeDocumentClassifier", + "access_level": "Write", + "description": "Grants permission to link any user pool user to a third-party IdP user", + "privilege": "AdminLinkProviderForUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "document-classifier*" + "resource_type": "userpool*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the properties associated with a dominant language detection job", - "privilege": "DescribeDominantLanguageDetectionJob", + "access_level": "List", + "description": "Grants permission to list any user's remembered devices", + "privilege": "AdminListDevices", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dominant-language-detection-job*" + "resource_type": "userpool*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the properties associated with a specific endpoint. Use this operation to get the status of an endpoint", - "privilege": "DescribeEndpoint", + "access_level": "List", + "description": "Grants permission to list the groups that any user belongs to", + "privilege": "AdminListGroupsForUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "document-classifier-endpoint*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "entity-recognizer-endpoint*" + "resource_type": "userpool*" } ] }, { "access_level": "Read", - "description": "Grants permission to get the properties associated with an entities detection job", - "privilege": "DescribeEntitiesDetectionJob", + "description": "Grants permission to lists sign-in events for any user", + "privilege": "AdminListUserAuthEvents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "entities-detection-job*" + "resource_type": "userpool*" } ] }, { - "access_level": "Read", - "description": "Grants permission to provide details about an entity recognizer including status, S3 buckets containing training data, recognizer metadata, metrics, and so on", - "privilege": "DescribeEntityRecognizer", + "access_level": "Write", + "description": "Grants permission to remove any user from any group", + "privilege": "AdminRemoveUserFromGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "entity-recognizer*" + "resource_type": "userpool*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the properties associated with an Events detection job", - "privilege": "DescribeEventsDetectionJob", + "access_level": "Write", + "description": "Grants permission to reset any user's password", + "privilege": "AdminResetUserPassword", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "events-detection-job*" + "resource_type": "userpool*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the properties associated with a flywheel", - "privilege": "DescribeFlywheel", + "access_level": "Write", + "description": "Grants permission to respond to an authentication challenge during the authentication of any user", + "privilege": "AdminRespondToAuthChallenge", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "flywheel*" + "resource_type": "userpool*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the properties associated with a flywheel iteration for a flywheel", - "privilege": "DescribeFlywheelIteration", + "access_level": "Write", + "description": "Grants permission to set any user's preferred MFA method", + "privilege": "AdminSetUserMFAPreference", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "flywheel*" - }, + "resource_type": "userpool*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to set any user's password", + "privilege": "AdminSetUserPassword", + "resource_types": [ { - "condition_keys": [ - "comprehend:FlywheelIterationId" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the properties associated with a key phrases detection job", - "privilege": "DescribeKeyPhrasesDetectionJob", + "access_level": "Write", + "description": "Grants permission to set user settings for any user", + "privilege": "AdminSetUserSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key-phrases-detection-job*" + "resource_type": "userpool*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the properties associated with a PII entities detection job", - "privilege": "DescribePiiEntitiesDetectionJob", + "access_level": "Write", + "description": "Grants permission to update advanced security feedback for any user's authentication event", + "privilege": "AdminUpdateAuthEventFeedback", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pii-entities-detection-job*" + "resource_type": "userpool*" } ] }, { - "access_level": "Read", - "description": "Grants permission to read attached policy on resource", - "privilege": "DescribeResourcePolicy", + "access_level": "Write", + "description": "Grants permission to update the status of any user's remembered devices", + "privilege": "AdminUpdateDeviceStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "document-classifier*" - }, + "resource_type": "userpool*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to updates any user's standard or custom attributes", + "privilege": "AdminUpdateUserAttributes", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "entity-recognizer*" + "resource_type": "userpool*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the properties associated with a sentiment detection job", - "privilege": "DescribeSentimentDetectionJob", + "access_level": "Write", + "description": "Grants permission to sign out any user from all sessions", + "privilege": "AdminUserGlobalSignOut", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sentiment-detection-job*" + "resource_type": "userpool*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the properties associated with a targeted sentiment detection job", - "privilege": "DescribeTargetedSentimentDetectionJob", + "access_level": "Write", + "description": "Grants permission to return a unique generated shared secret key code for the user", + "privilege": "AssociateSoftwareToken", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "targeted-sentiment-detection-job*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the properties associated with a topic detection job", - "privilege": "DescribeTopicsDetectionJob", + "access_level": "Write", + "description": "Grants permission to associate the user pool with an AWS WAF web ACL", + "privilege": "AssociateWebACL", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "topics-detection-job*" + "resource_type": "userpool*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "webacl*" } ] }, { - "access_level": "Read", - "description": "Grants permission to detect the language or languages present in the text", - "privilege": "DetectDominantLanguage", + "access_level": "Write", + "description": "Grants permission to change the password for a specified user in a user pool", + "privilege": "ChangePassword", "resource_types": [ { "condition_keys": [], @@ -60950,21 +65537,21 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to detect the named entities (\"People\", \"Places\", \"Locations\", etc) within the given text document", - "privilege": "DetectEntities", + "access_level": "Write", + "description": "Grants permission to confirm tracking of the device. This API call is the call that begins device tracking", + "privilege": "ConfirmDevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "entity-recognizer-endpoint" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to detect the phrases in the text that are most indicative of the content", - "privilege": "DetectKeyPhrases", + "access_level": "Write", + "description": "Grants permission to allow a user to enter a confirmation code to reset a forgotten password", + "privilege": "ConfirmForgotPassword", "resource_types": [ { "condition_keys": [], @@ -60974,9 +65561,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to detect the personally identifiable information entities (\"Name\", \"SSN\", \"PIN\", etc) within the given text document", - "privilege": "DetectPiiEntities", + "access_level": "Write", + "description": "Grants permission to confirm registration of a user and handles the existing alias from a previous user", + "privilege": "ConfirmSignUp", "resource_types": [ { "condition_keys": [], @@ -60986,73 +65573,87 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to detect the sentiment of a text in a document (Positive, Negative, Neutral, or Mixed)", - "privilege": "DetectSentiment", + "access_level": "Write", + "description": "Grants permission to create new user pool groups", + "privilege": "CreateGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { - "access_level": "Read", - "description": "Grants permission to detect syntactic information (like Part of Speech, Tokens) in a text document", - "privilege": "DetectSyntax", + "access_level": "Write", + "description": "Grants permission to add identity providers to user pools", + "privilege": "CreateIdentityProvider", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { - "access_level": "Read", - "description": "Grants permission to detect the sentiments associated with specific entities (such as brands or products) in a document", - "privilege": "DetectTargetedSentiment", + "access_level": "Write", + "description": "Grants permission to create a branding settings for managed login and associate it with an app client", + "privilege": "CreateManagedLoginBranding", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { - "access_level": "Read", - "description": "Grants permission to detect toxic content within the given list of text segments", - "privilege": "DetectToxicContent", + "access_level": "Write", + "description": "Grants permission to create and configure scopes for OAuth 2.0 resource servers", + "privilege": "CreateResourceServer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { "access_level": "Write", - "description": "Grants permission to import a trained Comprehend model", - "privilege": "ImportModel", + "description": "Grants permission to create terms and associate it with an app client", + "privilege": "CreateTerms", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "document-classifier*" - }, + "resource_type": "userpool*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create user CSV import jobs", + "privilege": "CreateUserImportJob", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "entity-recognizer*" - }, + "resource_type": "userpool*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create and set password policy for user pools", + "privilege": "CreateUserPool", + "resource_types": [ { "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", - "comprehend:ModelKmsKey" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -61060,93 +65661,93 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get a list of the Datasets associated with a flywheel", - "privilege": "ListDatasets", + "access_level": "Write", + "description": "Grants permission to create user pool app clients", + "privilege": "CreateUserPoolClient", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "flywheel*" + "resource_type": "userpool*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a list of the document classification jobs that you have submitted", - "privilege": "ListDocumentClassificationJobs", + "access_level": "Write", + "description": "Grants permission to add user pool domains", + "privilege": "CreateUserPoolDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a list of summaries of the document classifiers that you have created", - "privilege": "ListDocumentClassifierSummaries", + "access_level": "Write", + "description": "Grants permission to delete any empty user pool group", + "privilege": "DeleteGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a list of the document classifiers that you have created", - "privilege": "ListDocumentClassifiers", + "access_level": "Write", + "description": "Grants permission to delete any identity provider from user pools", + "privilege": "DeleteIdentityProvider", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a list of the dominant language detection jobs that you have submitted", - "privilege": "ListDominantLanguageDetectionJobs", + "access_level": "Write", + "description": "Grants permission to delete the managed login branding style for any app client", + "privilege": "DeleteManagedLoginBranding", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a list of all existing endpoints that you've created", - "privilege": "ListEndpoints", + "access_level": "Write", + "description": "Grants permission to delete any OAuth 2.0 resource server from user pools", + "privilege": "DeleteResourceServer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a list of the entity detection jobs that you have submitted", - "privilege": "ListEntitiesDetectionJobs", + "access_level": "Write", + "description": "Grants permission to delete terms for an app client", + "privilege": "DeleteTerms", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a list of summaries for the entity recognizers that you have created", - "privilege": "ListEntityRecognizerSummaries", + "access_level": "Write", + "description": "Grants permission to allow a user to delete one's self", + "privilege": "DeleteUser", "resource_types": [ { "condition_keys": [], @@ -61156,9 +65757,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get a list of the properties of all entity recognizers that you created, including recognizers currently in training", - "privilege": "ListEntityRecognizers", + "access_level": "Write", + "description": "Grants permission to delete the attributes for a user", + "privilege": "DeleteUserAttributes", "resource_types": [ { "condition_keys": [], @@ -61168,175 +65769,273 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get a list of Events detection jobs that you have submitted", - "privilege": "ListEventsDetectionJobs", + "access_level": "Write", + "description": "Grants permission to delete user pools", + "privilege": "DeleteUserPool", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a list of iterations associated for a flywheel", - "privilege": "ListFlywheelIterationHistory", + "access_level": "Write", + "description": "Grants permission to delete any user pool app client", + "privilege": "DeleteUserPoolClient", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "flywheel*" + "resource_type": "userpool*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a list of the flywheels that you have created", - "privilege": "ListFlywheels", + "access_level": "Write", + "description": "Grants permission to delete any user pool domain", + "privilege": "DeleteUserPoolDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { "access_level": "Read", - "description": "Grants permission to get a list of key phrase detection jobs that you have submitted", - "privilege": "ListKeyPhrasesDetectionJobs", + "description": "Grants permission to describe any user pool identity provider", + "privilege": "DescribeIdentityProvider", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { "access_level": "Read", - "description": "Grants permission to get a list of PII entities detection jobs that you have submitted", - "privilege": "ListPiiEntitiesDetectionJobs", + "description": "Grants permission to get the detailed information about the branding style of managed login", + "privilege": "DescribeManagedLoginBranding", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { "access_level": "Read", - "description": "Grants permission to get a list of sentiment detection jobs that you have submitted", - "privilege": "ListSentimentDetectionJobs", + "description": "Grants permission to get the detailed information about the branding style of managed login associated with an appclient", + "privilege": "DescribeManagedLoginBrandingByClient", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { "access_level": "Read", - "description": "Grants permission to list tags for a resource", - "privilege": "ListTagsForResource", + "description": "Grants permission to describe any OAuth 2.0 resource server", + "privilege": "DescribeResourceServer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "document-classification-job" - }, + "resource_type": "userpool*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe the risk configuration settings of user pools and app clients", + "privilege": "DescribeRiskConfiguration", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "document-classifier" - }, + "resource_type": "userpool*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the detailed information about terms for an app client", + "privilege": "DescribeTerms", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "document-classifier-endpoint" - }, + "resource_type": "userpool*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe any user import job", + "privilege": "DescribeUserImportJob", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dominant-language-detection-job" - }, + "resource_type": "userpool*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe user pools", + "privilege": "DescribeUserPool", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "entities-detection-job" - }, + "resource_type": "userpool*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe any user pool app client", + "privilege": "DescribeUserPoolClient", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "entity-recognizer" - }, + "resource_type": "userpool*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe any user pool domain", + "privilege": "DescribeUserPoolDomain", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "entity-recognizer-endpoint" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disassociate the user pool with an AWS WAF web ACL", + "privilege": "DisassociateWebACL", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "events-detection-job" - }, + "resource_type": "userpool*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to forget the specified device", + "privilege": "ForgetDevice", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "flywheel" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to send a message to the end user with a confirmation code that is required to change the user's password", + "privilege": "ForgotPassword", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "flywheel-dataset" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to generate headers for a user import .csv file", + "privilege": "GetCSVHeader", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key-phrases-detection-job" - }, + "resource_type": "userpool*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the device", + "privilege": "GetDevice", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pii-entities-detection-job" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe a user pool group", + "privilege": "GetGroup", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sentiment-detection-job" - }, + "resource_type": "userpool*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to correlate a user pool IdP identifier to the IdP Name", + "privilege": "GetIdentityProviderByIdentifier", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "targeted-sentiment-detection-job" - }, + "resource_type": "userpool*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the detailed activity logging configuration for a user pool", + "privilege": "GetLogDeliveryConfiguration", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "topics-detection-job" + "resource_type": "userpool*" } ] }, { "access_level": "Read", - "description": "Grants permission to get a list of targeted sentiment detection jobs that you have submitted", - "privilege": "ListTargetedSentimentDetectionJobs", + "description": "Grants permission to look up signing certificates for user pools", + "privilege": "GetSigningCertificate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a list of the topic detection jobs that you have submitted", - "privilege": "ListTopicsDetectionJobs", + "access_level": "Write", + "description": "Grants permission to update user tokens with refresh tokens", + "privilege": "GetTokensFromRefreshToken", "resource_types": [ { "condition_keys": [], @@ -61346,249 +66045,264 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to attach policy to resource", - "privilege": "PutResourcePolicy", + "access_level": "Read", + "description": "Grants permission to get UI customization information for the hosted UI of any app client", + "privilege": "GetUICustomization", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "document-classifier*" - }, + "resource_type": "userpool*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the user attributes and metadata for a user", + "privilege": "GetUser", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "entity-recognizer*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to start an asynchronous document classification job", - "privilege": "StartDocumentClassificationJob", + "access_level": "Read", + "description": "Grants permission to get the user attribute verification code for the specified attribute name", + "privilege": "GetUserAttributeVerificationCode", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "comprehend:VolumeKmsKey", - "comprehend:OutputKmsKey", - "comprehend:VpcSecurityGroupIds", - "comprehend:VpcSubnets" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "document-classification-job*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to look up the MFA configuration of user pools", + "privilege": "GetUserPoolMfaConfig", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "document-classifier" - }, + "resource_type": "userpool*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the AWS WAF web ACL that is associated with an Amazon Cognito user pool", + "privilege": "GetWebACLForResource", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "flywheel" + "resource_type": "userpool*" } ] }, { "access_level": "Write", - "description": "Grants permission to start an asynchronous dominant language detection job for a collection of documents", - "privilege": "StartDominantLanguageDetectionJob", + "description": "Grants permission to sign out users from all devices", + "privilege": "GlobalSignOut", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dominant-language-detection-job*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to initiate the authentication flow", + "privilege": "InitiateAuth", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "comprehend:VolumeKmsKey", - "comprehend:OutputKmsKey", - "comprehend:VpcSecurityGroupIds", - "comprehend:VpcSubnets" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to start an asynchronous entity detection job for a collection of documents", - "privilege": "StartEntitiesDetectionJob", + "access_level": "List", + "description": "Grants permission to list the devices", + "privilege": "ListDevices", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "comprehend:VolumeKmsKey", - "comprehend:OutputKmsKey", - "comprehend:VpcSecurityGroupIds", - "comprehend:VpcSubnets" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "entities-detection-job*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all groups in user pools", + "privilege": "ListGroups", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "entity-recognizer" - }, + "resource_type": "userpool*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all identity providers in user pools", + "privilege": "ListIdentityProviders", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "flywheel" + "resource_type": "userpool*" } ] }, { - "access_level": "Write", - "description": "Grants permission to start an asynchronous Events detection job for a collection of documents", - "privilege": "StartEventsDetectionJob", + "access_level": "List", + "description": "Grants permission to list all resource servers in user pools", + "privilege": "ListResourceServers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "events-detection-job*" - }, + "resource_type": "userpool*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the user pools that are associated with an AWS WAF web ACL", + "privilege": "ListResourcesForWebACL", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "comprehend:OutputKmsKey" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "webacl*" } ] }, { - "access_level": "Write", - "description": "Grants permission to start a flywheel iteration for a flywheel", - "privilege": "StartFlywheelIteration", + "access_level": "List", + "description": "Grants permission to list the tags that are assigned to an Amazon Cognito user pool", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "flywheel*" + "resource_type": "userpool" } ] }, { - "access_level": "Write", - "description": "Grants permission to start an asynchronous key phrase detection job for a collection of documents", - "privilege": "StartKeyPhrasesDetectionJob", + "access_level": "List", + "description": "Grants permission to list all terms for a user pool", + "privilege": "ListTerms", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key-phrases-detection-job*" - }, + "resource_type": "userpool*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all user import jobs", + "privilege": "ListUserImportJobs", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "comprehend:VolumeKmsKey", - "comprehend:OutputKmsKey", - "comprehend:VpcSecurityGroupIds", - "comprehend:VpcSubnets" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { - "access_level": "Write", - "description": "Grants permission to start an asynchronous PII entities detection job for a collection of documents", - "privilege": "StartPiiEntitiesDetectionJob", + "access_level": "List", + "description": "Grants permission to list all app clients in user pools", + "privilege": "ListUserPoolClients", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pii-entities-detection-job*" - }, + "resource_type": "userpool*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all user pools", + "privilege": "ListUserPools", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "comprehend:OutputKmsKey" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to start an asynchronous sentiment detection job for a collection of documents", - "privilege": "StartSentimentDetectionJob", + "access_level": "List", + "description": "Grants permission to list all user pool users", + "privilege": "ListUsers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sentiment-detection-job*" - }, + "resource_type": "userpool*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the users in any group", + "privilege": "ListUsersInGroup", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "comprehend:VolumeKmsKey", - "comprehend:OutputKmsKey", - "comprehend:VpcSecurityGroupIds", - "comprehend:VpcSubnets" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { "access_level": "Write", - "description": "Grants permission to start an asynchronous targeted sentiment detection job for a collection of documents", - "privilege": "StartTargetedSentimentDetectionJob", + "description": "Grants permission to resend the confirmation (for confirmation of registration) to a specific user in the user pool", + "privilege": "ResendConfirmationCode", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "targeted-sentiment-detection-job*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "comprehend:VolumeKmsKey", - "comprehend:OutputKmsKey", - "comprehend:VpcSecurityGroupIds", - "comprehend:VpcSubnets" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start an asynchronous job to detect the most common topics in the collection of documents and the phrases associated with each topic", - "privilege": "StartTopicsDetectionJob", + "description": "Grants permission to respond to the authentication challenge", + "privilege": "RespondToAuthChallenge", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "topics-detection-job*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to revoke all of the access tokens generated by the specified refresh token", + "privilege": "RevokeToken", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "comprehend:VolumeKmsKey", - "comprehend:OutputKmsKey", - "comprehend:VpcSecurityGroupIds", - "comprehend:VpcSubnets" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -61596,191 +66310,256 @@ }, { "access_level": "Write", - "description": "Grants permission to stop a dominant language detection job", - "privilege": "StopDominantLanguageDetectionJob", + "description": "Grants permission to set up or modify the detailed activity logging configuration of a user pool", + "privilege": "SetLogDeliveryConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dominant-language-detection-job*" + "resource_type": "userpool*" } ] }, { "access_level": "Write", - "description": "Grants permission to stop an entity detection job", - "privilege": "StopEntitiesDetectionJob", + "description": "Grants permission to set risk configuration for user pools and app clients", + "privilege": "SetRiskConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "entities-detection-job*" + "resource_type": "userpool*" } ] }, { "access_level": "Write", - "description": "Grants permission to stop an Events detection job", - "privilege": "StopEventsDetectionJob", + "description": "Grants permission to customize the hosted UI for any app client", + "privilege": "SetUICustomization", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "events-detection-job*" + "resource_type": "userpool*" } ] }, { "access_level": "Write", - "description": "Grants permission to stop a key phrase detection job", - "privilege": "StopKeyPhrasesDetectionJob", + "description": "Grants permission to set MFA preference for the user in the userpool", + "privilege": "SetUserMFAPreference", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key-phrases-detection-job*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to stop a PII entities detection job", - "privilege": "StopPiiEntitiesDetectionJob", + "description": "Grants permission to set user pool MFA configuration", + "privilege": "SetUserPoolMfaConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pii-entities-detection-job*" + "resource_type": "userpool*" } ] }, { "access_level": "Write", - "description": "Grants permission to stop a sentiment detection job", - "privilege": "StopSentimentDetectionJob", + "description": "Grants permission to set the user settings like multi-factor authentication (MFA)", + "privilege": "SetUserSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sentiment-detection-job*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to stop a targeted sentiment detection job", - "privilege": "StopTargetedSentimentDetectionJob", + "description": "Grants permission to register the user in the specified user pool and creates a user name, password, and user attributes", + "privilege": "SignUp", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "targeted-sentiment-detection-job*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to stop a previously created document classifier training job", - "privilege": "StopTrainingDocumentClassifier", + "description": "Grants permission to start any user import job", + "privilege": "StartUserImportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "document-classifier*" + "resource_type": "userpool*" } ] }, { "access_level": "Write", - "description": "Grants permission to stop a previously created entity recognizer training job", - "privilege": "StopTrainingEntityRecognizer", + "description": "Grants permission to stop any user import job", + "privilege": "StopUserImportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "entity-recognizer*" + "resource_type": "userpool*" } ] }, { "access_level": "Tagging", - "description": "Grants permission to tag a resource with given key value pairs", + "description": "Grants permission to tag a user pool", "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "document-classification-job" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "document-classifier" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "document-classifier-endpoint" + "resource_type": "userpool" }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "dominant-language-detection-job" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to untag a user pool", + "privilege": "UntagResource", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "entities-detection-job" + "resource_type": "userpool" }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "entity-recognizer" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the feedback for the user authentication event", + "privilege": "UpdateAuthEventFeedback", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "entity-recognizer-endpoint" - }, + "resource_type": "userpool*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the device status", + "privilege": "UpdateDeviceStatus", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "events-detection-job" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the configuration of any group", + "privilege": "UpdateGroup", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "flywheel" - }, + "resource_type": "userpool*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the configuration of any user pool IdP", + "privilege": "UpdateIdentityProvider", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "flywheel-dataset" - }, + "resource_type": "userpool*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the branding settings of a managed login", + "privilege": "UpdateManagedLoginBranding", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key-phrases-detection-job" - }, + "resource_type": "userpool*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the configuration of any OAuth 2.0 resource server", + "privilege": "UpdateResourceServer", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pii-entities-detection-job" - }, + "resource_type": "userpool*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update terms for an app client", + "privilege": "UpdateTerms", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sentiment-detection-job" - }, + "resource_type": "userpool*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to allow a user to update a specific attribute (one at a time)", + "privilege": "UpdateUserAttributes", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "targeted-sentiment-detection-job" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to updates the configuration of user pools", + "privilege": "UpdateUserPool", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "topics-detection-job" + "resource_type": "userpool*" }, { "condition_keys": [ @@ -61793,399 +66572,210 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag a resource with given key", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to update any user pool client", + "privilege": "UpdateUserPoolClient", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "document-classification-job" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "document-classifier" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "document-classifier-endpoint" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "dominant-language-detection-job" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "entities-detection-job" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "entity-recognizer" - }, + "resource_type": "userpool*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to replace the certificate for any custom domain", + "privilege": "UpdateUserPoolDomain", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "entity-recognizer-endpoint" - }, + "resource_type": "userpool*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to register a user's entered TOTP code and mark the user's software token MFA status as verified if successful", + "privilege": "VerifySoftwareToken", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "events-detection-job" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to verify a user attribute using a one time verification code", + "privilege": "VerifyUserAttribute", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "flywheel" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "flywheel-dataset" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "key-phrases-detection-job" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "pii-entities-detection-job" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "sentiment-detection-job" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "targeted-sentiment-detection-job" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "topics-detection-job" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] - }, - { - "access_level": "Write", - "description": "Grants permission to update information about the specified endpoint", - "privilege": "UpdateEndpoint", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "document-classifier-endpoint*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "entity-recognizer-endpoint*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "flywheel" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to Update a flywheel's configuration", - "privilege": "UpdateFlywheel", - "resource_types": [ - { - "condition_keys": [ - "comprehend:VolumeKmsKey", - "comprehend:ModelKmsKey", - "comprehend:VpcSecurityGroupIds", - "comprehend:VpcSubnets" - ], - "dependent_actions": [], - "resource_type": "flywheel*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "document-classifier" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "entity-recognizer" - } - ] } ], "resources": [ { - "arn": "arn:${Partition}:comprehend:${Region}:${Account}:targeted-sentiment-detection-job/${JobId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "targeted-sentiment-detection-job" - }, - { - "arn": "arn:${Partition}:comprehend:${Region}:${Account}:document-classifier/${DocumentClassifierName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "document-classifier" - }, - { - "arn": "arn:${Partition}:comprehend:${Region}:${Account}:document-classifier-endpoint/${DocumentClassifierEndpointName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "document-classifier-endpoint" - }, - { - "arn": "arn:${Partition}:comprehend:${Region}:${Account}:entity-recognizer/${EntityRecognizerName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "entity-recognizer" - }, - { - "arn": "arn:${Partition}:comprehend:${Region}:${Account}:entity-recognizer-endpoint/${EntityRecognizerEndpointName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "entity-recognizer-endpoint" - }, - { - "arn": "arn:${Partition}:comprehend:${Region}:${Account}:dominant-language-detection-job/${JobId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "dominant-language-detection-job" - }, - { - "arn": "arn:${Partition}:comprehend:${Region}:${Account}:entities-detection-job/${JobId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "entities-detection-job" - }, - { - "arn": "arn:${Partition}:comprehend:${Region}:${Account}:pii-entities-detection-job/${JobId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "pii-entities-detection-job" - }, - { - "arn": "arn:${Partition}:comprehend:${Region}:${Account}:events-detection-job/${JobId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "events-detection-job" - }, - { - "arn": "arn:${Partition}:comprehend:${Region}:${Account}:key-phrases-detection-job/${JobId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "key-phrases-detection-job" - }, - { - "arn": "arn:${Partition}:comprehend:${Region}:${Account}:sentiment-detection-job/${JobId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "sentiment-detection-job" - }, - { - "arn": "arn:${Partition}:comprehend:${Region}:${Account}:topics-detection-job/${JobId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "topics-detection-job" - }, - { - "arn": "arn:${Partition}:comprehend:${Region}:${Account}:document-classification-job/${JobId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "document-classification-job" - }, - { - "arn": "arn:${Partition}:comprehend:${Region}:${Account}:flywheel/${FlywheelName}", + "arn": "arn:${Partition}:cognito-idp:${Region}:${Account}:userpool/${UserPoolId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "flywheel" + "resource": "userpool" }, { - "arn": "arn:${Partition}:comprehend:${Region}:${Account}:flywheel/${FlywheelName}/dataset/${DatasetName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "flywheel-dataset" + "arn": "arn:${Partition}:wafv2:${Region}:${Account}:${Scope}/webacl/${Name}/${Id}", + "condition_keys": [], + "resource": "webacl" } ], - "service_name": "Amazon Comprehend" + "service_name": "Amazon Cognito User Pools" }, { - "conditions": [ - { - "condition": "aws:TagKeys", - "description": "Filters access by the presence of tag keys in the request", - "type": "ArrayOfString" - } - ], - "prefix": "comprehendmedical", + "conditions": [], + "prefix": "cognito-sync", "privileges": [ { - "access_level": "Read", - "description": "Grants permission to describe the properties of a medical entity detection job that you have submitted", - "privilege": "DescribeEntitiesDetectionV2Job", + "access_level": "Write", + "description": "Grants permission to initiate a bulk publish of all existing datasets for an Identity Pool to the configured stream", + "privilege": "BulkPublish", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "identitypool*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe the properties of an ICD-10-CM linking job that you have submitted", - "privilege": "DescribeICD10CMInferenceJob", + "access_level": "Write", + "description": "Grants permission to delete a specific dataset", + "privilege": "DeleteDataset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "dataset*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe the properties of a PHI entity detection job that you have submitted", - "privilege": "DescribePHIDetectionJob", + "description": "Grants permission to get metadata about a dataset by identity and dataset name", + "privilege": "DescribeDataset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "dataset*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe the properties of an RxNorm linking job that you have submitted", - "privilege": "DescribeRxNormInferenceJob", + "description": "Grants permission to get usage details (for example, data storage) about a particular identity pool", + "privilege": "DescribeIdentityPoolUsage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "identitypool*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe the properties of a SNOMED-CT linking job that you have submitted", - "privilege": "DescribeSNOMEDCTInferenceJob", + "description": "Grants permission to get usage information for an identity, including number of datasets and data usage", + "privilege": "DescribeIdentityUsage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "identity*" } ] }, { "access_level": "Read", - "description": "Grants permission to detect the named medical entities, and their relationships and traits within the given text document", - "privilege": "DetectEntitiesV2", + "description": "Grants permission to get the status of the last BulkPublish operation for an identity pool", + "privilege": "GetBulkPublishDetails", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "identitypool*" } ] }, { "access_level": "Read", - "description": "Grants permission to detect the protected health information (PHI) entities within the given text document", - "privilege": "DetectPHI", + "description": "Grants permission to get the events and the corresponding Lambda functions associated with an identity pool", + "privilege": "GetCognitoEvents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "identitypool*" } ] }, { "access_level": "Read", - "description": "Grants permission to detect the medical condition entities within the given text document and link them to ICD-10-CM codes", - "privilege": "InferICD10CM", + "description": "Grants permission to get the configuration settings of an identity pool", + "privilege": "GetIdentityPoolConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "identitypool*" } ] }, { - "access_level": "Read", - "description": "Grants permission to detect the medication entities within the given text document and link them to RxCUI concept identifiers from the National Library of Medicine RxNorm database", - "privilege": "InferRxNorm", + "access_level": "List", + "description": "Grants permission to list datasets for an identity", + "privilege": "ListDatasets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "dataset*" } ] }, { "access_level": "Read", - "description": "Grants permission to detect the medical condition, anatomy, and test, treatment, and procedure entities within the given text document and link them to SNOMED-CT codes", - "privilege": "InferSNOMEDCT", + "description": "Grants permission to get a list of identity pools registered with Cognito", + "privilege": "ListIdentityPoolUsage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "identitypool*" } ] }, { "access_level": "Read", - "description": "Grants permission to list the medical entity detection jobs that you have submitted", - "privilege": "ListEntitiesDetectionV2Jobs", + "description": "Grants permission to get paginated records, optionally changed after a particular sync count for a dataset and identity", + "privilege": "ListRecords", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "dataset*" } ] }, { "access_level": "Read", - "description": "Grants permission to list the ICD-10-CM linking jobs that you have submitted", - "privilege": "ListICD10CMInferenceJobs", + "description": "Grants permission to query records", + "privilege": "QueryRecords", "resource_types": [ { "condition_keys": [], @@ -62195,93 +66785,168 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list the PHI entity detection jobs that you have submitted", - "privilege": "ListPHIDetectionJobs", + "access_level": "Write", + "description": "Grants permission to register a device to receive push sync notifications", + "privilege": "RegisterDevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "identity*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list the RxNorm linking jobs that you have submitted", - "privilege": "ListRxNormInferenceJobs", + "access_level": "Write", + "description": "Grants permission to set the AWS Lambda function for a given event type for an identity pool", + "privilege": "SetCognitoEvents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "identitypool*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list the SNOMED-CT linking jobs that you have submitted", - "privilege": "ListSNOMEDCTInferenceJobs", + "access_level": "Write", + "description": "Grants permission to configure datasets", + "privilege": "SetDatasetConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "dataset*" } ] }, { "access_level": "Write", - "description": "Grants permission to start an asynchronous medical entity detection job for a collection of documents", - "privilege": "StartEntitiesDetectionV2Job", + "description": "Grants permission to set the necessary configuration for push sync", + "privilege": "SetIdentityPoolConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "identitypool*" } ] }, { "access_level": "Write", - "description": "Grants permission to start an asynchronous ICD-10-CM linking job for a collection of documents", - "privilege": "StartICD10CMInferenceJob", + "description": "Grants permission to subscribe to receive notifications when a dataset is modified by another device", + "privilege": "SubscribeToDataset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "dataset*" } ] }, { "access_level": "Write", - "description": "Grants permission to start an asynchronous PHI entity detection job for a collection of documents", - "privilege": "StartPHIDetectionJob", + "description": "Grants permission to unsubscribe from receiving notifications when a dataset is modified by another device", + "privilege": "UnsubscribeFromDataset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "dataset*" } ] }, { "access_level": "Write", - "description": "Grants permission to start an asynchronous RxNorm linking job for a collection of documents", - "privilege": "StartRxNormInferenceJob", + "description": "Grants permission to post updates to records and add and delete records for a dataset and user", + "privilege": "UpdateRecords", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "dataset*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:cognito-sync:${Region}:${Account}:identitypool/${IdentityPoolId}/identity/${IdentityId}/dataset/${DatasetName}", + "condition_keys": [], + "resource": "dataset" }, { - "access_level": "Write", - "description": "Grants permission to start an asynchronous SNOMED-CT linking job for a collection of documents", - "privilege": "StartSNOMEDCTInferenceJob", + "arn": "arn:${Partition}:cognito-sync:${Region}:${Account}:identitypool/${IdentityPoolId}/identity/${IdentityId}", + "condition_keys": [], + "resource": "identity" + }, + { + "arn": "arn:${Partition}:cognito-sync:${Region}:${Account}:identitypool/${IdentityPoolId}", + "condition_keys": [], + "resource": "identitypool" + } + ], + "service_name": "Amazon Cognito Sync" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by requiring tag values present in a resource creation request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by requiring tag value associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by requiring the presence of mandatory tags in the request", + "type": "ArrayOfString" + }, + { + "condition": "comprehend:DataLakeKmsKey", + "description": "Filters access by the DataLake Kms Key associated with the flywheel resource in the request", + "type": "ARN" + }, + { + "condition": "comprehend:FlywheelIterationId", + "description": "Filters access by particular Iteration Id for a flywheel", + "type": "String" + }, + { + "condition": "comprehend:ModelKmsKey", + "description": "Filters access by the model KMS key associated with the resource in the request", + "type": "ARN" + }, + { + "condition": "comprehend:OutputKmsKey", + "description": "Filters access by the output KMS key associated with the resource in the request", + "type": "ARN" + }, + { + "condition": "comprehend:VolumeKmsKey", + "description": "Filters access by the volume KMS key associated with the resource in the request", + "type": "ARN" + }, + { + "condition": "comprehend:VpcSecurityGroupIds", + "description": "Filters access by the list of all VPC security group ids associated with the resource in the request", + "type": "ArrayOfString" + }, + { + "condition": "comprehend:VpcSubnets", + "description": "Filters access by the list of all VPC subnets associated with the resource in the request", + "type": "ArrayOfString" + } + ], + "prefix": "comprehend", + "privileges": [ + { + "access_level": "Read", + "description": "Grants permission to detect the language or languages present in the list of text documents", + "privilege": "BatchDetectDominantLanguage", "resource_types": [ { "condition_keys": [], @@ -62291,9 +66956,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to stop a medical entity detection job", - "privilege": "StopEntitiesDetectionV2Job", + "access_level": "Read", + "description": "Grants permission to detect the named entities (\"People\", \"Places\", \"Locations\", etc) within the given list of text documents", + "privilege": "BatchDetectEntities", "resource_types": [ { "condition_keys": [], @@ -62303,9 +66968,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to stop an ICD-10-CM linking job", - "privilege": "StopICD10CMInferenceJob", + "access_level": "Read", + "description": "Grants permission to detect the phrases in the list of text documents that are most indicative of the content", + "privilege": "BatchDetectKeyPhrases", "resource_types": [ { "condition_keys": [], @@ -62315,9 +66980,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to stop a PHI entity detection job", - "privilege": "StopPHIDetectionJob", + "access_level": "Read", + "description": "Grants permission to detect the sentiment of a text in the list of documents (Positive, Negative, Neutral, or Mixed)", + "privilege": "BatchDetectSentiment", "resource_types": [ { "condition_keys": [], @@ -62327,9 +66992,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to stop an RxNorm linking job", - "privilege": "StopRxNormInferenceJob", + "access_level": "Read", + "description": "Grants permission to detect syntactic information (like Part of Speech, Tokens) in a list of text documents", + "privilege": "BatchDetectSyntax", "resource_types": [ { "condition_keys": [], @@ -62339,9 +67004,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to stop a SNOMED-CT linking job", - "privilege": "StopSNOMEDCTInferenceJob", + "access_level": "Read", + "description": "Grants permission to detect the sentiments associated with specific entities (such as brands or products) within the given list of text documents", + "privilege": "BatchDetectTargetedSentiment", "resource_types": [ { "condition_keys": [], @@ -62349,44 +67014,23 @@ "resource_type": "" } ] - } - ], - "resources": [], - "service_name": "Amazon Comprehend Medical" - }, - { - "conditions": [ - { - "condition": "compute-optimizer:ResourceType", - "description": "Filters access by the resource type", - "type": "String" - } - ], - "prefix": "compute-optimizer", - "privileges": [ + }, { - "access_level": "Write", - "description": "Grants permission to delete recommendation preferences", - "privilege": "DeleteRecommendationPreferences", + "access_level": "Read", + "description": "Grants permission to create a new document classification request to analyze a single document in real-time, using a previously created and trained custom model and an endpoint", + "privilege": "ClassifyDocument", "resource_types": [ { - "condition_keys": [ - "compute-optimizer:ResourceType" - ], - "dependent_actions": [ - "autoscaling:DescribeAutoScalingGroups", - "ec2:DescribeInstances", - "rds:DescribeDBClusters", - "rds:DescribeDBInstances" - ], - "resource_type": "" + "condition_keys": [], + "dependent_actions": [], + "resource_type": "document-classifier-endpoint*" } ] }, { - "access_level": "List", - "description": "Grants permission to view the status of recommendation export jobs", - "privilege": "DescribeRecommendationExportJobs", + "access_level": "Read", + "description": "Grants permission to classify the personally identifiable information within given documents in real-time", + "privilege": "ContainsPiiEntities", "resource_types": [ { "condition_keys": [], @@ -62397,439 +67041,448 @@ }, { "access_level": "Write", - "description": "Grants permission to export AutoScaling group recommendations to S3 for the provided accounts", - "privilege": "ExportAutoScalingGroupRecommendations", + "description": "Grants permission to create a new dataset within a flywheel", + "privilege": "CreateDataset", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "autoscaling:DescribeAutoScalingGroups", - "compute-optimizer:GetAutoScalingGroupRecommendations" + "dependent_actions": [], + "resource_type": "flywheel*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to export EBS volume recommendations to S3 for the provided accounts", - "privilege": "ExportEBSVolumeRecommendations", + "description": "Grants permission to create a new document classifier that you can use to categorize documents", + "privilege": "CreateDocumentClassifier", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "compute-optimizer:GetEBSVolumeRecommendations", - "ec2:DescribeVolumes" + "dependent_actions": [], + "resource_type": "document-classifier*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "comprehend:VolumeKmsKey", + "comprehend:ModelKmsKey", + "comprehend:OutputKmsKey", + "comprehend:VpcSecurityGroupIds", + "comprehend:VpcSubnets" ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to export EC2 instance recommendations to S3 for the provided accounts", - "privilege": "ExportEC2InstanceRecommendations", + "description": "Grants permission to create a model-specific endpoint for synchronous inference for a previously trained custom model", + "privilege": "CreateEndpoint", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "compute-optimizer:GetEC2InstanceRecommendations", - "ec2:DescribeInstances" + "dependent_actions": [], + "resource_type": "document-classifier*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], - "resource_type": "" + "dependent_actions": [], + "resource_type": "document-classifier-endpoint*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "entity-recognizer*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "entity-recognizer-endpoint*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "flywheel" } ] }, { "access_level": "Write", - "description": "Grants permission to export ECS service recommendations to S3 for the provided accounts", - "privilege": "ExportECSServiceRecommendations", + "description": "Grants permission to create an entity recognizer using submitted files", + "privilege": "CreateEntityRecognizer", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "compute-optimizer:GetECSServiceRecommendations", - "ecs:ListClusters", - "ecs:ListServices" + "dependent_actions": [], + "resource_type": "entity-recognizer*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "comprehend:VolumeKmsKey", + "comprehend:ModelKmsKey", + "comprehend:VpcSecurityGroupIds", + "comprehend:VpcSubnets" ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to export idle recommendations to S3 for the provided accounts", - "privilege": "ExportIdleRecommendations", + "description": "Grants permission to create a new flywheel that you can use to train model versions", + "privilege": "CreateFlywheel", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [ - "compute-optimizer:GetIdleRecommendations" + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "comprehend:VolumeKmsKey", + "comprehend:ModelKmsKey", + "comprehend:DataLakeKmsKey", + "comprehend:VpcSecurityGroupIds", + "comprehend:VpcSubnets" ], - "resource_type": "" + "dependent_actions": [], + "resource_type": "flywheel*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "document-classifier" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "entity-recognizer" } ] }, { "access_level": "Write", - "description": "Grants permission to export Lambda function recommendations to S3 for the provided accounts", - "privilege": "ExportLambdaFunctionRecommendations", + "description": "Grants permission to delete a previously created document classifier", + "privilege": "DeleteDocumentClassifier", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "compute-optimizer:GetLambdaFunctionRecommendations", - "lambda:ListFunctions", - "lambda:ListProvisionedConcurrencyConfigs" - ], - "resource_type": "" + "dependent_actions": [], + "resource_type": "document-classifier*" } ] }, { "access_level": "Write", - "description": "Grants permission to export license recommendations to S3 for the provided account(s)", - "privilege": "ExportLicenseRecommendations", + "description": "Grants permission to delete a model-specific endpoint for a previously-trained custom model. All endpoints must be deleted in order for the model to be deleted", + "privilege": "DeleteEndpoint", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "compute-optimizer:GetLicenseRecommendations", - "ec2:DescribeInstances" - ], - "resource_type": "" + "dependent_actions": [], + "resource_type": "document-classifier-endpoint*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "entity-recognizer-endpoint*" } ] }, { "access_level": "Write", - "description": "Grants permission to export rds recommendations to S3 for the provided accounts", - "privilege": "ExportRDSDatabaseRecommendations", + "description": "Grants permission to delete a submitted entity recognizer", + "privilege": "DeleteEntityRecognizer", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "compute-optimizer:GetRDSDatabaseRecommendations", - "rds:DescribeDBClusters", - "rds:DescribeDBInstances" - ], - "resource_type": "" + "dependent_actions": [], + "resource_type": "entity-recognizer*" } ] }, { - "access_level": "List", - "description": "Grants permission to get recommendations for the provided AutoScaling groups", - "privilege": "GetAutoScalingGroupRecommendations", + "access_level": "Write", + "description": "Grants permission to Delete a flywheel", + "privilege": "DeleteFlywheel", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "autoscaling:DescribeAutoScalingGroups" - ], - "resource_type": "" + "dependent_actions": [], + "resource_type": "flywheel*" } ] }, { - "access_level": "List", - "description": "Grants permission to get recommendations for the provided EBS volumes", - "privilege": "GetEBSVolumeRecommendations", + "access_level": "Write", + "description": "Grants permission to remove policy on resource", + "privilege": "DeleteResourcePolicy", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:DescribeVolumes" - ], - "resource_type": "" + "dependent_actions": [], + "resource_type": "document-classifier*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "entity-recognizer*" } ] }, { - "access_level": "List", - "description": "Grants permission to get recommendations for the provided EC2 instances", - "privilege": "GetEC2InstanceRecommendations", + "access_level": "Read", + "description": "Grants permission to get the properties associated with a dataset", + "privilege": "DescribeDataset", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:DescribeInstances" - ], - "resource_type": "" + "dependent_actions": [], + "resource_type": "flywheel-dataset*" } ] }, { - "access_level": "List", - "description": "Grants permission to get the recommendation projected metrics of the specified instance", - "privilege": "GetEC2RecommendationProjectedMetrics", + "access_level": "Read", + "description": "Grants permission to get the properties associated with a document classification job", + "privilege": "DescribeDocumentClassificationJob", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:DescribeInstances" - ], - "resource_type": "" + "dependent_actions": [], + "resource_type": "document-classification-job*" } ] }, { - "access_level": "List", - "description": "Grants permission to get the recommendation projected metrics of the specified ECS service", - "privilege": "GetECSServiceRecommendationProjectedMetrics", + "access_level": "Read", + "description": "Grants permission to get the properties associated with a document classifier", + "privilege": "DescribeDocumentClassifier", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "document-classifier*" } ] }, { - "access_level": "List", - "description": "Grants permission to get recommendations for the provided ECS services", - "privilege": "GetECSServiceRecommendations", + "access_level": "Read", + "description": "Grants permission to get the properties associated with a dominant language detection job", + "privilege": "DescribeDominantLanguageDetectionJob", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ecs:ListClusters", - "ecs:ListServices" - ], - "resource_type": "" + "dependent_actions": [], + "resource_type": "dominant-language-detection-job*" } ] }, { "access_level": "Read", - "description": "Grants permission to get recommendation preferences that are in effect", - "privilege": "GetEffectiveRecommendationPreferences", + "description": "Grants permission to get the properties associated with a specific endpoint. Use this operation to get the status of an endpoint", + "privilege": "DescribeEndpoint", "resource_types": [ { - "condition_keys": [ - "compute-optimizer:ResourceType" - ], - "dependent_actions": [ - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:DescribeAutoScalingInstances", - "ec2:DescribeInstances", - "rds:DescribeDBClusters", - "rds:DescribeDBInstances" - ], - "resource_type": "" + "condition_keys": [], + "dependent_actions": [], + "resource_type": "document-classifier-endpoint*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "entity-recognizer-endpoint*" } ] }, { - "access_level": "List", - "description": "Grants permission to get the enrollment status for the specified account", - "privilege": "GetEnrollmentStatus", + "access_level": "Read", + "description": "Grants permission to get the properties associated with an entities detection job", + "privilege": "DescribeEntitiesDetectionJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "entities-detection-job*" } ] }, { - "access_level": "List", - "description": "Grants permission to get the enrollment statuses for member accounts of the organization", - "privilege": "GetEnrollmentStatusesForOrganization", + "access_level": "Read", + "description": "Grants permission to provide details about an entity recognizer including status, S3 buckets containing training data, recognizer metadata, metrics, and so on", + "privilege": "DescribeEntityRecognizer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "entity-recognizer*" } ] }, { - "access_level": "List", - "description": "Grants permission to get idle recommendations for the specified account(s)", - "privilege": "GetIdleRecommendations", + "access_level": "Read", + "description": "Grants permission to get the properties associated with an Events detection job", + "privilege": "DescribeEventsDetectionJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "events-detection-job*" } ] }, { - "access_level": "List", - "description": "Grants permission to get recommendations for the provided Lambda functions", - "privilege": "GetLambdaFunctionRecommendations", + "access_level": "Read", + "description": "Grants permission to get the properties associated with a flywheel", + "privilege": "DescribeFlywheel", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "lambda:ListFunctions", - "lambda:ListProvisionedConcurrencyConfigs" - ], - "resource_type": "" + "dependent_actions": [], + "resource_type": "flywheel*" } ] }, { - "access_level": "List", - "description": "Grants permission to get license recommendations for the specified account(s)", - "privilege": "GetLicenseRecommendations", + "access_level": "Read", + "description": "Grants permission to get the properties associated with a flywheel iteration for a flywheel", + "privilege": "DescribeFlywheelIteration", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:DescribeInstances" + "dependent_actions": [], + "resource_type": "flywheel*" + }, + { + "condition_keys": [ + "comprehend:FlywheelIterationId" ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to get the recommendation projected metrics of the specified instance", - "privilege": "GetRDSDatabaseRecommendationProjectedMetrics", + "access_level": "Read", + "description": "Grants permission to get the properties associated with a key phrases detection job", + "privilege": "DescribeKeyPhrasesDetectionJob", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "rds:DescribeDBClusters", - "rds:DescribeDBInstances" - ], - "resource_type": "" + "dependent_actions": [], + "resource_type": "key-phrases-detection-job*" } ] }, { - "access_level": "List", - "description": "Grants permission to get rds recommendations for the specified account(s)", - "privilege": "GetRDSDatabaseRecommendations", + "access_level": "Read", + "description": "Grants permission to get the properties associated with a PII entities detection job", + "privilege": "DescribePiiEntitiesDetectionJob", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "rds:DescribeDBClusters", - "rds:DescribeDBInstances" - ], - "resource_type": "" + "dependent_actions": [], + "resource_type": "pii-entities-detection-job*" } ] }, { "access_level": "Read", - "description": "Grants permission to get recommendation preferences", - "privilege": "GetRecommendationPreferences", + "description": "Grants permission to read attached policy on resource", + "privilege": "DescribeResourcePolicy", "resource_types": [ { - "condition_keys": [ - "compute-optimizer:ResourceType" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "document-classifier*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "entity-recognizer*" } ] }, { - "access_level": "List", - "description": "Grants permission to get the recommendation summaries for the specified account(s)", - "privilege": "GetRecommendationSummaries", + "access_level": "Read", + "description": "Grants permission to get the properties associated with a sentiment detection job", + "privilege": "DescribeSentimentDetectionJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "sentiment-detection-job*" } ] }, { - "access_level": "Write", - "description": "Grants permission to put recommendation preferences", - "privilege": "PutRecommendationPreferences", + "access_level": "Read", + "description": "Grants permission to get the properties associated with a targeted sentiment detection job", + "privilege": "DescribeTargetedSentimentDetectionJob", "resource_types": [ { - "condition_keys": [ - "compute-optimizer:ResourceType" - ], - "dependent_actions": [ - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:DescribeAutoScalingInstances", - "ec2:DescribeInstances", - "rds:DescribeDBClusters", - "rds:DescribeDBInstances" - ], - "resource_type": "" + "condition_keys": [], + "dependent_actions": [], + "resource_type": "targeted-sentiment-detection-job*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the enrollment status", - "privilege": "UpdateEnrollmentStatus", + "access_level": "Read", + "description": "Grants permission to get the properties associated with a topic detection job", + "privilege": "DescribeTopicsDetectionJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "topics-detection-job*" } ] - } - ], - "resources": [], - "service_name": "AWS Compute Optimizer" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the allowed set of values for each of the tags", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tag-value associated with the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the presence of mandatory tags in the request", - "type": "ArrayOfString" }, { - "condition": "config:ConfigurationRecorderServicePrincipal", - "description": "Filters access by service principal of the configuration recorder", - "type": "String" - } - ], - "prefix": "config", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to add all specified resource types to the RecordingGroup of configuration recorder and includes those resource types when recording", - "privilege": "AssociateResourceTypes", + "access_level": "Read", + "description": "Grants permission to detect the language or languages present in the text", + "privilege": "DetectDominantLanguage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfigurationRecorder*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to return the current configuration items for resources that are present in your AWS Config aggregator", - "privilege": "BatchGetAggregateResourceConfig", + "description": "Grants permission to detect the named entities (\"People\", \"Places\", \"Locations\", etc) within the given text document", + "privilege": "DetectEntities", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfigurationAggregator*" + "resource_type": "entity-recognizer-endpoint" } ] }, { "access_level": "Read", - "description": "Grants permission to return the current configuration for one or more requested resources", - "privilege": "BatchGetResourceConfig", + "description": "Grants permission to detect the phrases in the text that are most indicative of the content", + "privilege": "DetectKeyPhrases", "resource_types": [ { "condition_keys": [], @@ -62839,117 +67492,131 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete the authorization granted to the specified configuration aggregator account in a specified region", - "privilege": "DeleteAggregationAuthorization", + "access_level": "Read", + "description": "Grants permission to detect the personally identifiable information entities (\"Name\", \"SSN\", \"PIN\", etc) within the given text document", + "privilege": "DetectPiiEntities", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "AggregationAuthorization*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified AWS Config rule and all of its evaluation results", - "privilege": "DeleteConfigRule", + "access_level": "Read", + "description": "Grants permission to detect the sentiment of a text in a document (Positive, Negative, Neutral, or Mixed)", + "privilege": "DetectSentiment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfigRule*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified configuration aggregator and the aggregated data associated with the aggregator", - "privilege": "DeleteConfigurationAggregator", + "access_level": "Read", + "description": "Grants permission to detect syntactic information (like Part of Speech, Tokens) in a text document", + "privilege": "DetectSyntax", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfigurationAggregator*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the customer managed configuration recorder", - "privilege": "DeleteConfigurationRecorder", + "access_level": "Read", + "description": "Grants permission to detect the sentiments associated with specific entities (such as brands or products) in a document", + "privilege": "DetectTargetedSentiment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfigurationRecorder*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified conformance pack and all the AWS Config rules and all evaluation results within that conformance pack", - "privilege": "DeleteConformancePack", + "access_level": "Read", + "description": "Grants permission to detect toxic content within the given list of text segments", + "privilege": "DetectToxicContent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConformancePack*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the delivery channel", - "privilege": "DeleteDeliveryChannel", + "description": "Grants permission to import a trained Comprehend model", + "privilege": "ImportModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "document-classifier*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "entity-recognizer*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "comprehend:ModelKmsKey" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the evaluation results for the specified Config rule", - "privilege": "DeleteEvaluationResults", + "access_level": "Read", + "description": "Grants permission to get a list of the Datasets associated with a flywheel", + "privilege": "ListDatasets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfigRule*" + "resource_type": "flywheel*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified organization config rule and all of its evaluation results from all member accounts in that organization", - "privilege": "DeleteOrganizationConfigRule", + "access_level": "Read", + "description": "Grants permission to get a list of the document classification jobs that you have submitted", + "privilege": "ListDocumentClassificationJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "OrganizationConfigRule*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified organization conformance pack and all of its evaluation results from all member accounts in that organization", - "privilege": "DeleteOrganizationConformancePack", + "access_level": "Read", + "description": "Grants permission to get a list of summaries of the document classifiers that you have created", + "privilege": "ListDocumentClassifierSummaries", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "OrganizationConformancePack*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete pending authorization requests for a specified aggregator account in a specified region", - "privilege": "DeletePendingAggregationRequest", + "access_level": "Read", + "description": "Grants permission to get a list of the document classifiers that you have created", + "privilege": "ListDocumentClassifiers", "resource_types": [ { "condition_keys": [], @@ -62959,21 +67626,21 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete the remediation configuration", - "privilege": "DeleteRemediationConfiguration", + "access_level": "Read", + "description": "Grants permission to get a list of the dominant language detection jobs that you have submitted", + "privilege": "ListDominantLanguageDetectionJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RemediationConfiguration*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete one or more remediation exceptions for specific resource keys for a specific AWS Config Rule", - "privilege": "DeleteRemediationExceptions", + "access_level": "Read", + "description": "Grants permission to get a list of all existing endpoints that you've created", + "privilege": "ListEndpoints", "resource_types": [ { "condition_keys": [], @@ -62983,9 +67650,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to record the configuration state for a custom resource that has been deleted", - "privilege": "DeleteResourceConfig", + "access_level": "Read", + "description": "Grants permission to get a list of the entity detection jobs that you have submitted", + "privilege": "ListEntitiesDetectionJobs", "resource_types": [ { "condition_keys": [], @@ -62995,9 +67662,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete the retention configuration", - "privilege": "DeleteRetentionConfiguration", + "access_level": "Read", + "description": "Grants permission to get a list of summaries for the entity recognizers that you have created", + "privilege": "ListEntityRecognizerSummaries", "resource_types": [ { "condition_keys": [], @@ -63007,76 +67674,69 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete the service-linked configuration recorder", - "privilege": "DeleteServiceLinkedConfigurationRecorder", - "resource_types": [ + "access_level": "Read", + "description": "Grants permission to get a list of the properties of all entity recognizers that you created, including recognizers currently in training", + "privilege": "ListEntityRecognizers", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfigurationRecorder*" - }, - { - "condition_keys": [ - "config:ConfigurationRecorderServicePrincipal" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the stored query for an AWS account in an AWS Region", - "privilege": "DeleteStoredQuery", + "access_level": "Read", + "description": "Grants permission to get a list of Events detection jobs that you have submitted", + "privilege": "ListEventsDetectionJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "StoredQuery*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to schedule delivery of a configuration snapshot to the Amazon S3 bucket in the specified delivery channel", - "privilege": "DeliverConfigSnapshot", + "description": "Grants permission to get a list of iterations associated for a flywheel", + "privilege": "ListFlywheelIterationHistory", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "flywheel*" } ] }, { "access_level": "Read", - "description": "Grants permission to return a list of compliant and noncompliant rules with the number of resources for compliant and noncompliant rules", - "privilege": "DescribeAggregateComplianceByConfigRules", + "description": "Grants permission to get a list of the flywheels that you have created", + "privilege": "ListFlywheels", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfigurationAggregator*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to return a list of compliant and noncompliant conformance packs along with count of compliant, non-compliant and total rules within each conformance pack", - "privilege": "DescribeAggregateComplianceByConformancePacks", + "description": "Grants permission to get a list of key phrase detection jobs that you have submitted", + "privilege": "ListKeyPhrasesDetectionJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfigurationAggregator*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to return a list of authorizations granted to various aggregator accounts and regions", - "privilege": "DescribeAggregationAuthorizations", + "access_level": "Read", + "description": "Grants permission to get a list of PII entities detection jobs that you have submitted", + "privilege": "ListPiiEntitiesDetectionJobs", "resource_types": [ { "condition_keys": [], @@ -63087,8 +67747,8 @@ }, { "access_level": "Read", - "description": "Grants permission to indicate whether the specified AWS Config rules are compliant", - "privilege": "DescribeComplianceByConfigRule", + "description": "Grants permission to get a list of sentiment detection jobs that you have submitted", + "privilege": "ListSentimentDetectionJobs", "resource_types": [ { "condition_keys": [], @@ -63099,20 +67759,90 @@ }, { "access_level": "Read", - "description": "Grants permission to indicate whether the specified AWS resources are compliant", - "privilege": "DescribeComplianceByResource", + "description": "Grants permission to list tags for a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "document-classification-job" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "document-classifier" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "document-classifier-endpoint" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dominant-language-detection-job" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "entities-detection-job" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "entity-recognizer" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "entity-recognizer-endpoint" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "events-detection-job" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "flywheel" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "flywheel-dataset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "key-phrases-detection-job" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "pii-entities-detection-job" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "sentiment-detection-job" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "targeted-sentiment-detection-job" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "topics-detection-job" } ] }, { "access_level": "Read", - "description": "Grants permission to return status information for each of your AWS managed Config rules", - "privilege": "DescribeConfigRuleEvaluationStatus", + "description": "Grants permission to get a list of targeted sentiment detection jobs that you have submitted", + "privilege": "ListTargetedSentimentDetectionJobs", "resource_types": [ { "condition_keys": [], @@ -63122,9 +67852,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to return details about your AWS Config rules", - "privilege": "DescribeConfigRules", + "access_level": "Read", + "description": "Grants permission to get a list of the topic detection jobs that you have submitted", + "privilege": "ListTopicsDetectionJobs", "resource_types": [ { "condition_keys": [], @@ -63134,42 +67864,69 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to return status information for sources within an aggregator", - "privilege": "DescribeConfigurationAggregatorSourcesStatus", + "access_level": "Write", + "description": "Grants permission to attach policy to resource", + "privilege": "PutResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfigurationAggregator*" + "resource_type": "document-classifier*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "entity-recognizer*" } ] }, { - "access_level": "List", - "description": "Grants permission to return the details of one or more configuration aggregators", - "privilege": "DescribeConfigurationAggregators", + "access_level": "Write", + "description": "Grants permission to start an asynchronous document classification job", + "privilege": "StartDocumentClassificationJob", "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "comprehend:VolumeKmsKey", + "comprehend:OutputKmsKey", + "comprehend:VpcSecurityGroupIds", + "comprehend:VpcSubnets" + ], + "dependent_actions": [], + "resource_type": "document-classification-job*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "document-classifier" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "flywheel" } ] }, { - "access_level": "Read", - "description": "Grants permission to return the current status of the specified configuration recorder", - "privilege": "DescribeConfigurationRecorderStatus", + "access_level": "Write", + "description": "Grants permission to start an asynchronous dominant language detection job for a collection of documents", + "privilege": "StartDominantLanguageDetectionJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfigurationRecorder*" + "resource_type": "dominant-language-detection-job*" }, { "condition_keys": [ - "config:ConfigurationRecorderServicePrincipal" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "comprehend:VolumeKmsKey", + "comprehend:OutputKmsKey", + "comprehend:VpcSecurityGroupIds", + "comprehend:VpcSubnets" ], "dependent_actions": [], "resource_type": "" @@ -63177,18 +67934,49 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to return the names of one or more specified configuration recorders", - "privilege": "DescribeConfigurationRecorders", + "access_level": "Write", + "description": "Grants permission to start an asynchronous entity detection job for a collection of documents", + "privilege": "StartEntitiesDetectionJob", "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "comprehend:VolumeKmsKey", + "comprehend:OutputKmsKey", + "comprehend:VpcSecurityGroupIds", + "comprehend:VpcSubnets" + ], + "dependent_actions": [], + "resource_type": "entities-detection-job*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfigurationRecorder*" + "resource_type": "entity-recognizer" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "flywheel" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start an asynchronous Events detection job for a collection of documents", + "privilege": "StartEventsDetectionJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "events-detection-job*" }, { "condition_keys": [ - "config:ConfigurationRecorderServicePrincipal" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "comprehend:OutputKmsKey" ], "dependent_actions": [], "resource_type": "" @@ -63196,261 +67984,618 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to return compliance information for each rule in that conformance pack", - "privilege": "DescribeConformancePackCompliance", + "access_level": "Write", + "description": "Grants permission to start a flywheel iteration for a flywheel", + "privilege": "StartFlywheelIteration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConformancePack*" + "resource_type": "flywheel*" } ] }, { - "access_level": "Read", - "description": "Grants permission to provide one or more conformance packs deployment status", - "privilege": "DescribeConformancePackStatus", + "access_level": "Write", + "description": "Grants permission to start an asynchronous key phrase detection job for a collection of documents", + "privilege": "StartKeyPhrasesDetectionJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "key-phrases-detection-job*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "comprehend:VolumeKmsKey", + "comprehend:OutputKmsKey", + "comprehend:VpcSecurityGroupIds", + "comprehend:VpcSubnets" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to return a list of one or more conformance packs", - "privilege": "DescribeConformancePacks", + "access_level": "Write", + "description": "Grants permission to start an asynchronous PII entities detection job for a collection of documents", + "privilege": "StartPiiEntitiesDetectionJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "pii-entities-detection-job*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "comprehend:OutputKmsKey" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return the current status of the specified delivery channel", - "privilege": "DescribeDeliveryChannelStatus", + "access_level": "Write", + "description": "Grants permission to start an asynchronous sentiment detection job for a collection of documents", + "privilege": "StartSentimentDetectionJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "sentiment-detection-job*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "comprehend:VolumeKmsKey", + "comprehend:OutputKmsKey", + "comprehend:VpcSecurityGroupIds", + "comprehend:VpcSubnets" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to return details about the specified delivery channel", - "privilege": "DescribeDeliveryChannels", + "access_level": "Write", + "description": "Grants permission to start an asynchronous targeted sentiment detection job for a collection of documents", + "privilege": "StartTargetedSentimentDetectionJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "targeted-sentiment-detection-job*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "comprehend:VolumeKmsKey", + "comprehend:OutputKmsKey", + "comprehend:VpcSecurityGroupIds", + "comprehend:VpcSubnets" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to provide organization config rule deployment status for an organization", - "privilege": "DescribeOrganizationConfigRuleStatuses", + "access_level": "Write", + "description": "Grants permission to start an asynchronous job to detect the most common topics in the collection of documents and the phrases associated with each topic", + "privilege": "StartTopicsDetectionJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "topics-detection-job*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "comprehend:VolumeKmsKey", + "comprehend:OutputKmsKey", + "comprehend:VpcSecurityGroupIds", + "comprehend:VpcSubnets" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to return a list of organization config rules", - "privilege": "DescribeOrganizationConfigRules", + "access_level": "Write", + "description": "Grants permission to stop a dominant language detection job", + "privilege": "StopDominantLanguageDetectionJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "dominant-language-detection-job*" } ] }, { - "access_level": "Read", - "description": "Grants permission to provide organization conformance pack deployment status for an organization", - "privilege": "DescribeOrganizationConformancePackStatuses", + "access_level": "Write", + "description": "Grants permission to stop an entity detection job", + "privilege": "StopEntitiesDetectionJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "entities-detection-job*" } ] }, { - "access_level": "List", - "description": "Grants permission to return a list of organization conformance packs", - "privilege": "DescribeOrganizationConformancePacks", + "access_level": "Write", + "description": "Grants permission to stop an Events detection job", + "privilege": "StopEventsDetectionJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "events-detection-job*" } ] }, { - "access_level": "List", - "description": "Grants permission to return a list of all pending aggregation requests", - "privilege": "DescribePendingAggregationRequests", + "access_level": "Write", + "description": "Grants permission to stop a key phrase detection job", + "privilege": "StopKeyPhrasesDetectionJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "key-phrases-detection-job*" } ] }, { - "access_level": "List", - "description": "Grants permission to return the details of one or more remediation configurations", - "privilege": "DescribeRemediationConfigurations", + "access_level": "Write", + "description": "Grants permission to stop a PII entities detection job", + "privilege": "StopPiiEntitiesDetectionJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RemediationConfiguration*" + "resource_type": "pii-entities-detection-job*" } ] }, { - "access_level": "List", - "description": "Grants permission to return the details of one or more remediation exceptions", - "privilege": "DescribeRemediationExceptions", + "access_level": "Write", + "description": "Grants permission to stop a sentiment detection job", + "privilege": "StopSentimentDetectionJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "sentiment-detection-job*" } ] }, { - "access_level": "Read", - "description": "Grants permission to provide a detailed view of a Remediation Execution for a set of resources including state, timestamps and any error messages for steps that have failed", - "privilege": "DescribeRemediationExecutionStatus", + "access_level": "Write", + "description": "Grants permission to stop a targeted sentiment detection job", + "privilege": "StopTargetedSentimentDetectionJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RemediationConfiguration*" + "resource_type": "targeted-sentiment-detection-job*" } ] }, { - "access_level": "List", - "description": "Grants permission to return the details of one or more retention configurations", - "privilege": "DescribeRetentionConfigurations", + "access_level": "Write", + "description": "Grants permission to stop a previously created document classifier training job", + "privilege": "StopTrainingDocumentClassifier", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "document-classifier*" } ] }, { "access_level": "Write", - "description": "Grants permission to remove all specified resource types from the RecordingGroup of configuration recorder and excludes these resource types when recording", - "privilege": "DisassociateResourceTypes", + "description": "Grants permission to stop a previously created entity recognizer training job", + "privilege": "StopTrainingEntityRecognizer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfigurationRecorder*" + "resource_type": "entity-recognizer*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return the evaluation results for the specified AWS Config rule for a specific resource in a rule", - "privilege": "GetAggregateComplianceDetailsByConfigRule", + "access_level": "Tagging", + "description": "Grants permission to tag a resource with given key value pairs", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfigurationAggregator*" + "resource_type": "document-classification-job" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "document-classifier" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "document-classifier-endpoint" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dominant-language-detection-job" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "entities-detection-job" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "entity-recognizer" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "entity-recognizer-endpoint" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "events-detection-job" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "flywheel" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "flywheel-dataset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "key-phrases-detection-job" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "pii-entities-detection-job" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "sentiment-detection-job" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "targeted-sentiment-detection-job" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "topics-detection-job" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return the number of compliant and noncompliant rules for one or more accounts and regions in an aggregator", - "privilege": "GetAggregateConfigRuleComplianceSummary", + "access_level": "Tagging", + "description": "Grants permission to untag a resource with given key", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfigurationAggregator*" + "resource_type": "document-classification-job" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "document-classifier" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "document-classifier-endpoint" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dominant-language-detection-job" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "entities-detection-job" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "entity-recognizer" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "entity-recognizer-endpoint" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "events-detection-job" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "flywheel" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "flywheel-dataset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "key-phrases-detection-job" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "pii-entities-detection-job" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "sentiment-detection-job" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "targeted-sentiment-detection-job" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "topics-detection-job" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return the number of compliant and noncompliant conformance packs for one or more accounts and regions in an aggregator", - "privilege": "GetAggregateConformancePackComplianceSummary", + "access_level": "Write", + "description": "Grants permission to update information about the specified endpoint", + "privilege": "UpdateEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfigurationAggregator*" + "resource_type": "document-classifier-endpoint*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "entity-recognizer-endpoint*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "flywheel" } ] }, { - "access_level": "Read", - "description": "Grants permission to return the resource counts across accounts and regions that are present in your AWS Config aggregator", - "privilege": "GetAggregateDiscoveredResourceCounts", + "access_level": "Write", + "description": "Grants permission to Update a flywheel's configuration", + "privilege": "UpdateFlywheel", "resource_types": [ + { + "condition_keys": [ + "comprehend:VolumeKmsKey", + "comprehend:ModelKmsKey", + "comprehend:VpcSecurityGroupIds", + "comprehend:VpcSubnets" + ], + "dependent_actions": [], + "resource_type": "flywheel*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfigurationAggregator*" + "resource_type": "document-classifier" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "entity-recognizer" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:comprehend:${Region}:${Account}:targeted-sentiment-detection-job/${JobId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "targeted-sentiment-detection-job" + }, + { + "arn": "arn:${Partition}:comprehend:${Region}:${Account}:document-classifier/${DocumentClassifierName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "document-classifier" + }, + { + "arn": "arn:${Partition}:comprehend:${Region}:${Account}:document-classifier-endpoint/${DocumentClassifierEndpointName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "document-classifier-endpoint" + }, + { + "arn": "arn:${Partition}:comprehend:${Region}:${Account}:entity-recognizer/${EntityRecognizerName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "entity-recognizer" + }, + { + "arn": "arn:${Partition}:comprehend:${Region}:${Account}:entity-recognizer-endpoint/${EntityRecognizerEndpointName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "entity-recognizer-endpoint" + }, + { + "arn": "arn:${Partition}:comprehend:${Region}:${Account}:dominant-language-detection-job/${JobId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "dominant-language-detection-job" + }, + { + "arn": "arn:${Partition}:comprehend:${Region}:${Account}:entities-detection-job/${JobId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "entities-detection-job" + }, + { + "arn": "arn:${Partition}:comprehend:${Region}:${Account}:pii-entities-detection-job/${JobId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "pii-entities-detection-job" + }, + { + "arn": "arn:${Partition}:comprehend:${Region}:${Account}:events-detection-job/${JobId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "events-detection-job" + }, + { + "arn": "arn:${Partition}:comprehend:${Region}:${Account}:key-phrases-detection-job/${JobId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "key-phrases-detection-job" + }, + { + "arn": "arn:${Partition}:comprehend:${Region}:${Account}:sentiment-detection-job/${JobId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "sentiment-detection-job" + }, + { + "arn": "arn:${Partition}:comprehend:${Region}:${Account}:topics-detection-job/${JobId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "topics-detection-job" + }, + { + "arn": "arn:${Partition}:comprehend:${Region}:${Account}:document-classification-job/${JobId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "document-classification-job" + }, + { + "arn": "arn:${Partition}:comprehend:${Region}:${Account}:flywheel/${FlywheelName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "flywheel" }, + { + "arn": "arn:${Partition}:comprehend:${Region}:${Account}:flywheel/${FlywheelName}/dataset/${DatasetName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "flywheel-dataset" + } + ], + "service_name": "Amazon Comprehend" + }, + { + "conditions": [ + { + "condition": "aws:TagKeys", + "description": "Filters access by the presence of tag keys in the request", + "type": "ArrayOfString" + } + ], + "prefix": "comprehendmedical", + "privileges": [ { "access_level": "Read", - "description": "Grants permission to return configuration item that is aggregated for your specific resource in a specific source account and region", - "privilege": "GetAggregateResourceConfig", + "description": "Grants permission to describe the properties of a medical entity detection job that you have submitted", + "privilege": "DescribeEntitiesDetectionV2Job", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfigurationAggregator*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to return the evaluation results for the specified AWS Config rule", - "privilege": "GetComplianceDetailsByConfigRule", + "description": "Grants permission to describe the properties of an ICD-10-CM linking job that you have submitted", + "privilege": "DescribeICD10CMInferenceJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfigRule*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to return the evaluation results for the specified AWS resource", - "privilege": "GetComplianceDetailsByResource", + "description": "Grants permission to describe the properties of a PHI entity detection job that you have submitted", + "privilege": "DescribePHIDetectionJob", "resource_types": [ { "condition_keys": [], @@ -63461,8 +68606,8 @@ }, { "access_level": "Read", - "description": "Grants permission to return the number of AWS Config rules that are compliant and noncompliant, up to a maximum of 25 for each", - "privilege": "GetComplianceSummaryByConfigRule", + "description": "Grants permission to describe the properties of an RxNorm linking job that you have submitted", + "privilege": "DescribeRxNormInferenceJob", "resource_types": [ { "condition_keys": [], @@ -63473,8 +68618,8 @@ }, { "access_level": "Read", - "description": "Grants permission to return the number of resources that are compliant and the number that are noncompliant", - "privilege": "GetComplianceSummaryByResourceType", + "description": "Grants permission to describe the properties of a SNOMED-CT linking job that you have submitted", + "privilege": "DescribeSNOMEDCTInferenceJob", "resource_types": [ { "condition_keys": [], @@ -63485,44 +68630,44 @@ }, { "access_level": "Read", - "description": "Grants permission to return compliance details of a conformance pack for all AWS resources that are monitered by conformance pack", - "privilege": "GetConformancePackComplianceDetails", + "description": "Grants permission to detect the named medical entities, and their relationships and traits within the given text document", + "privilege": "DetectEntitiesV2", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConformancePack*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to provide compliance summary for one or more conformance packs", - "privilege": "GetConformancePackComplianceSummary", + "description": "Grants permission to detect the protected health information (PHI) entities within the given text document", + "privilege": "DetectPHI", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConformancePack*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to return the policy definition containing the logic for your AWS Config Custom Policy rule", - "privilege": "GetCustomRulePolicy", + "description": "Grants permission to detect the medical condition entities within the given text document and link them to ICD-10-CM codes", + "privilege": "InferICD10CM", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfigRule*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to return the resource types, the number of each resource type, and the total number of resources that AWS Config is recording in this region for your AWS account", - "privilege": "GetDiscoveredResourceCounts", + "description": "Grants permission to detect the medication entities within the given text document and link them to RxCUI concept identifiers from the National Library of Medicine RxNorm database", + "privilege": "InferRxNorm", "resource_types": [ { "condition_keys": [], @@ -63533,44 +68678,44 @@ }, { "access_level": "Read", - "description": "Grants permission to return detailed status for each member account within an organization for a given organization config rule", - "privilege": "GetOrganizationConfigRuleDetailedStatus", + "description": "Grants permission to detect the medical condition, anatomy, and test, treatment, and procedure entities within the given text document and link them to SNOMED-CT codes", + "privilege": "InferSNOMEDCT", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "OrganizationConfigRule*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to return detailed status for each member account within an organization for a given organization conformance pack", - "privilege": "GetOrganizationConformancePackDetailedStatus", + "description": "Grants permission to list the medical entity detection jobs that you have submitted", + "privilege": "ListEntitiesDetectionV2Jobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "OrganizationConformancePack*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to return the policy definition containing the logic for your organization AWS Config Custom Policy rule", - "privilege": "GetOrganizationCustomRulePolicy", + "description": "Grants permission to list the ICD-10-CM linking jobs that you have submitted", + "privilege": "ListICD10CMInferenceJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "OrganizationConfigRule*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to return a list of configuration items for the specified resource", - "privilege": "GetResourceConfigHistory", + "description": "Grants permission to list the PHI entity detection jobs that you have submitted", + "privilege": "ListPHIDetectionJobs", "resource_types": [ { "condition_keys": [], @@ -63581,8 +68726,8 @@ }, { "access_level": "Read", - "description": "Grants permission to return the summary of resource evaluations for a specific resource evaluation ID", - "privilege": "GetResourceEvaluationSummary", + "description": "Grants permission to list the RxNorm linking jobs that you have submitted", + "privilege": "ListRxNormInferenceJobs", "resource_types": [ { "condition_keys": [], @@ -63593,32 +68738,32 @@ }, { "access_level": "Read", - "description": "Grants permission to return the details of a specific stored query", - "privilege": "GetStoredQuery", + "description": "Grants permission to list the SNOMED-CT linking jobs that you have submitted", + "privilege": "ListSNOMEDCTInferenceJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "StoredQuery*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to accept a resource type and returns a list of resource identifiers that are aggregated for a specific resource type across accounts and regions", - "privilege": "ListAggregateDiscoveredResources", + "access_level": "Write", + "description": "Grants permission to start an asynchronous medical entity detection job for a collection of documents", + "privilege": "StartEntitiesDetectionV2Job", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfigurationAggregator*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the configuration recorder summaries for an AWS account in an AWS Region", - "privilege": "ListConfigurationRecorders", + "access_level": "Write", + "description": "Grants permission to start an asynchronous ICD-10-CM linking job for a collection of documents", + "privilege": "StartICD10CMInferenceJob", "resource_types": [ { "condition_keys": [], @@ -63628,9 +68773,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to return the percentage of compliant rule-resource combinations in a conformance pack compared to the number of total possible rule-resource combinations", - "privilege": "ListConformancePackComplianceScores", + "access_level": "Write", + "description": "Grants permission to start an asynchronous PHI entity detection job for a collection of documents", + "privilege": "StartPHIDetectionJob", "resource_types": [ { "condition_keys": [], @@ -63640,9 +68785,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to accept a resource type and returns a list of resource identifiers for the resources of that type", - "privilege": "ListDiscoveredResources", + "access_level": "Write", + "description": "Grants permission to start an asynchronous RxNorm linking job for a collection of documents", + "privilege": "StartRxNormInferenceJob", "resource_types": [ { "condition_keys": [], @@ -63652,9 +68797,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the resource evaluation summaries for an AWS account in an AWS Region", - "privilege": "ListResourceEvaluations", + "access_level": "Write", + "description": "Grants permission to start an asynchronous SNOMED-CT linking job for a collection of documents", + "privilege": "StartSNOMEDCTInferenceJob", "resource_types": [ { "condition_keys": [], @@ -63664,9 +68809,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the stored queries for an AWS account in an AWS Region", - "privilege": "ListStoredQueries", + "access_level": "Write", + "description": "Grants permission to stop a medical entity detection job", + "privilege": "StopEntitiesDetectionV2Job", "resource_types": [ { "condition_keys": [], @@ -63676,327 +68821,327 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list the tags for AWS Config resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to stop an ICD-10-CM linking job", + "privilege": "StopICD10CMInferenceJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "AggregationAuthorization" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ConfigRule" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ConfigurationAggregator" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ConfigurationRecorder" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ConformancePack" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "OrganizationConfigRule" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "OrganizationConformancePack" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "StoredQuery" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to authorize the aggregator account and region to collect data from the source account and region", - "privilege": "PutAggregationAuthorization", + "description": "Grants permission to stop a PHI entity detection job", + "privilege": "StopPHIDetectionJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "AggregationAuthorization*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to add or update an AWS Config rule for evaluating whether your AWS resources comply with your desired configurations", - "privilege": "PutConfigRule", + "description": "Grants permission to stop an RxNorm linking job", + "privilege": "StopRxNormInferenceJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfigRule*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create and update the configuration aggregator with the selected source accounts and regions", - "privilege": "PutConfigurationAggregator", + "description": "Grants permission to stop a SNOMED-CT linking job", + "privilege": "StopSNOMEDCTInferenceJob", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:PassRole", - "organizations:EnableAWSServiceAccess", - "organizations:ListDelegatedAdministrators" - ], - "resource_type": "ConfigurationAggregator*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], "resource_type": "" } ] - }, + } + ], + "resources": [], + "service_name": "Amazon Comprehend Medical" + }, + { + "conditions": [ + { + "condition": "compute-optimizer:ResourceType", + "description": "Filters access by the resource type", + "type": "String" + } + ], + "prefix": "compute-optimizer", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to create or update a customer managed configuration recorder to record the selected resource configurations", - "privilege": "PutConfigurationRecorder", + "description": "Grants permission to delete recommendation preferences", + "privilege": "DeleteRecommendationPreferences", "resource_types": [ { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "compute-optimizer:ResourceType" ], "dependent_actions": [ - "iam:PassRole" + "autoscaling:DescribeAutoScalingGroups", + "ec2:DescribeInstances", + "rds:DescribeDBClusters", + "rds:DescribeDBInstances" ], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create or update a conformance pack", - "privilege": "PutConformancePack", + "access_level": "List", + "description": "Grants permission to view the status of recommendation export jobs", + "privilege": "DescribeRecommendationExportJobs", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:CreateServiceLinkedRole", - "iam:PassRole", - "s3:GetObject", - "s3:ListBucket", - "ssm:GetDocument" - ], - "resource_type": "ConformancePack*" + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a delivery channel object to deliver configuration information to an Amazon S3 bucket and Amazon SNS topic", - "privilege": "PutDeliveryChannel", + "description": "Grants permission to export AutoScaling group recommendations to S3 for the provided accounts", + "privilege": "ExportAutoScalingGroupRecommendations", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "autoscaling:DescribeAutoScalingGroups", + "compute-optimizer:GetAutoScalingGroupRecommendations" + ], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to be used by an AWS Lambda function to deliver evaluation results to AWS Config", - "privilege": "PutEvaluations", + "description": "Grants permission to export EBS volume recommendations to S3 for the provided accounts", + "privilege": "ExportEBSVolumeRecommendations", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "compute-optimizer:GetEBSVolumeRecommendations", + "ec2:DescribeVolumes" + ], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to deliver evaluation result to AWS Config", - "privilege": "PutExternalEvaluation", + "description": "Grants permission to export EC2 instance recommendations to S3 for the provided accounts", + "privilege": "ExportEC2InstanceRecommendations", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "ConfigRule*" + "dependent_actions": [ + "compute-optimizer:GetEC2InstanceRecommendations", + "ec2:DescribeInstances" + ], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to add or update organization config rule for your entire organization evaluating whether your AWS resources comply with your desired configurations", - "privilege": "PutOrganizationConfigRule", + "description": "Grants permission to export ECS service recommendations to S3 for the provided accounts", + "privilege": "ExportECSServiceRecommendations", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "iam:CreateServiceLinkedRole", - "iam:PassRole", - "organizations:EnableAWSServiceAccess", - "organizations:ListDelegatedAdministrators" + "compute-optimizer:GetECSServiceRecommendations", + "ecs:ListClusters", + "ecs:ListServices" ], - "resource_type": "OrganizationConfigRule*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to add or update organization conformance pack for your entire organization evaluating whether your AWS resources comply with your desired configurations", - "privilege": "PutOrganizationConformancePack", + "description": "Grants permission to export idle recommendations to S3 for the provided accounts", + "privilege": "ExportIdleRecommendations", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "iam:CreateServiceLinkedRole", - "iam:PassRole", - "organizations:EnableAWSServiceAccess", - "organizations:ListDelegatedAdministrators", - "s3:GetObject" + "compute-optimizer:GetIdleRecommendations" ], - "resource_type": "OrganizationConformancePack*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to add or update the remediation configuration with a specific AWS Config rule with the selected target or action", - "privilege": "PutRemediationConfigurations", - "resource_types": [ + "description": "Grants permission to export Lambda function recommendations to S3 for the provided accounts", + "privilege": "ExportLambdaFunctionRecommendations", + "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "iam:PassRole" + "compute-optimizer:GetLambdaFunctionRecommendations", + "lambda:ListFunctions", + "lambda:ListProvisionedConcurrencyConfigs" ], - "resource_type": "RemediationConfiguration*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to add or update remediation exceptions for specific resources for a specific AWS Config rule", - "privilege": "PutRemediationExceptions", + "description": "Grants permission to export license recommendations to S3 for the provided account(s)", + "privilege": "ExportLicenseRecommendations", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "compute-optimizer:GetLicenseRecommendations", + "ec2:DescribeInstances" + ], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to record the configuration state for the resource provided in the request", - "privilege": "PutResourceConfig", + "description": "Grants permission to export rds recommendations to S3 for the provided accounts", + "privilege": "ExportRDSDatabaseRecommendations", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "compute-optimizer:GetRDSDatabaseRecommendations", + "rds:DescribeDBClusters", + "rds:DescribeDBInstances" + ], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create and update the retention configuration with details about retention period (number of days) that AWS Config stores your historical information", - "privilege": "PutRetentionConfiguration", + "access_level": "List", + "description": "Grants permission to get recommendations for the provided AutoScaling groups", + "privilege": "GetAutoScalingGroupRecommendations", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "autoscaling:DescribeAutoScalingGroups" + ], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new service-linked configuration recorder to record the resource configurations in scope for the linked service", - "privilege": "PutServiceLinkedConfigurationRecorder", + "access_level": "List", + "description": "Grants permission to get recommendations for the provided EBS volumes", + "privilege": "GetEBSVolumeRecommendations", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "config:ConfigurationRecorderServicePrincipal" - ], + "condition_keys": [], "dependent_actions": [ - "iam:CreateServiceLinkedRole", - "iam:PassRole" + "ec2:DescribeVolumes" ], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to save a new query or updates an existing saved query", - "privilege": "PutStoredQuery", + "access_level": "List", + "description": "Grants permission to get recommendations for the provided EC2 instances", + "privilege": "GetEC2InstanceRecommendations", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "StoredQuery*" - }, + "dependent_actions": [ + "ec2:DescribeInstances" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to get the recommendation projected metrics of the specified instance", + "privilege": "GetEC2RecommendationProjectedMetrics", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "condition_keys": [], + "dependent_actions": [ + "ec2:DescribeInstances" ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to accept a structured query language (SQL) SELECT command and an aggregator to query configuration state of AWS resources across multiple accounts and regions, performs the corresponding search, and returns resource configurations matching the properties", - "privilege": "SelectAggregateResourceConfig", + "access_level": "List", + "description": "Grants permission to get the recommendation projected metrics of the specified ECS service", + "privilege": "GetECSServiceRecommendationProjectedMetrics", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfigurationAggregator*" + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to get recommendations for the provided ECS services", + "privilege": "GetECSServiceRecommendations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "ecs:ListClusters", + "ecs:ListServices" + ], + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to accept a structured query language (SQL) SELECT command, performs the corresponding search, and returns resource configurations matching the properties", - "privilege": "SelectResourceConfig", + "description": "Grants permission to get recommendation preferences that are in effect", + "privilege": "GetEffectiveRecommendationPreferences", + "resource_types": [ + { + "condition_keys": [ + "compute-optimizer:ResourceType" + ], + "dependent_actions": [ + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:DescribeAutoScalingInstances", + "ec2:DescribeInstances", + "rds:DescribeDBClusters", + "rds:DescribeDBInstances" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to get the enrollment status for the specified account", + "privilege": "GetEnrollmentStatus", "resource_types": [ { "condition_keys": [], @@ -64006,118 +69151,96 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to evaluate your resources against the specified Config rules", - "privilege": "StartConfigRulesEvaluation", + "access_level": "List", + "description": "Grants permission to get the enrollment statuses for member accounts of the organization", + "privilege": "GetEnrollmentStatusesForOrganization", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfigRule*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to the customer managed configuration recorder to start recording configurations of the AWS resources you have selected to record in your AWS account", - "privilege": "StartConfigurationRecorder", + "access_level": "List", + "description": "Grants permission to get idle recommendations for the specified account(s)", + "privilege": "GetIdleRecommendations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfigurationRecorder*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to run an on-demand remediation for the specified AWS Config rules against the last known remediation configuration", - "privilege": "StartRemediationExecution", + "access_level": "List", + "description": "Grants permission to get recommendations for the provided Lambda functions", + "privilege": "GetLambdaFunctionRecommendations", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "iam:PassRole" + "lambda:ListFunctions", + "lambda:ListProvisionedConcurrencyConfigs" ], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to evaluate your resource details against the AWS Config rules in your account", - "privilege": "StartResourceEvaluation", + "access_level": "List", + "description": "Grants permission to get license recommendations for the specified account(s)", + "privilege": "GetLicenseRecommendations", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "cloudformation:DescribeType" + "ec2:DescribeInstances" ], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to the customer managed configuration recorder to stop recording configurations of the AWS resources you have selected to record in your AWS account", - "privilege": "StopConfigurationRecorder", + "access_level": "List", + "description": "Grants permission to get the recommendation projected metrics of the specified instance", + "privilege": "GetRDSDatabaseRecommendationProjectedMetrics", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "ConfigurationRecorder*" + "dependent_actions": [ + "rds:DescribeDBClusters", + "rds:DescribeDBInstances" + ], + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to associate the specified tags to a resource with the specified resourceArn", - "privilege": "TagResource", + "access_level": "List", + "description": "Grants permission to get rds recommendations for the specified account(s)", + "privilege": "GetRDSDatabaseRecommendations", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "AggregationAuthorization" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ConfigRule" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ConfigurationAggregator" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ConfigurationRecorder" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ConformancePack" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "OrganizationConfigRule" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "OrganizationConformancePack" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "StoredQuery" - }, + "dependent_actions": [ + "rds:DescribeDBClusters", + "rds:DescribeDBInstances" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get recommendation preferences", + "privilege": "GetRecommendationPreferences", + "resource_types": [ { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "compute-optimizer:ResourceType" ], "dependent_actions": [], "resource_type": "" @@ -64125,387 +69248,181 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to delete specified tags from a resource", - "privilege": "UntagResource", + "access_level": "List", + "description": "Grants permission to get the recommendation summaries for the specified account(s)", + "privilege": "GetRecommendationSummaries", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "AggregationAuthorization" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ConfigRule" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ConfigurationAggregator" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ConfigurationRecorder" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ConformancePack" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "OrganizationConfigRule" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "OrganizationConformancePack" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "StoredQuery" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to put recommendation preferences", + "privilege": "PutRecommendationPreferences", + "resource_types": [ { "condition_keys": [ - "aws:TagKeys" + "compute-optimizer:ResourceType" + ], + "dependent_actions": [ + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:DescribeAutoScalingInstances", + "ec2:DescribeInstances", + "rds:DescribeDBClusters", + "rds:DescribeDBInstances" ], - "dependent_actions": [], "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:config:${Region}:${Account}:aggregation-authorization/${AggregatorAccount}/${AggregatorRegion}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "AggregationAuthorization" - }, - { - "arn": "arn:${Partition}:config:${Region}:${Account}:config-aggregator/${AggregatorId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "ConfigurationAggregator" - }, - { - "arn": "arn:${Partition}:config:${Region}:${Account}:config-rule/${ConfigRuleId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "ConfigRule" - }, - { - "arn": "arn:${Partition}:config:${Region}:${Account}:conformance-pack/${ConformancePackName}/${ConformancePackId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "ConformancePack" - }, - { - "arn": "arn:${Partition}:config:${Region}:${Account}:organization-config-rule/${OrganizationConfigRuleId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "OrganizationConfigRule" - }, - { - "arn": "arn:${Partition}:config:${Region}:${Account}:organization-conformance-pack/${OrganizationConformancePackId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "OrganizationConformancePack" - }, - { - "arn": "arn:${Partition}:config:${Region}:${Account}:remediation-configuration/${RemediationConfigurationId}", - "condition_keys": [], - "resource": "RemediationConfiguration" - }, - { - "arn": "arn:${Partition}:config:${Region}:${Account}:stored-query/${StoredQueryName}/${StoredQueryId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "StoredQuery" }, { - "arn": "arn:${Partition}:config:${Region}:${Account}:configuration-recorder/${RecorderName}/${RecorderId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "ConfigurationRecorder" + "access_level": "Write", + "description": "Grants permission to update the enrollment status", + "privilege": "UpdateEnrollmentStatus", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] } ], - "service_name": "AWS Config" + "resources": [], + "service_name": "AWS Compute Optimizer" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by using tag key-value pairs in the request", + "description": "Filters access by the allowed set of values for each of the tags", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by using tag key-value pairs attached to the resource", + "description": "Filters access by tag-value associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by using tag keys in the request", - "type": "ArrayOfString" - }, - { - "condition": "connect:AssignmentType", - "description": "Filters access by restricting access to create contacts based on Assignment Type", - "type": "String" - }, - { - "condition": "connect:AttributeType", - "description": "Filters access by the attribute type of the Amazon Connect instance", - "type": "String" - }, - { - "condition": "connect:ContactInitiationMethod", - "description": "Filters access by restricting access to create contacts based on the initiation method of the contact", - "type": "String" - }, - { - "condition": "connect:FlowType", - "description": "Filters access by Flow type", - "type": "ArrayOfString" - }, - { - "condition": "connect:InstanceId", - "description": "Filters access by restricting federation into specified Amazon Connect instances", - "type": "String" - }, - { - "condition": "connect:MonitorCapabilities", - "description": "Filters access by restricting the monitor capabilities of the user in the request", - "type": "ArrayOfString" - }, - { - "condition": "connect:SearchContactsByContactAnalysis", - "description": "Filters access by restricting searches using analysis outputs from Amazon Connect Contact Lens", + "description": "Filters access by the presence of mandatory tags in the request", "type": "ArrayOfString" }, { - "condition": "connect:SearchTag/${TagKey}", - "description": "Filters access by TagFilter condition passed in the search request", - "type": "String" - }, - { - "condition": "connect:StorageResourceType", - "description": "Filters access by restricting the storage resource type of the Amazon Connect instance storage configuration", - "type": "String" - }, - { - "condition": "connect:Subtype", - "description": "Filters access by restricting creation of a contact for specific subtypes", + "condition": "config:ConfigurationRecorderServicePrincipal", + "description": "Filters access by service principal of the configuration recorder", "type": "String" - }, - { - "condition": "connect:UserArn", - "description": "Filters access by UserArn", - "type": "ARN" } ], - "prefix": "connect", + "prefix": "config", "privileges": [ { "access_level": "Write", - "description": "Grants permission to activate an evaluation form in the specified Amazon Connect instance. After the evaluation form is activated, it is available to start new evaluations based on the form", - "privilege": "ActivateEvaluationForm", + "description": "Grants permission to add all specified resource types to the RecordingGroup of configuration recorder and includes those resource types when recording", + "privilege": "AssociateResourceTypes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "evaluation-form*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "ConfigurationRecorder*" } ] }, { - "access_level": "Write", - "description": "Grants permission to federate into an Amazon Connect instance (Log in for emergency access functionality in the Amazon Connect console)", - "privilege": "AdminGetEmergencyAccessToken", + "access_level": "Read", + "description": "Grants permission to return the current configuration items for resources that are present in your AWS Config aggregator", + "privilege": "BatchGetAggregateResourceConfig", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "connect:DescribeInstance", - "connect:ListInstances", - "ds:DescribeDirectories" - ], - "resource_type": "instance*" + "dependent_actions": [], + "resource_type": "ConfigurationAggregator*" } ] }, { - "access_level": "Write", - "description": "Grants permission to grant access and to associate a dataset with the specified AWS account", - "privilege": "AssociateAnalyticsDataSet", + "access_level": "Read", + "description": "Grants permission to return the current configuration for one or more requested resources", + "privilege": "BatchGetResourceConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to associate approved origin for an existing Amazon Connect instance", - "privilege": "AssociateApprovedOrigin", + "description": "Grants permission to delete the authorization granted to the specified configuration aggregator account in a specified region", + "privilege": "DeleteAggregationAuthorization", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "AggregationAuthorization*" } ] }, { "access_level": "Write", - "description": "Grants permission to associate a Lex bot for an existing Amazon Connect instance", - "privilege": "AssociateBot", + "description": "Grants permission to delete the specified AWS Config rule and all of its evaluation results", + "privilege": "DeleteConfigRule", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:AttachRolePolicy", - "iam:CreateServiceLinkedRole", - "iam:PutRolePolicy", - "lex:CreateResourcePolicy", - "lex:DescribeBotAlias", - "lex:GetBot", - "lex:UpdateResourcePolicy" - ], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "ConfigRule*" } ] }, { "access_level": "Write", - "description": "Grants permission to associate a Customer Profiles domain for an existing Amazon Connect instance", - "privilege": "AssociateCustomerProfilesDomain", + "description": "Grants permission to delete the specified configuration aggregator and the aggregated data associated with the aggregator", + "privilege": "DeleteConfigurationAggregator", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:AttachRolePolicy", - "iam:CreateServiceLinkedRole", - "iam:PutRolePolicy", - "profile:GetDomain" - ], - "resource_type": "instance*" + "dependent_actions": [], + "resource_type": "ConfigurationAggregator*" } ] }, { "access_level": "Write", - "description": "Grants permission to default vocabulary for an existing Amazon Connect instance", - "privilege": "AssociateDefaultVocabulary", + "description": "Grants permission to delete the customer managed configuration recorder", + "privilege": "DeleteConfigurationRecorder", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "ConfigurationRecorder*" } ] }, { "access_level": "Write", - "description": "Grants permission to associate a resource with a flow in an Amazon Connect instance", - "privilege": "AssociateFlow", + "description": "Grants permission to delete the specified conformance pack and all the AWS Config rules and all evaluation results within that conformance pack", + "privilege": "DeleteConformancePack", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-flow*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "wildcard-phone-number*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "ConformancePack*" } ] }, { "access_level": "Write", - "description": "Grants permission to associate instance storage for an existing Amazon Connect instance", - "privilege": "AssociateInstanceStorageConfig", + "description": "Grants permission to delete the delivery channel", + "privilege": "DeleteDeliveryChannel", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ds:DescribeDirectories", - "firehose:DescribeDeliveryStream", - "iam:AttachRolePolicy", - "iam:CreateServiceLinkedRole", - "iam:PutRolePolicy", - "kinesis:DescribeStream", - "kms:CreateGrant", - "kms:DescribeKey", - "s3:GetBucketAcl", - "s3:GetBucketLocation" - ], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:StorageResourceType", - "connect:InstanceId" - ], "dependent_actions": [], "resource_type": "" } @@ -64513,137 +69430,113 @@ }, { "access_level": "Write", - "description": "Grants permission to associate a Lambda function for an existing Amazon Connect instance", - "privilege": "AssociateLambdaFunction", + "description": "Grants permission to delete the evaluation results for the specified Config rule", + "privilege": "DeleteEvaluationResults", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "lambda:AddPermission" - ], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "ConfigRule*" } ] }, { "access_level": "Write", - "description": "Grants permission to associate a Lex bot for an existing Amazon Connect instance", - "privilege": "AssociateLexBot", + "description": "Grants permission to delete the specified organization config rule and all of its evaluation results from all member accounts in that organization", + "privilege": "DeleteOrganizationConfigRule", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:AttachRolePolicy", - "iam:CreateServiceLinkedRole", - "iam:PutRolePolicy", - "lex:GetBot" - ], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "OrganizationConfigRule*" } ] }, { "access_level": "Write", - "description": "Grants permission to associate contact flow resources to phone number resources in an Amazon Connect instance", - "privilege": "AssociatePhoneNumberContactFlow", + "description": "Grants permission to delete the specified organization conformance pack and all of its evaluation results from all member accounts in that organization", + "privilege": "DeleteOrganizationConformancePack", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-flow*" - }, + "resource_type": "OrganizationConformancePack*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete pending authorization requests for a specified aggregator account in a specified region", + "privilege": "DeletePendingAggregationRequest", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "phone-number*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to associate quick connects with a queue in an Amazon Connect instance", - "privilege": "AssociateQueueQuickConnects", + "description": "Grants permission to delete the remediation configuration", + "privilege": "DeleteRemediationConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "queue*" - }, + "resource_type": "RemediationConfiguration*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete one or more remediation exceptions for specific resource keys for a specific AWS Config Rule", + "privilege": "DeleteRemediationExceptions", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "quick-connect*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to associate queues with a routing profile in an Amazon Connect instance", - "privilege": "AssociateRoutingProfileQueues", + "description": "Grants permission to record the configuration state for a custom resource that has been deleted", + "privilege": "DeleteResourceConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "queue*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the retention configuration", + "privilege": "DeleteRetentionConfiguration", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "routing-profile*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to associate a security key for an existing Amazon Connect instance", - "privilege": "AssociateSecurityKey", + "description": "Grants permission to delete the service-linked configuration recorder", + "privilege": "DeleteServiceLinkedConfigurationRecorder", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "ConfigurationRecorder*" }, { "condition_keys": [ - "connect:InstanceId" + "config:ConfigurationRecorderServicePrincipal" ], "dependent_actions": [], "resource_type": "" @@ -64652,190 +69545,149 @@ }, { "access_level": "Write", - "description": "Grants permission to associate a user to a traffic distribution group in the specified Amazon Connect instance", - "privilege": "AssociateTrafficDistributionGroupUser", + "description": "Grants permission to delete the stored query for an AWS account in an AWS Region", + "privilege": "DeleteStoredQuery", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "connect:DescribeUser", - "connect:SearchUsers" - ], - "resource_type": "instance*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "traffic-distribution-group*" - }, + "resource_type": "StoredQuery*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to schedule delivery of a configuration snapshot to the Amazon S3 bucket in the specified delivery channel", + "privilege": "DeliverConfigSnapshot", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" - }, - { - "condition_keys": [ - "connect:InstanceId", - "aws:ResourceTag/${TagKey}", - "connect:SearchTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to associate user proficiencies to a user in an Amazon Connect instance", - "privilege": "AssociateUserProficiencies", + "access_level": "Read", + "description": "Grants permission to return a list of compliant and noncompliant rules with the number of resources for compliant and noncompliant rules", + "privilege": "DescribeAggregateComplianceByConfigRules", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, + "resource_type": "ConfigurationAggregator*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return a list of compliant and noncompliant conformance packs along with count of compliant, non-compliant and total rules within each conformance pack", + "privilege": "DescribeAggregateComplianceByConformancePacks", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" - }, + "resource_type": "ConfigurationAggregator*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to return a list of authorizations granted to various aggregator accounts and regions", + "privilege": "DescribeAggregationAuthorizations", + "resource_types": [ { - "condition_keys": [ - "connect:InstanceId" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to grant access and to associate the datasets with the specified AWS account", - "privilege": "BatchAssociateAnalyticsDataSet", + "access_level": "Read", + "description": "Grants permission to indicate whether the specified AWS Config rules are compliant", + "privilege": "DescribeComplianceByConfigRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to revoke access and to disassociate the datasets with the specified AWS account", - "privilege": "BatchDisassociateAnalyticsDataSet", + "access_level": "Read", + "description": "Grants permission to indicate whether the specified AWS resources are compliant", + "privilege": "DescribeComplianceByResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get metadata for multiple attached files from an Amazon Connect instance", - "privilege": "BatchGetAttachedFileMetadata", + "description": "Grants permission to return status information for each of your AWS managed Config rules", + "privilege": "DescribeConfigRuleEvaluationStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "attached-file*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to get summary information about the flow associations for the specified Amazon Connect instance", - "privilege": "BatchGetFlowAssociation", + "description": "Grants permission to return details about your AWS Config rules", + "privilege": "DescribeConfigRules", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "wildcard-phone-number*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to put contacts in an Amazon Connect instance", - "privilege": "BatchPutContact", + "access_level": "Read", + "description": "Grants permission to return status information for sources within an aggregator", + "privilege": "DescribeConfigurationAggregatorSourcesStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, + "resource_type": "ConfigurationAggregator*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to return the details of one or more configuration aggregators", + "privilege": "DescribeConfigurationAggregators", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "queue" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to claim phone number resources in an Amazon Connect instance or traffic distribution group", - "privilege": "ClaimPhoneNumber", + "access_level": "Read", + "description": "Grants permission to return the current status of the specified configuration recorder", + "privilege": "DescribeConfigurationRecorderStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "traffic-distribution-group*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "wildcard-phone-number*" + "resource_type": "ConfigurationRecorder*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "connect:InstanceId" + "config:ConfigurationRecorderServicePrincipal" ], "dependent_actions": [], "resource_type": "" @@ -64843,20 +69695,18 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to complete an attached file upload in an Amazon Connect instance", - "privilege": "CompleteAttachedFileUpload", + "access_level": "Read", + "description": "Grants permission to return the names of one or more specified configuration recorders", + "privilege": "DescribeConfigurationRecorders", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "attached-file*" + "resource_type": "ConfigurationRecorder*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "connect:InstanceId" + "config:ConfigurationRecorderServicePrincipal" ], "dependent_actions": [], "resource_type": "" @@ -64864,294 +69714,168 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create agent status in an Amazon Connect instance", - "privilege": "CreateAgentStatus", + "access_level": "Read", + "description": "Grants permission to return compliance information for each rule in that conformance pack", + "privilege": "DescribeConformancePackCompliance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "agent-status*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "ConformancePack*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create authentication profile resources in an Amazon Connect instance", - "privilege": "CreateAuthenticationProfile", + "access_level": "Read", + "description": "Grants permission to provide one or more conformance packs deployment status", + "privilege": "DescribeConformancePackStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "authentication-profile*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new contact using the Amazon Connect API", - "privilege": "CreateContact", + "access_level": "List", + "description": "Grants permission to return a list of one or more conformance packs", + "privilege": "DescribeConformancePacks", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return the current status of the specified delivery channel", + "privilege": "DescribeDeliveryChannelStatus", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId", - "connect:ContactInitiationMethod" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a contact flow in an Amazon Connect instance", - "privilege": "CreateContactFlow", + "access_level": "List", + "description": "Grants permission to return details about the specified delivery channel", + "privilege": "DescribeDeliveryChannels", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-flow*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "connect:InstanceId", - "connect:FlowType" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a contact flow module in an Amazon Connect instance", - "privilege": "CreateContactFlowModule", + "access_level": "Read", + "description": "Grants permission to provide organization config rule deployment status for an organization", + "privilege": "DescribeOrganizationConfigRuleStatuses", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-flow-module*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a version a flow in an Amazon Connect instance", - "privilege": "CreateContactFlowVersion", + "access_level": "List", + "description": "Grants permission to return a list of organization config rules", + "privilege": "DescribeOrganizationConfigRules", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-flow*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId", - "connect:FlowType" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an email address resource in an Amazon Connect instance", - "privilege": "CreateEmailAddress", + "access_level": "Read", + "description": "Grants permission to provide organization conformance pack deployment status for an organization", + "privilege": "DescribeOrganizationConformancePackStatuses", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an evaluation form in the specified Amazon Connect instance. The form can be used to define questions related to agent performance, and create sections to organize such questions. Question and section identifiers cannot be duplicated within the same evaluation form", - "privilege": "CreateEvaluationForm", + "access_level": "List", + "description": "Grants permission to return a list of organization conformance packs", + "privilege": "DescribeOrganizationConformancePacks", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "evaluation-form*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create hours of operation in an Amazon Connect instance", - "privilege": "CreateHoursOfOperation", + "access_level": "List", + "description": "Grants permission to return a list of all pending aggregation requests", + "privilege": "DescribePendingAggregationRequests", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "hours-of-operation*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an hours of operation override in an Amazon Connect instance", - "privilege": "CreateHoursOfOperationOverride", + "access_level": "List", + "description": "Grants permission to return the details of one or more remediation configurations", + "privilege": "DescribeRemediationConfigurations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "hours-of-operation*" - }, + "resource_type": "RemediationConfiguration*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to return the details of one or more remediation exceptions", + "privilege": "DescribeRemediationExceptions", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new Amazon Connect instance", - "privilege": "CreateInstance", + "access_level": "Read", + "description": "Grants permission to provide a detailed view of a Remediation Execution for a set of resources including state, timestamps and any error messages for steps that have failed", + "privilege": "DescribeRemediationExecutionStatus", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "ds:AuthorizeApplication", - "ds:CheckAlias", - "ds:CreateAlias", - "ds:CreateDirectory", - "ds:CreateIdentityPoolDirectory", - "ds:DeleteDirectory", - "ds:DescribeDirectories", - "ds:UnauthorizeApplication", - "iam:AttachRolePolicy", - "iam:CreateServiceLinkedRole", - "iam:PutRolePolicy" - ], - "resource_type": "" + "condition_keys": [], + "dependent_actions": [], + "resource_type": "RemediationConfiguration*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an integration association with an Amazon Connect instance", - "privilege": "CreateIntegrationAssociation", + "access_level": "List", + "description": "Grants permission to return the details of one or more retention configurations", + "privilege": "DescribeRetentionConfigurations", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "app-integrations:CreateApplicationAssociation", - "app-integrations:CreateEventIntegrationAssociation", - "app-integrations:GetApplication", - "cases:GetDomain", - "chime:AssociateVoiceConnectorConnect", - "chime:DisassociateVoiceConnectorConnect", - "chime:TagResource", - "chime:UntagResource", - "connect:DescribeInstance", - "ds:DescribeDirectories", - "events:PutRule", - "events:PutTargets", - "iam:AttachRolePolicy", - "iam:CreateServiceLinkedRole", - "iam:PutRolePolicy", - "mobiletargeting:GetApp", - "voiceid:DescribeDomain", - "wisdom:GetAssistant", - "wisdom:GetKnowledgeBase", - "wisdom:TagResource" - ], - "resource_type": "instance*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "integration-association*" - }, - { - "condition_keys": [ - "connect:InstanceId", - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], "resource_type": "" } @@ -65159,627 +69883,377 @@ }, { "access_level": "Write", - "description": "Grants permission to add a participant to an ongoing contact", - "privilege": "CreateParticipant", + "description": "Grants permission to remove all specified resource types from the RecordingGroup of configuration recorder and excludes these resource types when recording", + "privilege": "DisassociateResourceTypes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "ConfigurationRecorder*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create persistent contact associations for a contact", - "privilege": "CreatePersistentContactAssociation", + "access_level": "Read", + "description": "Grants permission to return the evaluation results for the specified AWS Config rule for a specific resource in a rule", + "privilege": "GetAggregateComplianceDetailsByConfigRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "ConfigurationAggregator*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a predefined attribute in an Amazon Connect instance", - "privilege": "CreatePredefinedAttribute", + "access_level": "Read", + "description": "Grants permission to return the number of compliant and noncompliant rules for one or more accounts and regions in an aggregator", + "privilege": "GetAggregateConfigRuleComplianceSummary", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "ConfigurationAggregator*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a prompt in an Amazon Connect instance", - "privilege": "CreatePrompt", + "access_level": "Read", + "description": "Grants permission to return the number of compliant and noncompliant conformance packs for one or more accounts and regions in an aggregator", + "privilege": "GetAggregateConformancePackComplianceSummary", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "kms:Decrypt", - "s3:GetObject", - "s3:GetObjectAcl" - ], - "resource_type": "prompt*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "connect:InstanceId" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "ConfigurationAggregator*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a push notification registration for an Amazon Connect instance", - "privilege": "CreatePushNotificationRegistration", + "access_level": "Read", + "description": "Grants permission to return the resource counts across accounts and regions that are present in your AWS Config aggregator", + "privilege": "GetAggregateDiscoveredResourceCounts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "ConfigurationAggregator*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a queue in an Amazon Connect instance", - "privilege": "CreateQueue", + "access_level": "Read", + "description": "Grants permission to return configuration item that is aggregated for your specific resource in a specific source account and region", + "privilege": "GetAggregateResourceConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "hours-of-operation*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "queue*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-flow" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "phone-number" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "quick-connect" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "ConfigurationAggregator*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a quick connect in an Amazon Connect instance", - "privilege": "CreateQuickConnect", + "access_level": "Read", + "description": "Grants permission to return the evaluation results for the specified AWS Config rule", + "privilege": "GetComplianceDetailsByConfigRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "quick-connect*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-flow" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "queue" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "user" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "ConfigRule*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a routing profile in an Amazon Connect instance", - "privilege": "CreateRoutingProfile", + "access_level": "Read", + "description": "Grants permission to return the evaluation results for the specified AWS resource", + "privilege": "GetComplianceDetailsByResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "queue*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "routing-profile*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a rule in an Amazon Connect instance", - "privilege": "CreateRule", + "access_level": "Read", + "description": "Grants permission to return the number of AWS Config rules that are compliant and noncompliant, up to a maximum of 25 for each", + "privilege": "GetComplianceSummaryByConfigRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a security profile for the specified Amazon Connect instance", - "privilege": "CreateSecurityProfile", + "access_level": "Read", + "description": "Grants permission to return the number of resources that are compliant and the number that are noncompliant", + "privilege": "GetComplianceSummaryByResourceType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "security-profile*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a task template in an Amazon Connect instance", - "privilege": "CreateTaskTemplate", + "access_level": "Read", + "description": "Grants permission to return compliance details of a conformance pack for all AWS resources that are monitered by conformance pack", + "privilege": "GetConformancePackComplianceDetails", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "task-template*" + "resource_type": "ConformancePack*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a traffic distribution group", - "privilege": "CreateTrafficDistributionGroup", + "access_level": "Read", + "description": "Grants permission to provide compliance summary for one or more conformance packs", + "privilege": "GetConformancePackComplianceSummary", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "traffic-distribution-group*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "ConformancePack*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a use case for an integration association", - "privilege": "CreateUseCase", + "access_level": "Read", + "description": "Grants permission to return the policy definition containing the logic for your AWS Config Custom Policy rule", + "privilege": "GetCustomRulePolicy", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "connect:DescribeInstance", - "ds:DescribeDirectories" - ], - "resource_type": "instance*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "integration-association*" - }, + "resource_type": "ConfigRule*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return the resource types, the number of each resource type, and the total number of resources that AWS Config is recording in this region for your AWS account", + "privilege": "GetDiscoveredResourceCounts", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "use-case*" - }, - { - "condition_keys": [ - "connect:InstanceId", - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a user for the specified Amazon Connect instance", - "privilege": "CreateUser", + "access_level": "Read", + "description": "Grants permission to return detailed status for each member account within an organization for a given organization config rule", + "privilege": "GetOrganizationConfigRuleDetailedStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "routing-profile*" - }, + "resource_type": "OrganizationConfigRule*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return detailed status for each member account within an organization for a given organization conformance pack", + "privilege": "GetOrganizationConformancePackDetailedStatus", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "security-profile*" - }, + "resource_type": "OrganizationConformancePack*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return the policy definition containing the logic for your organization AWS Config Custom Policy rule", + "privilege": "GetOrganizationCustomRulePolicy", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" - }, + "resource_type": "OrganizationConfigRule*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return a list of configuration items for the specified resource", + "privilege": "GetResourceConfigHistory", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "hierarchy-group" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a user hierarchy group in an Amazon Connect instance", - "privilege": "CreateUserHierarchyGroup", + "access_level": "Read", + "description": "Grants permission to return the summary of resource evaluations for a specific resource evaluation ID", + "privilege": "GetResourceEvaluationSummary", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "hierarchy-group" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a view in an Amazon Connect instance", - "privilege": "CreateView", + "access_level": "Read", + "description": "Grants permission to return the details of a specific stored query", + "privilege": "GetStoredQuery", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "customer-managed-view*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "StoredQuery*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a view version in an Amazon Connect instance", - "privilege": "CreateViewVersion", + "access_level": "List", + "description": "Grants permission to accept a resource type and returns a list of resource identifiers that are aggregated for a specific resource type across accounts and regions", + "privilege": "ListAggregateDiscoveredResources", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "customer-managed-view*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "ConfigurationAggregator*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a vocabulary in an Amazon Connect instance", - "privilege": "CreateVocabulary", + "access_level": "List", + "description": "Grants permission to list the configuration recorder summaries for an AWS account in an AWS Region", + "privilege": "ListConfigurationRecorders", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vocabulary*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to deactivate an evaluation form in the specified Amazon Connect instance. After a form is deactivated, it is no longer available for users to start new evaluations based on the form", - "privilege": "DeactivateEvaluationForm", + "access_level": "List", + "description": "Grants permission to return the percentage of compliant rule-resource combinations in a conformance pack compared to the number of total possible rule-resource combinations", + "privilege": "ListConformancePackComplianceScores", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "evaluation-form*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an attached file from an Amazon Connect instance", - "privilege": "DeleteAttachedFile", + "access_level": "List", + "description": "Grants permission to accept a resource type and returns a list of resource identifiers for the resources of that type", + "privilege": "ListDiscoveredResources", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "cases:DeleteRelatedItem" - ], - "resource_type": "attached-file*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "connect:InstanceId" - ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a contact evaluation in the specified Amazon Connect instance", - "privilege": "DeleteContactEvaluation", + "access_level": "List", + "description": "Grants permission to list the resource evaluation summaries for an AWS account in an AWS Region", + "privilege": "ListResourceEvaluations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-evaluation*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a contact flow in an Amazon Connect instance", - "privilege": "DeleteContactFlow", + "access_level": "List", + "description": "Grants permission to list the stored queries for an AWS account in an AWS Region", + "privilege": "ListStoredQueries", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-flow*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId", - "connect:FlowType" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a contact flow module in an Amazon Connect instance", - "privilege": "DeleteContactFlowModule", + "access_level": "Read", + "description": "Grants permission to list the tags for AWS Config resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-flow-module*" + "resource_type": "AggregationAuthorization" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a version of a flow in an Amazon Connect instance", - "privilege": "DeleteContactFlowVersion", - "resource_types": [ + "resource_type": "ConfigRule" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-flow*" + "resource_type": "ConfigurationAggregator" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId", - "connect:FlowType" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete an email address resource in an Amazon Connect instance", - "privilege": "DeleteEmailAddress", - "resource_types": [ + "resource_type": "ConfigurationRecorder" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "email-address*" + "resource_type": "ConformancePack" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete an evaluation form in the specified Amazon Connect instance. If the version property is provided, only the specified version of the evaluation form is deleted", - "privilege": "DeleteEvaluationForm", - "resource_types": [ + "resource_type": "OrganizationConfigRule" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "evaluation-form*" + "resource_type": "OrganizationConformancePack" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "StoredQuery" } ] }, { "access_level": "Write", - "description": "Grants permission to delete hours of operation in an Amazon Connect instance", - "privilege": "DeleteHoursOfOperation", + "description": "Grants permission to authorize the aggregator account and region to collect data from the source account and region", + "privilege": "PutAggregationAuthorization", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "hours-of-operation*" + "resource_type": "AggregationAuthorization*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -65788,22 +70262,18 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an hours of operation override in an Amazon Connect instance", - "privilege": "DeleteHoursOfOperationOverride", + "description": "Grants permission to add or update an AWS Config rule for evaluating whether your AWS resources comply with your desired configurations", + "privilege": "PutConfigRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "hours-of-operation*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "ConfigRule*" }, { "condition_keys": [ - "connect:InstanceId" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -65812,22 +70282,22 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an Amazon Connect instance. When you remove an instance, the link to an existing AWS directory is also removed", - "privilege": "DeleteInstance", + "description": "Grants permission to create and update the configuration aggregator with the selected source accounts and regions", + "privilege": "PutConfigurationAggregator", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "ds:DeleteDirectory", - "ds:DescribeDirectories", - "ds:UnauthorizeApplication" + "iam:PassRole", + "organizations:EnableAWSServiceAccess", + "organizations:ListDelegatedAdministrators" ], - "resource_type": "instance*" + "resource_type": "ConfigurationAggregator*" }, { "condition_keys": [ - "connect:InstanceId", - "aws:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -65836,30 +70306,20 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an integration association from an Amazon Connect instance. The association must not have any use cases associated with it", - "privilege": "DeleteIntegrationAssociation", + "description": "Grants permission to create or update a customer managed configuration recorder to record the selected resource configurations", + "privilege": "PutConfigurationRecorder", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "app-integrations:DeleteApplicationAssociation", - "app-integrations:DeleteEventIntegrationAssociation", - "connect:DescribeInstance", - "ds:DescribeDirectories", - "events:DeleteRule", - "events:ListTargetsByRule", - "events:RemoveTargets" + "iam:PassRole" ], - "resource_type": "instance*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "integration-association*" + "resource_type": "ConfigurationRecorder*" }, { "condition_keys": [ - "connect:InstanceId" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -65868,242 +70328,176 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a predefined attribute in an Amazon Connect instance", - "privilege": "DeletePredefinedAttribute", + "description": "Grants permission to create or update a conformance pack", + "privilege": "PutConformancePack", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId" + "dependent_actions": [ + "iam:CreateServiceLinkedRole", + "iam:PassRole", + "s3:GetObject", + "s3:ListBucket", + "ssm:GetDocument" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "ConformancePack*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a prompt in an Amazon Connect instance", - "privilege": "DeletePrompt", + "description": "Grants permission to create a delivery channel object to deliver configuration information to an Amazon S3 bucket and Amazon SNS topic", + "privilege": "PutDeliveryChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "prompt*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a push notification registration for an Amazon Connect instance", - "privilege": "DeletePushNotificationRegistration", + "description": "Grants permission to be used by an AWS Lambda function to deliver evaluation results to AWS Config", + "privilege": "PutEvaluations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a queue in an Amazon Connect instance", - "privilege": "DeleteQueue", + "description": "Grants permission to deliver evaluation result to AWS Config", + "privilege": "PutExternalEvaluation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "queue*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "ConfigRule*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a quick connect in an Amazon Connect instance", - "privilege": "DeleteQuickConnect", + "description": "Grants permission to add or update organization config rule for your entire organization evaluating whether your AWS resources comply with your desired configurations", + "privilege": "PutOrganizationConfigRule", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "quick-connect*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" + "dependent_actions": [ + "iam:CreateServiceLinkedRole", + "iam:PassRole", + "organizations:EnableAWSServiceAccess", + "organizations:ListDelegatedAdministrators" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "OrganizationConfigRule*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete routing profiles in an Amazon Connect instance", - "privilege": "DeleteRoutingProfile", + "description": "Grants permission to add or update organization conformance pack for your entire organization evaluating whether your AWS resources comply with your desired configurations", + "privilege": "PutOrganizationConformancePack", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "routing-profile*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" + "dependent_actions": [ + "iam:CreateServiceLinkedRole", + "iam:PassRole", + "organizations:EnableAWSServiceAccess", + "organizations:ListDelegatedAdministrators", + "s3:GetObject" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "OrganizationConformancePack*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a rule in an Amazon Connect instance", - "privilege": "DeleteRule", + "description": "Grants permission to add or update the remediation configuration with a specific AWS Config rule with the selected target or action", + "privilege": "PutRemediationConfigurations", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "rule*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" + "dependent_actions": [ + "iam:PassRole" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "RemediationConfiguration*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a security profile in an Amazon Connect instance", - "privilege": "DeleteSecurityProfile", + "description": "Grants permission to add or update remediation exceptions for specific resources for a specific AWS Config rule", + "privilege": "PutRemediationExceptions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "security-profile*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a task template in an Amazon Connect instance", - "privilege": "DeleteTaskTemplate", + "description": "Grants permission to record the configuration state for the resource provided in the request", + "privilege": "PutResourceConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "task-template*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a traffic distribution group", - "privilege": "DeleteTrafficDistributionGroup", + "description": "Grants permission to create and update the retention configuration with details about retention period (number of days) that AWS Config stores your historical information", + "privilege": "PutRetentionConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "traffic-distribution-group*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a use case from an integration association", - "privilege": "DeleteUseCase", + "description": "Grants permission to create a new service-linked configuration recorder to record the resource configurations in scope for the linked service", + "privilege": "PutServiceLinkedConfigurationRecorder", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "connect:DescribeInstance", - "ds:DescribeDirectories" - ], - "resource_type": "instance*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "use-case*" - }, { "condition_keys": [ - "connect:InstanceId" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "config:ConfigurationRecorderServicePrincipal" + ], + "dependent_actions": [ + "iam:CreateServiceLinkedRole", + "iam:PassRole" ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a user in an Amazon Connect instance", - "privilege": "DeleteUser", + "description": "Grants permission to save a new query or updates an existing saved query", + "privilege": "PutStoredQuery", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "StoredQuery*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -66111,237 +70505,142 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete a user hierarchy group in an Amazon Connect instance", - "privilege": "DeleteUserHierarchyGroup", + "access_level": "Read", + "description": "Grants permission to accept a structured query language (SQL) SELECT command and an aggregator to query configuration state of AWS resources across multiple accounts and regions, performs the corresponding search, and returns resource configurations matching the properties", + "privilege": "SelectAggregateResourceConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "hierarchy-group*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "ConfigurationAggregator*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a view in an Amazon Connect instance", - "privilege": "DeleteView", + "access_level": "Read", + "description": "Grants permission to accept a structured query language (SQL) SELECT command, performs the corresponding search, and returns resource configurations matching the properties", + "privilege": "SelectResourceConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "customer-managed-view*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a view version in an Amazon Connect instance", - "privilege": "DeleteViewVersion", + "description": "Grants permission to evaluate your resources against the specified Config rules", + "privilege": "StartConfigRulesEvaluation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "customer-managed-view-version*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "ConfigRule*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a vocabulary in an Amazon Connect instance", - "privilege": "DeleteVocabulary", + "description": "Grants permission to the customer managed configuration recorder to start recording configurations of the AWS resources you have selected to record in your AWS account", + "privilege": "StartConfigurationRecorder", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vocabulary*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "ConfigurationRecorder*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe agent status in an Amazon Connect instance", - "privilege": "DescribeAgentStatus", + "access_level": "Write", + "description": "Grants permission to run an on-demand remediation for the specified AWS Config rules against the last known remediation configuration", + "privilege": "StartRemediationExecution", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "agent-status*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" + "dependent_actions": [ + "iam:PassRole" ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe authentication profile resources in an Amazon Connect instance", - "privilege": "DescribeAuthenticationProfile", + "access_level": "Write", + "description": "Grants permission to evaluate your resource details against the AWS Config rules in your account", + "privilege": "StartResourceEvaluation", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "authentication-profile*" - }, - { - "condition_keys": [ - "connect:InstanceId" + "dependent_actions": [ + "cloudformation:DescribeType" ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a contact in an Amazon Connect instance", - "privilege": "DescribeContact", + "access_level": "Write", + "description": "Grants permission to the customer managed configuration recorder to stop recording configurations of the AWS resources you have selected to record in your AWS account", + "privilege": "StopConfigurationRecorder", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "ConfigurationRecorder*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a contact evaluation in the specified Amazon Connect instance", - "privilege": "DescribeContactEvaluation", + "access_level": "Tagging", + "description": "Grants permission to associate the specified tags to a resource with the specified resourceArn", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-evaluation*" + "resource_type": "AggregationAuthorization" }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe a contact flow in an Amazon Connect instance", - "privilege": "DescribeContactFlow", - "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-flow*" + "resource_type": "ConfigRule" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId", - "connect:FlowType" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe a contact flow module in an Amazon Connect instance", - "privilege": "DescribeContactFlowModule", - "resource_types": [ + "resource_type": "ConfigurationAggregator" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-flow-module*" + "resource_type": "ConfigurationRecorder" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe an email address resource in an Amazon Connect instance", - "privilege": "DescribeEmailAddress", - "resource_types": [ + "resource_type": "ConformancePack" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "email-address*" + "resource_type": "OrganizationConfigRule" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe an evaluation form in the specified Amazon Connect instance. If the version property is not provided, the latest version of the evaluation form is described", - "privilege": "DescribeEvaluationForm", - "resource_types": [ + "resource_type": "OrganizationConformancePack" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "evaluation-form*" + "resource_type": "StoredQuery" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -66349,58 +70648,234 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to describe the status of forecasting, planning, and scheduling integration on an Amazon Connect instance", - "privilege": "DescribeForecastingPlanningSchedulingIntegration", + "access_level": "Tagging", + "description": "Grants permission to delete specified tags from a resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "AggregationAuthorization" }, { - "condition_keys": [ - "connect:InstanceId" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe hours of operation in an Amazon Connect instance", - "privilege": "DescribeHoursOfOperation", - "resource_types": [ + "resource_type": "ConfigRule" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "hours-of-operation*" + "resource_type": "ConfigurationAggregator" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ConfigurationRecorder" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ConformancePack" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "OrganizationConfigRule" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "OrganizationConformancePack" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "StoredQuery" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:config:${Region}:${Account}:aggregation-authorization/${AggregatorAccount}/${AggregatorRegion}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "AggregationAuthorization" }, { - "access_level": "Read", - "description": "Grants permission to describe an hours of operation override in an Amazon Connect instance", - "privilege": "DescribeHoursOfOperationOverride", + "arn": "arn:${Partition}:config:${Region}:${Account}:config-aggregator/${AggregatorId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "ConfigurationAggregator" + }, + { + "arn": "arn:${Partition}:config:${Region}:${Account}:config-rule/${ConfigRuleId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "ConfigRule" + }, + { + "arn": "arn:${Partition}:config:${Region}:${Account}:conformance-pack/${ConformancePackName}/${ConformancePackId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "ConformancePack" + }, + { + "arn": "arn:${Partition}:config:${Region}:${Account}:organization-config-rule/${OrganizationConfigRuleId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "OrganizationConfigRule" + }, + { + "arn": "arn:${Partition}:config:${Region}:${Account}:organization-conformance-pack/${OrganizationConformancePackId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "OrganizationConformancePack" + }, + { + "arn": "arn:${Partition}:config:${Region}:${Account}:remediation-configuration/${RemediationConfigurationId}", + "condition_keys": [], + "resource": "RemediationConfiguration" + }, + { + "arn": "arn:${Partition}:config:${Region}:${Account}:stored-query/${StoredQueryName}/${StoredQueryId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "StoredQuery" + }, + { + "arn": "arn:${Partition}:config:${Region}:${Account}:configuration-recorder/${RecorderName}/${RecorderId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "ConfigurationRecorder" + } + ], + "service_name": "AWS Config" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by using tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by using tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by using tag keys in the request", + "type": "ArrayOfString" + }, + { + "condition": "connect:AssignmentType", + "description": "Filters access by restricting access to create contacts based on Assignment Type", + "type": "String" + }, + { + "condition": "connect:AttributeType", + "description": "Filters access by the attribute type of the Amazon Connect instance", + "type": "String" + }, + { + "condition": "connect:Channel", + "description": "Filters access by Channel", + "type": "String" + }, + { + "condition": "connect:ContactAssociationId", + "description": "Filters access by ContactAssociationId", + "type": "String" + }, + { + "condition": "connect:ContactInitiationMethod", + "description": "Filters access by restricting access to create contacts based on the initiation method of the contact", + "type": "String" + }, + { + "condition": "connect:FlowType", + "description": "Filters access by Flow type", + "type": "ArrayOfString" + }, + { + "condition": "connect:InstanceId", + "description": "Filters access by restricting federation into specified Amazon Connect instances", + "type": "String" + }, + { + "condition": "connect:ListRealtimeContactAnalysisSegmentsByOutputType", + "description": "Filters access by restricting the listed segments using the output type of the Amazon Connect Contact Lens real-time segment", + "type": "String" + }, + { + "condition": "connect:ListRealtimeContactAnalysisSegmentsBySegmentType", + "description": "Filters access by restricting the listed segments using the segment types of the Amazon Connect Contact Lens real-time segment", + "type": "ArrayOfString" + }, + { + "condition": "connect:MonitorCapabilities", + "description": "Filters access by restricting the monitor capabilities of the user in the request", + "type": "ArrayOfString" + }, + { + "condition": "connect:PreferredUserArn", + "description": "Filters access by PreferredUserArn", + "type": "ARN" + }, + { + "condition": "connect:SearchContactsByContactAnalysis", + "description": "Filters access by restricting searches using analysis outputs from Amazon Connect Contact Lens", + "type": "ArrayOfString" + }, + { + "condition": "connect:SearchTag/${TagKey}", + "description": "Filters access by TagFilter condition passed in the search request", + "type": "String" + }, + { + "condition": "connect:StorageResourceType", + "description": "Filters access by restricting the storage resource type of the Amazon Connect instance storage configuration", + "type": "String" + }, + { + "condition": "connect:Subtype", + "description": "Filters access by restricting creation of a contact for specific subtypes", + "type": "String" + }, + { + "condition": "connect:UserArn", + "description": "Filters access by UserArn", + "type": "ARN" + } + ], + "prefix": "connect", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to activate an evaluation form in the specified Amazon Connect instance. After the evaluation form is activated, it is available to start new evaluations based on the form", + "privilege": "ActivateEvaluationForm", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "hours-of-operation*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "evaluation-form*" }, { "condition_keys": [ @@ -66412,31 +70887,25 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to view details of an Amazon Connect instance and is also required to create an instance", - "privilege": "DescribeInstance", + "access_level": "Write", + "description": "Grants permission to federate into an Amazon Connect instance (Log in for emergency access functionality in the Amazon Connect console)", + "privilege": "AdminGetEmergencyAccessToken", "resource_types": [ { "condition_keys": [], "dependent_actions": [ + "connect:DescribeInstance", + "connect:ListInstances", "ds:DescribeDirectories" ], "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId", - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view the attribute details of an existing Amazon Connect instance", - "privilege": "DescribeInstanceAttribute", + "access_level": "Write", + "description": "Grants permission to grant access and to associate a dataset with the specified AWS account", + "privilege": "AssociateAnalyticsDataSet", "resource_types": [ { "condition_keys": [], @@ -66445,7 +70914,6 @@ }, { "condition_keys": [ - "connect:AttributeType", "connect:InstanceId" ], "dependent_actions": [], @@ -66454,9 +70922,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to view the instance storage configuration for an existing Amazon Connect instance", - "privilege": "DescribeInstanceStorageConfig", + "access_level": "Write", + "description": "Grants permission to associate approved origin for an existing Amazon Connect instance", + "privilege": "AssociateApprovedOrigin", "resource_types": [ { "condition_keys": [], @@ -66465,7 +70933,6 @@ }, { "condition_keys": [ - "connect:StorageResourceType", "connect:InstanceId" ], "dependent_actions": [], @@ -66474,18 +70941,26 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to describe phone number resources in an Amazon Connect instance or traffic distribution group", - "privilege": "DescribePhoneNumber", + "access_level": "Write", + "description": "Grants permission to associate a Lex bot for an existing Amazon Connect instance", + "privilege": "AssociateBot", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "phone-number*" + "dependent_actions": [ + "iam:AttachRolePolicy", + "iam:CreateServiceLinkedRole", + "iam:PutRolePolicy", + "lex:CreateResourcePolicy", + "lex:DescribeBotAlias", + "lex:GetBot", + "lex:UpdateResourcePolicy" + ], + "resource_type": "instance*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -66493,17 +70968,29 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to describe a predefined attribute in an Amazon Connect instance", - "privilege": "DescribePredefinedAttribute", + "access_level": "Write", + "description": "Grants permission to associate a contact with a user using the Amazon Connect API", + "privilege": "AssociateContactWithUser", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact*" + }, { "condition_keys": [], "dependent_actions": [], "resource_type": "instance*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "user*" + }, { "condition_keys": [ + "connect:PreferredUserArn", + "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -66512,18 +70999,34 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to describe a prompt in an Amazon Connect instance", - "privilege": "DescribePrompt", + "access_level": "Write", + "description": "Grants permission to associate a Customer Profiles domain for an existing Amazon Connect instance", + "privilege": "AssociateCustomerProfilesDomain", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iam:AttachRolePolicy", + "iam:CreateServiceLinkedRole", + "iam:PutRolePolicy", + "profile:GetDomain" + ], + "resource_type": "instance*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to default vocabulary for an existing Amazon Connect instance", + "privilege": "AssociateDefaultVocabulary", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "prompt*" + "resource_type": "instance*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -66532,14 +71035,14 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to describe a queue in an Amazon Connect instance", - "privilege": "DescribeQueue", + "access_level": "Write", + "description": "Grants permission to associate an alias with an email address resource in an Amazon Connect instance", + "privilege": "AssociateEmailAddressAlias", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "queue*" + "resource_type": "email-address*" }, { "condition_keys": [ @@ -66552,14 +71055,19 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to describe a quick connect in an Amazon Connect instance", - "privilege": "DescribeQuickConnect", + "access_level": "Write", + "description": "Grants permission to associate a resource with a flow in an Amazon Connect instance", + "privilege": "AssociateFlow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "quick-connect*" + "resource_type": "contact-flow*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "wildcard-phone-number*" }, { "condition_keys": [ @@ -66572,18 +71080,29 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to describe a routing profile in an Amazon Connect instance", - "privilege": "DescribeRoutingProfile", + "access_level": "Write", + "description": "Grants permission to associate instance storage for an existing Amazon Connect instance", + "privilege": "AssociateInstanceStorageConfig", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "routing-profile*" + "dependent_actions": [ + "ds:DescribeDirectories", + "firehose:DescribeDeliveryStream", + "iam:AttachRolePolicy", + "iam:CreateServiceLinkedRole", + "iam:PutRolePolicy", + "kinesis:DescribeStream", + "kms:CreateGrant", + "kms:DescribeKey", + "s3:GetBucketAcl", + "s3:GetBucketLocation" + ], + "resource_type": "instance*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", + "connect:StorageResourceType", "connect:InstanceId" ], "dependent_actions": [], @@ -66592,18 +71111,19 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to describe a rule in an Amazon Connect instance", - "privilege": "DescribeRule", + "access_level": "Write", + "description": "Grants permission to associate a Lambda function for an existing Amazon Connect instance", + "privilege": "AssociateLambdaFunction", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "rule*" + "dependent_actions": [ + "lambda:AddPermission" + ], + "resource_type": "instance*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -66612,18 +71132,22 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to describe a security profile in an Amazon Connect instance", - "privilege": "DescribeSecurityProfile", + "access_level": "Write", + "description": "Grants permission to associate a Lex bot for an existing Amazon Connect instance", + "privilege": "AssociateLexBot", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "security-profile*" + "dependent_actions": [ + "iam:AttachRolePolicy", + "iam:CreateServiceLinkedRole", + "iam:PutRolePolicy", + "lex:GetBot" + ], + "resource_type": "instance*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -66632,18 +71156,24 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to describe a traffic distribution group", - "privilege": "DescribeTrafficDistributionGroup", + "access_level": "Write", + "description": "Grants permission to associate contact flow resources to phone number resources in an Amazon Connect instance", + "privilege": "AssociatePhoneNumberContactFlow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "traffic-distribution-group*" + "resource_type": "contact-flow*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "phone-number*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -66651,14 +71181,19 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to describe a user in an Amazon Connect instance", - "privilege": "DescribeUser", + "access_level": "Write", + "description": "Grants permission to associate quick connects with a queue in an Amazon Connect instance", + "privilege": "AssociateQueueQuickConnects", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "queue*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "quick-connect*" }, { "condition_keys": [ @@ -66671,17 +71206,23 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to describe a hierarchy group for an Amazon Connect instance", - "privilege": "DescribeUserHierarchyGroup", + "access_level": "Write", + "description": "Grants permission to associate queues with a routing profile in an Amazon Connect instance", + "privilege": "AssociateRoutingProfileQueues", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "hierarchy-group*" + "resource_type": "queue*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "routing-profile*" }, { "condition_keys": [ + "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -66690,9 +71231,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to describe the hierarchy structure for an Amazon Connect instance", - "privilege": "DescribeUserHierarchyStructure", + "access_level": "Write", + "description": "Grants permission to associate a security key for an existing Amazon Connect instance", + "privilege": "AssociateSecurityKey", "resource_types": [ { "condition_keys": [], @@ -66709,34 +71250,33 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to describe a view in an Amazon Connect instance", - "privilege": "DescribeView", + "access_level": "Write", + "description": "Grants permission to associate a user to a traffic distribution group in the specified Amazon Connect instance", + "privilege": "AssociateTrafficDistributionGroupUser", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "aws-managed-view*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "customer-managed-view*" + "dependent_actions": [ + "connect:DescribeUser", + "connect:SearchUsers" + ], + "resource_type": "instance*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "qualified-aws-managed-view*" + "resource_type": "traffic-distribution-group*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "qualified-customer-managed-view*" + "resource_type": "user*" }, { "condition_keys": [ + "connect:InstanceId", "aws:ResourceTag/${TagKey}", - "connect:InstanceId" + "connect:SearchTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -66744,18 +71284,22 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to describe a vocabulary in an Amazon Connect instance", - "privilege": "DescribeVocabulary", + "access_level": "Write", + "description": "Grants permission to associate user proficiencies to a user in an Amazon Connect instance", + "privilege": "AssociateUserProficiencies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vocabulary*" + "resource_type": "instance*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "user*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -66765,8 +71309,8 @@ }, { "access_level": "Write", - "description": "Grants permission to revoke access and to disassociate a dataset with the specified AWS account", - "privilege": "DisassociateAnalyticsDataSet", + "description": "Grants permission to grant access and to associate the datasets with the specified AWS account", + "privilege": "BatchAssociateAnalyticsDataSet", "resource_types": [ { "condition_keys": [], @@ -66784,8 +71328,8 @@ }, { "access_level": "Write", - "description": "Grants permission to disassociate approved origin for an existing Amazon Connect instance", - "privilege": "DisassociateApprovedOrigin", + "description": "Grants permission to revoke access and to disassociate the datasets with the specified AWS account", + "privilege": "BatchDisassociateAnalyticsDataSet", "resource_types": [ { "condition_keys": [], @@ -66802,23 +71346,19 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to disassociate a Lex bot for an existing Amazon Connect instance", - "privilege": "DisassociateBot", + "access_level": "Read", + "description": "Grants permission to get metadata for multiple attached files from an Amazon Connect instance", + "privilege": "BatchGetAttachedFileMetadata", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:AttachRolePolicy", - "iam:CreateServiceLinkedRole", - "iam:PutRolePolicy", - "lex:DeleteResourcePolicy", - "lex:UpdateResourcePolicy" - ], - "resource_type": "instance*" + "dependent_actions": [], + "resource_type": "attached-file*" }, { "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", "connect:InstanceId" ], "dependent_actions": [], @@ -66827,37 +71367,42 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to disassociate a Customer Profiles domain for an existing Amazon Connect instance", - "privilege": "DisassociateCustomerProfilesDomain", + "access_level": "List", + "description": "Grants permission to get summary information about the flow associations for the specified Amazon Connect instance", + "privilege": "BatchGetFlowAssociation", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:AttachRolePolicy", - "iam:DeleteRolePolicy", - "iam:DetachRolePolicy", - "iam:GetPolicy", - "iam:GetPolicyVersion", - "iam:GetRolePolicy" + "dependent_actions": [], + "resource_type": "wildcard-phone-number*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], - "resource_type": "instance*" + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate a resource from a flow in an Amazon Connect instance", - "privilege": "DisassociateFlow", + "description": "Grants permission to put contacts in an Amazon Connect instance", + "privilege": "BatchPutContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "wildcard-phone-number*" + "resource_type": "instance*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "queue" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -66867,17 +71412,28 @@ }, { "access_level": "Write", - "description": "Grants permission to disassociate instance storage for an existing Amazon Connect instance", - "privilege": "DisassociateInstanceStorageConfig", + "description": "Grants permission to claim phone number resources in an Amazon Connect instance or traffic distribution group", + "privilege": "ClaimPhoneNumber", "resource_types": [ { "condition_keys": [], "dependent_actions": [], "resource_type": "instance*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "traffic-distribution-group*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "wildcard-phone-number*" + }, { "condition_keys": [ - "connect:StorageResourceType", + "aws:RequestTag/${TagKey}", + "aws:TagKeys", "connect:InstanceId" ], "dependent_actions": [], @@ -66887,18 +71443,18 @@ }, { "access_level": "Write", - "description": "Grants permission to disassociate a Lambda function for an existing Amazon Connect instance", - "privilege": "DisassociateLambdaFunction", + "description": "Grants permission to complete an attached file upload in an Amazon Connect instance", + "privilege": "CompleteAttachedFileUpload", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "lambda:RemovePermission" - ], - "resource_type": "instance*" + "dependent_actions": [], + "resource_type": "attached-file*" }, { "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", "connect:InstanceId" ], "dependent_actions": [], @@ -66908,20 +71464,18 @@ }, { "access_level": "Write", - "description": "Grants permission to disassociate a Lex bot for an existing Amazon Connect instance", - "privilege": "DisassociateLexBot", + "description": "Grants permission to create agent status in an Amazon Connect instance", + "privilege": "CreateAgentStatus", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:AttachRolePolicy", - "iam:CreateServiceLinkedRole", - "iam:PutRolePolicy" - ], - "resource_type": "instance*" + "dependent_actions": [], + "resource_type": "agent-status*" }, { "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", "connect:InstanceId" ], "dependent_actions": [], @@ -66931,17 +71485,16 @@ }, { "access_level": "Write", - "description": "Grants permission to disassociate contact flow resources from phone number resources in an Amazon Connect instance", - "privilege": "DisassociatePhoneNumberContactFlow", + "description": "Grants permission to create authentication profile resources in an Amazon Connect instance", + "privilege": "CreateAuthenticationProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "phone-number*" + "resource_type": "authentication-profile*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -66951,23 +71504,29 @@ }, { "access_level": "Write", - "description": "Grants permission to disassociate quick connects from a queue in an Amazon Connect instance", - "privilege": "DisassociateQueueQuickConnects", + "description": "Grants permission to create a new contact using the Amazon Connect API", + "privilege": "CreateContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "queue*" + "resource_type": "instance*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "quick-connect*" + "resource_type": "contact" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "user" }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "connect:InstanceId" + "connect:InstanceId", + "connect:ContactInitiationMethod" ], "dependent_actions": [], "resource_type": "" @@ -66976,18 +71535,20 @@ }, { "access_level": "Write", - "description": "Grants permission to disassociate queues from a routing profile in an Amazon Connect instance", - "privilege": "DisassociateRoutingProfileQueues", + "description": "Grants permission to create a contact flow in an Amazon Connect instance", + "privilege": "CreateContactFlow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "routing-profile*" + "resource_type": "contact-flow*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "connect:InstanceId", + "connect:FlowType" ], "dependent_actions": [], "resource_type": "" @@ -66996,16 +71557,18 @@ }, { "access_level": "Write", - "description": "Grants permission to disassociate the security key for an existing Amazon Connect instance", - "privilege": "DisassociateSecurityKey", + "description": "Grants permission to create a contact flow module in an Amazon Connect instance", + "privilege": "CreateContactFlowModule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "contact-flow-module*" }, { "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", "connect:InstanceId" ], "dependent_actions": [], @@ -67015,28 +71578,19 @@ }, { "access_level": "Write", - "description": "Grants permission to disassociate a user from a traffic distribution group in the specified Amazon Connect instance", - "privilege": "DisassociateTrafficDistributionGroupUser", + "description": "Grants permission to create a version a flow in an Amazon Connect instance", + "privilege": "CreateContactFlowVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "traffic-distribution-group*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "user*" + "resource_type": "contact-flow*" }, { "condition_keys": [ + "aws:ResourceTag/${TagKey}", "connect:InstanceId", - "aws:ResourceTag/${TagKey}" + "connect:FlowType" ], "dependent_actions": [], "resource_type": "" @@ -67045,21 +71599,18 @@ }, { "access_level": "Write", - "description": "Grants permission to disassociate user proficiencies from a user in an Amazon Connect instance", - "privilege": "DisassociateUserProficiencies", + "description": "Grants permission to create an email address resource in an Amazon Connect instance", + "privilege": "CreateEmailAddress", "resource_types": [ { "condition_keys": [], "dependent_actions": [], "resource_type": "instance*" }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "user*" - }, { "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", "connect:InstanceId" ], "dependent_actions": [], @@ -67069,17 +71620,16 @@ }, { "access_level": "Write", - "description": "Grants permission to dismiss terminated Contact from Agent CCP", - "privilege": "DismissUserContact", + "description": "Grants permission to create an evaluation form in the specified Amazon Connect instance. The form can be used to define questions related to agent performance, and create sections to organize such questions. Question and section identifiers cannot be duplicated within the same evaluation form", + "privilege": "CreateEvaluationForm", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "evaluation-form*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -67088,14 +71638,14 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get an attached file from an Amazon Connect instance", - "privilege": "GetAttachedFile", + "access_level": "Write", + "description": "Grants permission to create hours of operation in an Amazon Connect instance", + "privilege": "CreateHoursOfOperation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "attached-file*" + "resource_type": "hours-of-operation*" }, { "condition_keys": [ @@ -67109,14 +71659,19 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the contact attributes for the specified contact", - "privilege": "GetContactAttributes", + "access_level": "Write", + "description": "Grants permission to create an hours of operation override in an Amazon Connect instance", + "privilege": "CreateHoursOfOperationOverride", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact*" + "resource_type": "hours-of-operation*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "instance*" }, { "condition_keys": [ @@ -67128,24 +71683,76 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve current metric data for queues and routing profiles in an Amazon Connect instance", - "privilege": "GetCurrentMetricData", + "access_level": "Write", + "description": "Grants permission to create a new Amazon Connect instance", + "privilege": "CreateInstance", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "ds:AuthorizeApplication", + "ds:CheckAlias", + "ds:CreateAlias", + "ds:CreateDirectory", + "ds:CreateIdentityPoolDirectory", + "ds:DeleteDirectory", + "ds:DescribeDirectories", + "ds:UnauthorizeApplication", + "iam:AttachRolePolicy", + "iam:CreateServiceLinkedRole", + "iam:PutRolePolicy" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an integration association with an Amazon Connect instance", + "privilege": "CreateIntegrationAssociation", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "queue*" + "dependent_actions": [ + "app-integrations:CreateApplicationAssociation", + "app-integrations:CreateEventIntegrationAssociation", + "app-integrations:GetApplication", + "app-integrations:GetDataIntegration", + "app-integrations:ListDataIntegrationAssociations", + "app-integrations:TagResource", + "cases:GetDomain", + "chime:AssociateVoiceConnectorConnect", + "chime:DisassociateVoiceConnectorConnect", + "chime:TagResource", + "chime:UntagResource", + "connect:DescribeInstance", + "ds:DescribeDirectories", + "events:PutRule", + "events:PutTargets", + "iam:AttachRolePolicy", + "iam:CreateServiceLinkedRole", + "iam:PutRolePolicy", + "mobiletargeting:GetApp", + "voiceid:DescribeDomain", + "wisdom:GetAssistant", + "wisdom:GetKnowledgeBase", + "wisdom:TagResource" + ], + "resource_type": "instance*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "routing-profile*" + "resource_type": "integration-association*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" + "connect:InstanceId", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -67153,33 +71760,22 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve current user data in an Amazon Connect instance", - "privilege": "GetCurrentUserData", + "access_level": "Write", + "description": "Grants permission to add a participant to an ongoing contact", + "privilege": "CreateParticipant", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "hierarchy-group*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "queue*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "routing-profile*" + "resource_type": "contact*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "instance*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -67188,14 +71784,14 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get effective hours of operation resources in an Amazon Connect instance", - "privilege": "GetEffectiveHoursOfOperations", + "access_level": "Write", + "description": "Grants permission to create persistent contact associations for a contact", + "privilege": "CreatePersistentContactAssociation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "hours-of-operation*" + "resource_type": "contact*" }, { "condition_keys": [], @@ -67212,9 +71808,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to federate into an Amazon Connect instance when using SAML-based authentication for identity management", - "privilege": "GetFederationToken", + "access_level": "Write", + "description": "Grants permission to create a predefined attribute in an Amazon Connect instance", + "privilege": "CreatePredefinedAttribute", "resource_types": [ { "condition_keys": [], @@ -67231,18 +71827,23 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get information about the flow associations for the specified Amazon Connect instance", - "privilege": "GetFlowAssociation", + "access_level": "Write", + "description": "Grants permission to create a prompt in an Amazon Connect instance", + "privilege": "CreatePrompt", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "wildcard-phone-number*" + "dependent_actions": [ + "kms:Decrypt", + "s3:GetObject", + "s3:GetObjectAcl" + ], + "resource_type": "prompt*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys", "connect:InstanceId" ], "dependent_actions": [], @@ -67251,18 +71852,17 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve historical metric data for queues in an Amazon Connect instance", - "privilege": "GetMetricData", + "access_level": "Write", + "description": "Grants permission to create a push notification registration for an Amazon Connect instance", + "privilege": "CreatePushNotificationRegistration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "queue*" + "resource_type": "instance*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -67271,14 +71871,14 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve metric data in an Amazon Connect instance", - "privilege": "GetMetricDataV2", + "access_level": "Write", + "description": "Grants permission to create a queue in an Amazon Connect instance", + "privilege": "CreateQueue", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "hierarchy-group*" + "resource_type": "hours-of-operation*" }, { "condition_keys": [], @@ -67288,16 +71888,22 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "routing-profile*" + "resource_type": "contact-flow" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "phone-number" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "quick-connect" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys", "connect:InstanceId" ], "dependent_actions": [], @@ -67306,18 +71912,34 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get details about a prompt's presigned Amazon S3 URL in an Amazon Connect instance", - "privilege": "GetPromptFile", + "access_level": "Write", + "description": "Grants permission to create a quick connect in an Amazon Connect instance", + "privilege": "CreateQuickConnect", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "prompt*" + "resource_type": "quick-connect*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-flow" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "queue" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "user" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys", "connect:InstanceId" ], "dependent_actions": [], @@ -67326,18 +71948,24 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get details about specified task template in an Amazon Connect instance", - "privilege": "GetTaskTemplate", + "access_level": "Write", + "description": "Grants permission to create a routing profile in an Amazon Connect instance", + "privilege": "CreateRoutingProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "task-template*" + "resource_type": "queue*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "routing-profile*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys", "connect:InstanceId" ], "dependent_actions": [], @@ -67346,18 +71974,18 @@ ] }, { - "access_level": "List", - "description": "Grants permission to read traffic distribution for a traffic distribution group", - "privilege": "GetTrafficDistribution", + "access_level": "Write", + "description": "Grants permission to create a rule in an Amazon Connect instance", + "privilege": "CreateRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "traffic-distribution-group*" + "resource_type": "rule*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -67366,27 +71994,19 @@ }, { "access_level": "Write", - "description": "Grants permission to import phone number resources to an Amazon Connect instance", - "privilege": "ImportPhoneNumber", + "description": "Grants permission to create a security profile for the specified Amazon Connect instance", + "privilege": "CreateSecurityProfile", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "sms-voice:DescribePhoneNumbers", - "social-messaging:GetLinkedWhatsAppBusinessAccountPhoneNumber", - "social-messaging:TagResource" - ], - "resource_type": "instance*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "wildcard-phone-number*" + "resource_type": "security-profile*" }, { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -67394,29 +72014,36 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list agent statuses in an Amazon Connect instance", - "privilege": "ListAgentStatuses", + "access_level": "Write", + "description": "Grants permission to create a task template in an Amazon Connect instance", + "privilege": "CreateTaskTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "wildcard-agent-status*" + "resource_type": "task-template*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the association status of a dataset for a given Amazon Connect instance", - "privilege": "ListAnalyticsDataAssociations", + "access_level": "Write", + "description": "Grants permission to create a traffic distribution group", + "privilege": "CreateTrafficDistributionGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], "resource_type": "instance*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "traffic-distribution-group*" + }, { "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", "connect:InstanceId" ], "dependent_actions": [], @@ -67425,37 +72052,33 @@ ] }, { - "access_level": "List", - "description": "Grants permission to view approved origins of an existing Amazon Connect instance", - "privilege": "ListApprovedOrigins", + "access_level": "Write", + "description": "Grants permission to create a use case for an integration association", + "privilege": "CreateUseCase", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "connect:DescribeInstance", + "ds:DescribeDirectories" + ], "resource_type": "instance*" }, { - "condition_keys": [ - "connect:InstanceId" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list the contacts associated with an email address in an Amazon Connect instance", - "privilege": "ListAssociatedContacts", - "resource_types": [ + "resource_type": "integration-association*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact*" + "resource_type": "use-case*" }, { "condition_keys": [ - "connect:InstanceId" + "connect:InstanceId", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -67463,17 +72086,34 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list authentication profile resources in an Amazon Connect instance", - "privilege": "ListAuthenticationProfiles", + "access_level": "Write", + "description": "Grants permission to create a user for the specified Amazon Connect instance", + "privilege": "CreateUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "routing-profile*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "security-profile*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "user*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "hierarchy-group" }, { "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", "connect:InstanceId" ], "dependent_actions": [], @@ -67482,17 +72122,19 @@ ] }, { - "access_level": "List", - "description": "Grants permission to view the Lex bots of an existing Amazon Connect instance", - "privilege": "ListBots", + "access_level": "Write", + "description": "Grants permission to create a user hierarchy group in an Amazon Connect instance", + "privilege": "CreateUserHierarchyGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "hierarchy-group" }, { "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", "connect:InstanceId" ], "dependent_actions": [], @@ -67501,17 +72143,19 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list contact evaluations in the specified Amazon Connect instance", - "privilege": "ListContactEvaluations", + "access_level": "Write", + "description": "Grants permission to create a view in an Amazon Connect instance", + "privilege": "CreateView", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "customer-managed-view*" }, { "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", "connect:InstanceId" ], "dependent_actions": [], @@ -67520,32 +72164,19 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list contact flow module resources in an Amazon Connect instance", - "privilege": "ListContactFlowModules", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "instance*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list all the versions a flow in an Amazon Connect instance", - "privilege": "ListContactFlowVersions", + "access_level": "Write", + "description": "Grants permission to create a view version in an Amazon Connect instance", + "privilege": "CreateViewVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-flow*" + "resource_type": "customer-managed-view*" }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "connect:InstanceId", - "connect:FlowType" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -67553,17 +72184,19 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list contact flow resources in an Amazon Connect instance", - "privilege": "ListContactFlows", + "access_level": "Write", + "description": "Grants permission to create a vocabulary in an Amazon Connect instance", + "privilege": "CreateVocabulary", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "wildcard-contact-flow*" + "resource_type": "vocabulary*" }, { "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", "connect:InstanceId" ], "dependent_actions": [], @@ -67572,14 +72205,14 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list references associated with a contact in an Amazon Connect instance", - "privilege": "ListContactReferences", + "access_level": "Write", + "description": "Grants permission to deactivate an evaluation form in the specified Amazon Connect instance. After a form is deactivated, it is no longer available for users to start new evaluations based on the form", + "privilege": "DeactivateEvaluationForm", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact*" + "resource_type": "evaluation-form*" }, { "condition_keys": [ @@ -67591,17 +72224,21 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list default vocabularies associated with a Amazon Connect instance", - "privilege": "ListDefaultVocabularies", + "access_level": "Write", + "description": "Grants permission to delete an attached file from an Amazon Connect instance", + "privilege": "DeleteAttachedFile", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "instance*" + "dependent_actions": [ + "cases:DeleteRelatedItem" + ], + "resource_type": "attached-file*" }, { "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", "connect:InstanceId" ], "dependent_actions": [], @@ -67610,17 +72247,18 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list versions of an evaluation form in the specified Amazon Connect instance", - "privilege": "ListEvaluationFormVersions", + "access_level": "Write", + "description": "Grants permission to delete a contact evaluation in the specified Amazon Connect instance", + "privilege": "DeleteContactEvaluation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "evaluation-form*" + "resource_type": "contact-evaluation*" }, { "condition_keys": [ + "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -67629,18 +72267,20 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list evaluation forms in the specified Amazon Connect instance", - "privilege": "ListEvaluationForms", + "access_level": "Write", + "description": "Grants permission to delete a contact flow in an Amazon Connect instance", + "privilege": "DeleteContactFlow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "contact-flow*" }, { "condition_keys": [ - "connect:InstanceId" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId", + "connect:FlowType" ], "dependent_actions": [], "resource_type": "" @@ -67648,17 +72288,18 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list summary information about the flow associations for the specified Amazon Connect instance", - "privilege": "ListFlowAssociations", + "access_level": "Write", + "description": "Grants permission to delete a contact flow module in an Amazon Connect instance", + "privilege": "DeleteContactFlowModule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "contact-flow-module*" }, { "condition_keys": [ + "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -67667,22 +72308,39 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list hours of operation override resources in an Amazon Connect instance", - "privilege": "ListHoursOfOperationOverrides", + "access_level": "Write", + "description": "Grants permission to delete a version of a flow in an Amazon Connect instance", + "privilege": "DeleteContactFlowVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "hours-of-operation*" + "resource_type": "contact-flow*" }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId", + "connect:FlowType" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an email address resource in an Amazon Connect instance", + "privilege": "DeleteEmailAddress", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "email-address*" }, { "condition_keys": [ + "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -67691,17 +72349,18 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list hours of operation resources in an Amazon Connect instance", - "privilege": "ListHoursOfOperations", + "access_level": "Write", + "description": "Grants permission to delete an evaluation form in the specified Amazon Connect instance. If the version property is provided, only the specified version of the evaluation form is deleted", + "privilege": "DeleteEvaluationForm", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "evaluation-form*" }, { "condition_keys": [ + "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -67710,17 +72369,18 @@ ] }, { - "access_level": "List", - "description": "Grants permission to view the attributes of an existing Amazon Connect instance", - "privilege": "ListInstanceAttributes", + "access_level": "Write", + "description": "Grants permission to delete hours of operation in an Amazon Connect instance", + "privilege": "DeleteHoursOfOperation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "hours-of-operation*" }, { "condition_keys": [ + "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -67729,10 +72389,15 @@ ] }, { - "access_level": "List", - "description": "Grants permission to view storage configurations of an existing Amazon Connect instance", - "privilege": "ListInstanceStorageConfigs", + "access_level": "Write", + "description": "Grants permission to delete an hours of operation override in an Amazon Connect instance", + "privilege": "DeleteHoursOfOperationOverride", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "hours-of-operation*" + }, { "condition_keys": [], "dependent_actions": [], @@ -67748,32 +72413,53 @@ ] }, { - "access_level": "List", - "description": "Grants permission to view the Amazon Connect instances associated with an AWS account", - "privilege": "ListInstances", + "access_level": "Write", + "description": "Grants permission to delete an Amazon Connect instance. When you remove an instance, the link to an existing AWS directory is also removed", + "privilege": "DeleteInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "ds:DescribeDirectories" + "ds:DeleteDirectory", + "ds:DescribeDirectories", + "ds:UnauthorizeApplication" + ], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId", + "aws:ResourceTag/${TagKey}" ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list summary information about the integration associations for the specified Amazon Connect instance", - "privilege": "ListIntegrationAssociations", + "access_level": "Write", + "description": "Grants permission to delete an integration association from an Amazon Connect instance. The association must not have any use cases associated with it", + "privilege": "DeleteIntegrationAssociation", "resource_types": [ { "condition_keys": [], "dependent_actions": [ + "app-integrations:DeleteApplicationAssociation", + "app-integrations:DeleteEventIntegrationAssociation", + "app-integrations:UntagResource", "connect:DescribeInstance", - "ds:DescribeDirectories" + "ds:DescribeDirectories", + "events:DeleteRule", + "events:ListTargetsByRule", + "events:RemoveTargets" ], "resource_type": "instance*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "integration-association*" + }, { "condition_keys": [ "connect:InstanceId" @@ -67784,9 +72470,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to view the Lambda functions of an existing Amazon Connect instance", - "privilege": "ListLambdaFunctions", + "access_level": "Write", + "description": "Grants permission to delete a predefined attribute in an Amazon Connect instance", + "privilege": "DeletePredefinedAttribute", "resource_types": [ { "condition_keys": [], @@ -67803,17 +72489,18 @@ ] }, { - "access_level": "List", - "description": "Grants permission to view the Lex bots of an existing Amazon Connect instance", - "privilege": "ListLexBots", + "access_level": "Write", + "description": "Grants permission to delete a prompt in an Amazon Connect instance", + "privilege": "DeletePrompt", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "prompt*" }, { "condition_keys": [ + "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -67822,41 +72509,37 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list phone number resources in an Amazon Connect instance", - "privilege": "ListPhoneNumbers", + "access_level": "Write", + "description": "Grants permission to delete a push notification registration for an Amazon Connect instance", + "privilege": "DeletePushNotificationRegistration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "wildcard-legacy-phone-number*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list phone number resources in an Amazon Connect instance", - "privilege": "ListPhoneNumbersV2", - "resource_types": [ + "resource_type": "instance*" + }, { - "condition_keys": [], + "condition_keys": [ + "connect:InstanceId" + ], "dependent_actions": [], - "resource_type": "wildcard-phone-number*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list predefined attributes in an Amazon Connect instance", - "privilege": "ListPredefinedAttributes", + "access_level": "Write", + "description": "Grants permission to delete a queue in an Amazon Connect instance", + "privilege": "DeleteQueue", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "queue*" }, { "condition_keys": [ + "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -67865,17 +72548,18 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list prompt resources in an Amazon Connect instance", - "privilege": "ListPrompts", + "access_level": "Write", + "description": "Grants permission to delete a quick connect in an Amazon Connect instance", + "privilege": "DeleteQuickConnect", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "quick-connect*" }, { "condition_keys": [ + "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -67884,14 +72568,14 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list quick connect resources in a queue in an Amazon Connect instance", - "privilege": "ListQueueQuickConnects", + "access_level": "Write", + "description": "Grants permission to delete routing profiles in an Amazon Connect instance", + "privilege": "DeleteRoutingProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "queue*" + "resource_type": "routing-profile*" }, { "condition_keys": [ @@ -67904,62 +72588,54 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list queue resources in an Amazon Connect instance", - "privilege": "ListQueues", + "access_level": "Write", + "description": "Grants permission to delete a rule in an Amazon Connect instance", + "privilege": "DeleteRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "wildcard-queue*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list quick connect resources in an Amazon Connect instance", - "privilege": "ListQuickConnects", - "resource_types": [ + "resource_type": "rule*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], "dependent_actions": [], - "resource_type": "wildcard-quick-connect*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list the analysis segments for a real-time analysis session", - "privilege": "ListRealtimeContactAnalysisSegments", + "access_level": "Write", + "description": "Grants permission to delete a security profile in an Amazon Connect instance", + "privilege": "DeleteSecurityProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list the analysis segments for a real-time chat analytics session", - "privilege": "ListRealtimeContactAnalysisSegmentsV2", - "resource_types": [ + "resource_type": "security-profile*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], "dependent_actions": [], - "resource_type": "contact*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list queue resources in a routing profile in an Amazon Connect instance", - "privilege": "ListRoutingProfileQueues", + "access_level": "Write", + "description": "Grants permission to delete a task template in an Amazon Connect instance", + "privilege": "DeleteTaskTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "routing-profile*" + "resource_type": "task-template*" }, { "condition_keys": [ @@ -67972,18 +72648,18 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list routing profile resources in an Amazon Connect instance", - "privilege": "ListRoutingProfiles", + "access_level": "Write", + "description": "Grants permission to delete a traffic distribution group", + "privilege": "DeleteTrafficDistributionGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "traffic-distribution-group*" }, { "condition_keys": [ - "connect:InstanceId" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -67991,15 +72667,23 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list rules associated with a Amazon Connect instance", - "privilege": "ListRules", + "access_level": "Write", + "description": "Grants permission to delete a use case from an integration association", + "privilege": "DeleteUseCase", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "connect:DescribeInstance", + "ds:DescribeDirectories" + ], "resource_type": "instance*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "use-case*" + }, { "condition_keys": [ "connect:InstanceId" @@ -68010,17 +72694,18 @@ ] }, { - "access_level": "List", - "description": "Grants permission to view the security keys of an existing Amazon Connect instance", - "privilege": "ListSecurityKeys", + "access_level": "Write", + "description": "Grants permission to delete a user in an Amazon Connect instance", + "privilege": "DeleteUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "user*" }, { "condition_keys": [ + "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -68029,18 +72714,17 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list applications associated with a specific security profile in an Amazon Connect instance", - "privilege": "ListSecurityProfileApplications", + "access_level": "Write", + "description": "Grants permission to delete a user hierarchy group in an Amazon Connect instance", + "privilege": "DeleteUserHierarchyGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "security-profile*" + "resource_type": "hierarchy-group*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -68049,14 +72733,14 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list permissions associated with security profile in an Amazon Connect instance", - "privilege": "ListSecurityProfilePermissions", + "access_level": "Write", + "description": "Grants permission to delete a view in an Amazon Connect instance", + "privilege": "DeleteView", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "security-profile*" + "resource_type": "customer-managed-view*" }, { "condition_keys": [ @@ -68069,17 +72753,18 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list security profile resources in an Amazon Connect instance", - "privilege": "ListSecurityProfiles", + "access_level": "Write", + "description": "Grants permission to delete a view version in an Amazon Connect instance", + "privilege": "DeleteViewVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "customer-managed-view-version*" }, { "condition_keys": [ + "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -68088,108 +72773,19 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list tags for an Amazon Connect resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to delete a vocabulary in an Amazon Connect instance", + "privilege": "DeleteVocabulary", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "agent-status" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-evaluation" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-flow" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-flow-module" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "evaluation-form" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "hierarchy-group" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "hours-of-operation" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "integration-association" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "phone-number" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "prompt" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "queue" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "quick-connect" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "routing-profile" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "rule" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "security-profile" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "traffic-distribution-group" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "use-case" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "user" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "wildcard-phone-number" + "resource_type": "vocabulary*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -68197,30 +72793,38 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list task template resources in an Amazon Connect instance", - "privilege": "ListTaskTemplates", + "access_level": "Read", + "description": "Grants permission to describe agent status in an Amazon Connect instance", + "privilege": "DescribeAgentStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "agent-status*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the active user associations for a traffic distribution group", - "privilege": "ListTrafficDistributionGroupUsers", + "access_level": "Read", + "description": "Grants permission to describe authentication profile resources in an Amazon Connect instance", + "privilege": "DescribeAuthenticationProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "traffic-distribution-group*" + "resource_type": "authentication-profile*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -68228,33 +72832,21 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list traffic distribution groups", - "privilege": "ListTrafficDistributionGroups", + "access_level": "Read", + "description": "Grants permission to describe a contact in an Amazon Connect instance", + "privilege": "DescribeContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "traffic-distribution-group*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list the use cases of an integration association", - "privilege": "ListUseCases", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "connect:DescribeInstance", - "ds:DescribeDirectories" - ], - "resource_type": "instance*" + "resource_type": "contact*" }, { "condition_keys": [ - "connect:InstanceId" + "connect:InstanceId", + "connect:ContactAssociationId", + "connect:Channel", + "connect:UserArn" ], "dependent_actions": [], "resource_type": "" @@ -68262,17 +72854,18 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the hierarchy group resources in an Amazon Connect instance", - "privilege": "ListUserHierarchyGroups", + "access_level": "Read", + "description": "Grants permission to describe a contact evaluation in the specified Amazon Connect instance", + "privilege": "DescribeContactEvaluation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "contact-evaluation*" }, { "condition_keys": [ + "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -68281,23 +72874,20 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list user proficiencies from a user in an Amazon Connect instance", - "privilege": "ListUserProficiencies", + "access_level": "Read", + "description": "Grants permission to describe a contact flow in an Amazon Connect instance", + "privilege": "DescribeContactFlow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "user*" + "resource_type": "contact-flow*" }, { "condition_keys": [ - "connect:InstanceId" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId", + "connect:FlowType" ], "dependent_actions": [], "resource_type": "" @@ -68305,17 +72895,18 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list user resources in an Amazon Connect instance", - "privilege": "ListUsers", + "access_level": "Read", + "description": "Grants permission to describe a contact flow module in an Amazon Connect instance", + "privilege": "DescribeContactFlowModule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "contact-flow-module*" }, { "condition_keys": [ + "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -68324,19 +72915,14 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the view versions in an Amazon Connect instance", - "privilege": "ListViewVersions", + "access_level": "Read", + "description": "Grants permission to describe an email address resource in an Amazon Connect instance", + "privilege": "DescribeEmailAddress", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "aws-managed-view*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "customer-managed-view*" + "resource_type": "email-address*" }, { "condition_keys": [ @@ -68349,17 +72935,18 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the views in an Amazon Connect instance", - "privilege": "ListViews", + "access_level": "Read", + "description": "Grants permission to describe an evaluation form in the specified Amazon Connect instance. If the version property is not provided, the latest version of the evaluation form is described", + "privilege": "DescribeEvaluationForm", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "evaluation-form*" }, { "condition_keys": [ + "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -68368,29 +72955,17 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to monitor an ongoing contact", - "privilege": "MonitorContact", + "access_level": "Read", + "description": "Grants permission to describe the status of forecasting, planning, and scheduling integration on an Amazon Connect instance", + "privilege": "DescribeForecastingPlanningSchedulingIntegration", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact*" - }, { "condition_keys": [], "dependent_actions": [], "resource_type": "instance*" }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "user*" - }, { "condition_keys": [ - "connect:MonitorCapabilities", - "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -68399,24 +72974,14 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to pause an ongoing contact", - "privilege": "PauseContact", + "access_level": "Read", + "description": "Grants permission to describe hours of operation in an Amazon Connect instance", + "privilege": "DescribeHoursOfOperation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-flow" + "resource_type": "hours-of-operation*" }, { "condition_keys": [ @@ -68429,28 +72994,22 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to switch User Status in an Amazon Connect instance", - "privilege": "PutUserStatus", + "access_level": "Read", + "description": "Grants permission to describe an hours of operation override in an Amazon Connect instance", + "privilege": "DescribeHoursOfOperationOverride", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "agent-status*" + "resource_type": "hours-of-operation*" }, { "condition_keys": [], "dependent_actions": [], "resource_type": "instance*" }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "user*" - }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -68459,17 +73018,20 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to release phone number resources in an Amazon Connect instance", - "privilege": "ReleasePhoneNumber", + "access_level": "Read", + "description": "Grants permission to view details of an Amazon Connect instance and is also required to create an instance", + "privilege": "DescribeInstance", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "phone-number*" + "dependent_actions": [ + "ds:DescribeDirectories" + ], + "resource_type": "instance*" }, { "condition_keys": [ + "connect:InstanceId", "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], @@ -68478,31 +73040,18 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a replica of an Amazon Connect instance", - "privilege": "ReplicateInstance", + "access_level": "Read", + "description": "Grants permission to view the attribute details of an existing Amazon Connect instance", + "privilege": "DescribeInstanceAttribute", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ds:AuthorizeApplication", - "ds:CheckAlias", - "ds:CreateAlias", - "ds:CreateDirectory", - "ds:CreateIdentityPoolDirectory", - "ds:DeleteDirectory", - "ds:DescribeDirectories", - "ds:UnauthorizeApplication", - "iam:AttachRolePolicy", - "iam:CreateServiceLinkedRole", - "iam:PutRolePolicy" - ], + "dependent_actions": [], "resource_type": "instance*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", + "connect:AttributeType", "connect:InstanceId" ], "dependent_actions": [], @@ -68511,28 +73060,18 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to resume a paused contact", - "privilege": "ResumeContact", + "access_level": "Read", + "description": "Grants permission to view the instance storage configuration for an existing Amazon Connect instance", + "privilege": "DescribeInstanceStorageConfig", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact*" - }, { "condition_keys": [], "dependent_actions": [], "resource_type": "instance*" }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-flow" - }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", + "connect:StorageResourceType", "connect:InstanceId" ], "dependent_actions": [], @@ -68541,33 +73080,37 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to resume recording for the specified contact", - "privilege": "ResumeContactRecording", + "access_level": "Read", + "description": "Grants permission to describe phone number resources in an Amazon Connect instance or traffic distribution group", + "privilege": "DescribePhoneNumber", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact*" + "resource_type": "phone-number*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to search agent status resources in an Amazon Connect instance", - "privilege": "SearchAgentStatuses", + "description": "Grants permission to describe a predefined attribute in an Amazon Connect instance", + "privilege": "DescribePredefinedAttribute", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "connect:DescribeAgentStatus" - ], + "dependent_actions": [], "resource_type": "instance*" }, { "condition_keys": [ - "connect:InstanceId", - "connect:SearchTag/${TagKey}" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -68575,33 +73118,39 @@ ] }, { - "access_level": "List", - "description": "Grants permission to search phone number resources in an Amazon Connect instance or traffic distribution group", - "privilege": "SearchAvailablePhoneNumbers", + "access_level": "Read", + "description": "Grants permission to describe a prompt in an Amazon Connect instance", + "privilege": "DescribePrompt", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "wildcard-phone-number*" + "resource_type": "prompt*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to search contact flow module resources in an Amazon Connect instance", - "privilege": "SearchContactFlowModules", + "description": "Grants permission to describe a queue in an Amazon Connect instance", + "privilege": "DescribeQueue", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "connect:DescribeContactFlowModule" - ], - "resource_type": "instance*" + "dependent_actions": [], + "resource_type": "queue*" }, { "condition_keys": [ - "connect:InstanceId", - "connect:SearchTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -68610,21 +73159,18 @@ }, { "access_level": "Read", - "description": "Grants permission to search contact flow resources in an Amazon Connect instance", - "privilege": "SearchContactFlows", + "description": "Grants permission to describe a quick connect in an Amazon Connect instance", + "privilege": "DescribeQuickConnect", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "connect:DescribeContactFlow" - ], - "resource_type": "instance*" + "dependent_actions": [], + "resource_type": "quick-connect*" }, { "condition_keys": [ - "connect:InstanceId", - "connect:SearchTag/${TagKey}", - "connect:FlowType" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -68633,20 +73179,18 @@ }, { "access_level": "Read", - "description": "Grants permission to search contacts in an Amazon Connect instance", - "privilege": "SearchContacts", + "description": "Grants permission to describe a routing profile in an Amazon Connect instance", + "privilege": "DescribeRoutingProfile", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "connect:DescribeContact" - ], - "resource_type": "instance*" + "dependent_actions": [], + "resource_type": "routing-profile*" }, { "condition_keys": [ - "connect:InstanceId", - "connect:SearchContactsByContactAnalysis" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -68655,20 +73199,18 @@ }, { "access_level": "Read", - "description": "Grants permission to search email address resources in an Amazon Connect instance", - "privilege": "SearchEmailAddresses", + "description": "Grants permission to describe a rule in an Amazon Connect instance", + "privilege": "DescribeRule", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "connect:DescribeEmailAddress" - ], - "resource_type": "instance*" + "dependent_actions": [], + "resource_type": "rule*" }, { "condition_keys": [ - "connect:InstanceId", - "connect:SearchTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -68677,26 +73219,18 @@ }, { "access_level": "Read", - "description": "Grants permission to search hours of operation override resources in an Amazon Connect instance", - "privilege": "SearchHoursOfOperationOverrides", + "description": "Grants permission to describe a security profile in an Amazon Connect instance", + "privilege": "DescribeSecurityProfile", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "connect:DescribeHoursOfOperation", - "connect:ListHoursOfOperationOverrides" - ], - "resource_type": "hours-of-operation*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "security-profile*" }, { "condition_keys": [ - "connect:InstanceId", - "connect:SearchTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -68705,20 +73239,17 @@ }, { "access_level": "Read", - "description": "Grants permission to search hours of operation resources in an Amazon Connect instance", - "privilege": "SearchHoursOfOperations", + "description": "Grants permission to describe a traffic distribution group", + "privilege": "DescribeTrafficDistributionGroup", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "connect:DescribeHoursOfOperation" - ], - "resource_type": "instance*" + "dependent_actions": [], + "resource_type": "traffic-distribution-group*" }, { "condition_keys": [ - "connect:InstanceId", - "connect:SearchTag/${TagKey}" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -68727,18 +73258,17 @@ }, { "access_level": "Read", - "description": "Grants permission to search predefined attributes in an Amazon Connect instance", - "privilege": "SearchPredefinedAttributes", + "description": "Grants permission to describe a user in an Amazon Connect instance", + "privilege": "DescribeUser", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "connect:DescribePredefinedAttribute" - ], - "resource_type": "instance*" + "dependent_actions": [], + "resource_type": "user*" }, { "condition_keys": [ + "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -68748,20 +73278,17 @@ }, { "access_level": "Read", - "description": "Grants permission to search prompt resources in an Amazon Connect instance", - "privilege": "SearchPrompts", + "description": "Grants permission to describe a hierarchy group for an Amazon Connect instance", + "privilege": "DescribeUserHierarchyGroup", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "connect:DescribePrompt" - ], - "resource_type": "instance*" + "dependent_actions": [], + "resource_type": "hierarchy-group*" }, { "condition_keys": [ - "connect:InstanceId", - "connect:SearchTag/${TagKey}" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -68770,20 +73297,17 @@ }, { "access_level": "Read", - "description": "Grants permission to search queue resources in an Amazon Connect instance", - "privilege": "SearchQueues", + "description": "Grants permission to describe the hierarchy structure for an Amazon Connect instance", + "privilege": "DescribeUserHierarchyStructure", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "connect:DescribeQueue" - ], + "dependent_actions": [], "resource_type": "instance*" }, { "condition_keys": [ - "connect:InstanceId", - "connect:SearchTag/${TagKey}" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -68792,20 +73316,33 @@ }, { "access_level": "Read", - "description": "Grants permission to search quick connect resources in an Amazon Connect instance", - "privilege": "SearchQuickConnects", + "description": "Grants permission to describe a view in an Amazon Connect instance", + "privilege": "DescribeView", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "connect:DescribeQuickConnect" - ], - "resource_type": "instance*" + "dependent_actions": [], + "resource_type": "aws-managed-view*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "customer-managed-view*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "qualified-aws-managed-view*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "qualified-customer-managed-view*" }, { "condition_keys": [ - "connect:InstanceId", - "connect:SearchTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -68813,19 +73350,19 @@ ] }, { - "access_level": "List", - "description": "Grants permission to search tags that are used in an Amazon Connect instance", - "privilege": "SearchResourceTags", + "access_level": "Read", + "description": "Grants permission to describe a vocabulary in an Amazon Connect instance", + "privilege": "DescribeVocabulary", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "vocabulary*" }, { "condition_keys": [ - "connect:InstanceId", - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -68833,21 +73370,18 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to search routing profile resources in an Amazon Connect instance", - "privilege": "SearchRoutingProfiles", + "access_level": "Write", + "description": "Grants permission to revoke access and to disassociate a dataset with the specified AWS account", + "privilege": "DisassociateAnalyticsDataSet", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "connect:DescribeRoutingProfile" - ], + "dependent_actions": [], "resource_type": "instance*" }, { "condition_keys": [ - "connect:InstanceId", - "connect:SearchTag/${TagKey}" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -68855,21 +73389,18 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to search security profile resources in an Amazon Connect instance", - "privilege": "SearchSecurityProfiles", + "access_level": "Write", + "description": "Grants permission to disassociate approved origin for an existing Amazon Connect instance", + "privilege": "DisassociateApprovedOrigin", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "connect:DescribeSecurityProfile" - ], + "dependent_actions": [], "resource_type": "instance*" }, { "condition_keys": [ - "connect:InstanceId", - "connect:SearchTag/${TagKey}" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -68877,21 +73408,24 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to search user hierarchy group resources in an Amazon Connect instance", - "privilege": "SearchUserHierarchyGroups", + "access_level": "Write", + "description": "Grants permission to disassociate a Lex bot for an existing Amazon Connect instance", + "privilege": "DisassociateBot", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "connect:DescribeUserHierarchyGroup" + "iam:AttachRolePolicy", + "iam:CreateServiceLinkedRole", + "iam:PutRolePolicy", + "lex:DeleteResourcePolicy", + "lex:UpdateResourcePolicy" ], "resource_type": "instance*" }, { "condition_keys": [ - "connect:InstanceId", - "connect:SearchTag/${TagKey}" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -68899,40 +73433,37 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to search user resources in an Amazon Connect instance", - "privilege": "SearchUsers", + "access_level": "Write", + "description": "Grants permission to disassociate a Customer Profiles domain for an existing Amazon Connect instance", + "privilege": "DisassociateCustomerProfilesDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "connect:DescribeUser", - "connect:ListUserProficiencies" + "iam:AttachRolePolicy", + "iam:DeleteRolePolicy", + "iam:DetachRolePolicy", + "iam:GetPolicy", + "iam:GetPolicyVersion", + "iam:GetRolePolicy" ], "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId", - "connect:SearchTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to search vocabularies in a Amazon Connect instance", - "privilege": "SearchVocabularies", + "access_level": "Write", + "description": "Grants permission to disassociate an alias from an email address resource in an Amazon Connect instance", + "privilege": "DisassociateEmailAddressAlias", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vocabulary*" + "resource_type": "email-address*" }, { "condition_keys": [ + "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -68942,36 +73473,54 @@ }, { "access_level": "Write", - "description": "Grants permission to send chat integration events using the Amazon Connect API", - "privilege": "SendChatIntegrationEvent", + "description": "Grants permission to disassociate a resource from a flow in an Amazon Connect instance", + "privilege": "DisassociateFlow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "wildcard-phone-number*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to send integration events using the Amazon Connect API", - "privilege": "SendIntegrationEvent", + "description": "Grants permission to disassociate instance storage for an existing Amazon Connect instance", + "privilege": "DisassociateInstanceStorageConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:StorageResourceType", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to send outbound email using the Amazon Connect API", - "privilege": "SendOutboundEmail", + "description": "Grants permission to disassociate a Lambda function for an existing Amazon Connect instance", + "privilege": "DisassociateLambdaFunction", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "lambda:RemovePermission" + ], "resource_type": "instance*" }, { @@ -68985,22 +73534,21 @@ }, { "access_level": "Write", - "description": "Grants permission to start an attached file upload in an Amazon Connect instance", - "privilege": "StartAttachedFileUpload", + "description": "Grants permission to disassociate a Lex bot for an existing Amazon Connect instance", + "privilege": "DisassociateLexBot", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "cases:CreateRelatedItem" + "iam:AttachRolePolicy", + "iam:CreateServiceLinkedRole", + "iam:PutRolePolicy" ], - "resource_type": "attached-file*" + "resource_type": "instance*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "connect:InstanceId", - "connect:UserArn" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -69009,21 +73557,17 @@ }, { "access_level": "Write", - "description": "Grants permission to initiate a chat using the Amazon Connect API", - "privilege": "StartChatContact", + "description": "Grants permission to disassociate contact flow resources from phone number resources in an Amazon Connect instance", + "privilege": "DisassociatePhoneNumberContactFlow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-flow*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact" + "resource_type": "phone-number*" }, { "condition_keys": [ + "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -69033,26 +73577,22 @@ }, { "access_level": "Write", - "description": "Grants permission to start an empty evaluation in the specified Amazon Connect instance, using the given evaluation form for the particular contact. The evaluation form version used for the contact evaluation corresponds to the currently activated version. If no version is activated for the evaluation form, the contact evaluation cannot be started", - "privilege": "StartContactEvaluation", + "description": "Grants permission to disassociate quick connects from a queue in an Amazon Connect instance", + "privilege": "DisassociateQueueQuickConnects", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-evaluation*" + "resource_type": "queue*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "evaluation-form*" + "resource_type": "quick-connect*" }, { "condition_keys": [ + "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -69062,32 +73602,47 @@ }, { "access_level": "Write", - "description": "Grants permission to start recording for the specified contact", - "privilege": "StartContactRecording", + "description": "Grants permission to disassociate queues from a routing profile in an Amazon Connect instance", + "privilege": "DisassociateRoutingProfileQueues", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact*" + "resource_type": "routing-profile*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start chat streaming using the Amazon Connect API", - "privilege": "StartContactStreaming", + "description": "Grants permission to disassociate the security key for an existing Amazon Connect instance", + "privilege": "DisassociateSecurityKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to initiate an inbound email using the Amazon Connect API", - "privilege": "StartEmailContact", + "description": "Grants permission to disassociate a user from a traffic distribution group in the specified Amazon Connect instance", + "privilege": "DisassociateTrafficDistributionGroupUser", "resource_types": [ { "condition_keys": [], @@ -69097,12 +73652,17 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-flow" + "resource_type": "traffic-distribution-group*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "user*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" + "connect:InstanceId", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -69111,8 +73671,8 @@ }, { "access_level": "Write", - "description": "Grants permission to enable forecasting, planning, and scheduling integration on an Amazon Connect instance", - "privilege": "StartForecastingPlanningSchedulingIntegration", + "description": "Grants permission to disassociate user proficiencies from a user in an Amazon Connect instance", + "privilege": "DisassociateUserProficiencies", "resource_types": [ { "condition_keys": [], @@ -69120,7 +73680,12 @@ "resource_type": "instance*" }, { - "condition_keys": [ + "condition_keys": [], + "dependent_actions": [], + "resource_type": "user*" + }, + { + "condition_keys": [ "connect:InstanceId" ], "dependent_actions": [], @@ -69130,33 +73695,18 @@ }, { "access_level": "Write", - "description": "Grants permission to initiate an outbound chat using the Amazon Connect API", - "privilege": "StartOutboundChatContact", + "description": "Grants permission to dismiss terminated Contact from Agent CCP", + "privilege": "DismissUserContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-flow*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "phone-number" + "resource_type": "user*" }, { "condition_keys": [ - "connect:InstanceId", - "connect:Subtype" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -69164,23 +73714,19 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to initiate an outbound email using the Amazon Connect API", - "privilege": "StartOutboundEmailContact", + "access_level": "Read", + "description": "Grants permission to get an attached file from an Amazon Connect instance", + "privilege": "GetAttachedFile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-flow" + "resource_type": "attached-file*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys", "connect:InstanceId" ], "dependent_actions": [], @@ -69189,21 +73735,31 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to initiate outbound calls using the Amazon Connect API", - "privilege": "StartOutboundVoiceContact", + "access_level": "Read", + "description": "Grants permission to retrieve the contact attributes for the specified contact", + "privilege": "GetContactAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], "resource_type": "contact*" + }, + { + "condition_keys": [ + "connect:InstanceId", + "connect:ContactAssociationId", + "connect:Channel", + "connect:UserArn" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to start screen sharing for contact", - "privilege": "StartScreenSharing", + "access_level": "Read", + "description": "Grants permission to get contact metrics in an Amazon Connect instance", + "privilege": "GetContactMetrics", "resource_types": [ { "condition_keys": [], @@ -69225,35 +73781,24 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to initiate a task using the Amazon Connect API", - "privilege": "StartTaskContact", + "access_level": "Read", + "description": "Grants permission to retrieve current metric data for queues and routing profiles in an Amazon Connect instance", + "privilege": "GetCurrentMetricData", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-flow*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "quick-connect" + "resource_type": "queue*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "task-template" + "resource_type": "routing-profile*" }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "connect:InstanceId", - "connect:AssignmentType" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -69261,36 +73806,33 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to initiate a WebRTC contact using the Amazon Connect API", - "privilege": "StartWebRTCContact", + "access_level": "Read", + "description": "Grants permission to retrieve current user data in an Amazon Connect instance", + "privilege": "GetCurrentUserData", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-flow*" + "resource_type": "hierarchy-group*" }, { - "condition_keys": [ - "connect:InstanceId" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to stop contacts that were initiated using the Amazon Connect API. If you use this operation on an active contact the contact ends, even if the agent is active on a call with a customer", - "privilege": "StopContact", - "resource_types": [ + "resource_type": "queue*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact*" + "resource_type": "routing-profile*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "user*" }, { "condition_keys": [ + "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -69299,33 +73841,33 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to stop recording for the specified contact", - "privilege": "StopContactRecording", + "access_level": "Read", + "description": "Grants permission to get effective hours of operation resources in an Amazon Connect instance", + "privilege": "GetEffectiveHoursOfOperations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to stop chat streaming using the Amazon Connect API", - "privilege": "StopContactStreaming", - "resource_types": [ + "resource_type": "hours-of-operation*" + }, { "condition_keys": [], "dependent_actions": [], "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to disable forecasting, planning, and scheduling integration on an Amazon Connect instance", - "privilege": "StopForecastingPlanningSchedulingIntegration", + "access_level": "Read", + "description": "Grants permission to federate into an Amazon Connect instance when using SAML-based authentication for identity management", + "privilege": "GetFederationToken", "resource_types": [ { "condition_keys": [], @@ -69342,17 +73884,18 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to submit a contact evaluation in the specified Amazon Connect instance. Answers included in the request are merged with existing answers for the given evaluation. If no answers or notes are passed, the evaluation is submitted with the existing answers and notes. You can delete an answer or note by passing an empty object ( { }) to the question identifier", - "privilege": "SubmitContactEvaluation", + "access_level": "Read", + "description": "Grants permission to get information about the flow associations for the specified Amazon Connect instance", + "privilege": "GetFlowAssociation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-evaluation*" + "resource_type": "wildcard-phone-number*" }, { "condition_keys": [ + "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -69361,29 +73904,18 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to suspend recording for the specified contact", - "privilege": "SuspendContactRecording", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to tag a contact in an Amazon Connect instance", - "privilege": "TagContact", + "access_level": "Read", + "description": "Grants permission to retrieve historical metric data for queues in an Amazon Connect instance", + "privilege": "GetMetricData", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact*" + "resource_type": "queue*" }, { "condition_keys": [ + "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -69392,129 +73924,34 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag an Amazon Connect resource", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to retrieve metric data in an Amazon Connect instance", + "privilege": "GetMetricDataV2", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "agent-status" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-evaluation" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-flow" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-flow-module" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "customer-managed-view" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "evaluation-form" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "hierarchy-group" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "hours-of-operation" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "instance" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "integration-association" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "phone-number" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "prompt" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "queue" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "quick-connect" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "routing-profile" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "rule" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "security-profile" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "task-template" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "traffic-distribution-group" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "use-case" + "resource_type": "hierarchy-group*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "user" + "resource_type": "queue*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "vocabulary" + "resource_type": "routing-profile*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "wildcard-phone-number" + "resource_type": "user*" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -69522,27 +73959,18 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to transfer the contact to another queue or agent", - "privilege": "TransferContact", + "access_level": "Read", + "description": "Grants permission to get details about a prompt's presigned Amazon S3 URL in an Amazon Connect instance", + "privilege": "GetPromptFile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-flow*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "prompt*" }, { "condition_keys": [ + "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -69551,17 +73979,18 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to untag a contact in an Amazon Connect instance", - "privilege": "UntagContact", + "access_level": "Read", + "description": "Grants permission to get details about specified task template in an Amazon Connect instance", + "privilege": "GetTaskTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact*" + "resource_type": "task-template*" }, { "condition_keys": [ + "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -69570,127 +73999,46 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag an Amazon Connect resource", - "privilege": "UntagResource", + "access_level": "List", + "description": "Grants permission to read traffic distribution for a traffic distribution group", + "privilege": "GetTrafficDistribution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "agent-status" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-evaluation" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-flow" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-flow-module" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "customer-managed-view" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "evaluation-form" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "hierarchy-group" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "hours-of-operation" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "instance" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "integration-association" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "phone-number" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "prompt" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "queue" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "quick-connect" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "routing-profile" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "rule" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "security-profile" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "task-template" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "traffic-distribution-group" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "use-case" + "resource_type": "traffic-distribution-group*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "user" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to import phone number resources to an Amazon Connect instance", + "privilege": "ImportPhoneNumber", + "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "vocabulary" + "dependent_actions": [ + "sms-voice:DescribePhoneNumbers", + "social-messaging:GetLinkedWhatsAppBusinessAccountPhoneNumber", + "social-messaging:TagResource" + ], + "resource_type": "instance*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "wildcard-phone-number" + "resource_type": "wildcard-phone-number*" }, { "condition_keys": [ + "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -69699,34 +74047,26 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update agent status in an Amazon Connect instance", - "privilege": "UpdateAgentStatus", + "access_level": "List", + "description": "Grants permission to list agent statuses in an Amazon Connect instance", + "privilege": "ListAgentStatuses", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "agent-status*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "wildcard-agent-status*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update authentication profile resources in an Amazon Connect instance", - "privilege": "UpdateAuthenticationProfile", + "access_level": "List", + "description": "Grants permission to list the association status of a dataset for a given Amazon Connect instance", + "privilege": "ListAnalyticsDataAssociations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "authentication-profile*" + "resource_type": "instance*" }, { "condition_keys": [ @@ -69738,14 +74078,14 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update a contact in an Amazon Connect instance", - "privilege": "UpdateContact", + "access_level": "List", + "description": "Grants permission to list data lake datasets available to associate with for a given Amazon Connect instance", + "privilege": "ListAnalyticsDataLakeDataSets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact*" + "resource_type": "instance*" }, { "condition_keys": [ @@ -69757,14 +74097,14 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create or update the contact attributes associated with the specified contact", - "privilege": "UpdateContactAttributes", + "access_level": "List", + "description": "Grants permission to view approved origins of an existing Amazon Connect instance", + "privilege": "ListApprovedOrigins", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact*" + "resource_type": "instance*" }, { "condition_keys": [ @@ -69776,14 +74116,14 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update details about a contact evaluation in the specified Amazon Connect instance. A contact evaluation must be in the draft state. Answers included in the request are merged with existing answers for the given evaluation. An answer or note can be deleted by passing an empty object ( { }) to the question identifier", - "privilege": "UpdateContactEvaluation", + "access_level": "List", + "description": "Grants permission to list the contacts associated with an email address in an Amazon Connect instance", + "privilege": "ListAssociatedContacts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-evaluation*" + "resource_type": "contact*" }, { "condition_keys": [ @@ -69795,20 +74135,18 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update contact flow content in an Amazon Connect instance", - "privilege": "UpdateContactFlowContent", + "access_level": "List", + "description": "Grants permission to list authentication profile resources in an Amazon Connect instance", + "privilege": "ListAuthenticationProfiles", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-flow*" + "resource_type": "instance*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId", - "connect:FlowType" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -69816,20 +74154,18 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update the metadata of a contact flow in an Amazon Connect instance", - "privilege": "UpdateContactFlowMetadata", + "access_level": "List", + "description": "Grants permission to view the Lex bots of an existing Amazon Connect instance", + "privilege": "ListBots", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-flow*" + "resource_type": "instance*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId", - "connect:FlowType" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -69837,18 +74173,17 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update contact flow module content in an Amazon Connect instance", - "privilege": "UpdateContactFlowModuleContent", + "access_level": "List", + "description": "Grants permission to list contact evaluations in the specified Amazon Connect instance", + "privilege": "ListContactEvaluations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-flow-module*" + "resource_type": "instance*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -69857,29 +74192,21 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update the metadata of a contact flow module in an Amazon Connect instance", - "privilege": "UpdateContactFlowModuleMetadata", + "access_level": "List", + "description": "Grants permission to list contact flow module resources in an Amazon Connect instance", + "privilege": "ListContactFlowModules", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-flow-module*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "instance*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the name and description of a contact flow in an Amazon Connect instance", - "privilege": "UpdateContactFlowName", + "access_level": "List", + "description": "Grants permission to list all the versions a flow in an Amazon Connect instance", + "privilege": "ListContactFlowVersions", "resource_types": [ { "condition_keys": [], @@ -69898,14 +74225,14 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update routing properties on a contact in an Amazon Connect instance", - "privilege": "UpdateContactRoutingData", + "access_level": "List", + "description": "Grants permission to list contact flow resources in an Amazon Connect instance", + "privilege": "ListContactFlows", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact*" + "resource_type": "wildcard-contact-flow*" }, { "condition_keys": [ @@ -69917,9 +74244,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update the schedule of a contact that is already scheduled in an Amazon Connect instance", - "privilege": "UpdateContactSchedule", + "access_level": "List", + "description": "Grants permission to list references associated with a contact in an Amazon Connect instance", + "privilege": "ListContactReferences", "resource_types": [ { "condition_keys": [], @@ -69928,7 +74255,10 @@ }, { "condition_keys": [ - "connect:InstanceId" + "connect:InstanceId", + "connect:ContactAssociationId", + "connect:Channel", + "connect:UserArn" ], "dependent_actions": [], "resource_type": "" @@ -69936,18 +74266,17 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update the metadata of an email address resource in an Amazon Connect instance", - "privilege": "UpdateEmailAddressMetadata", + "access_level": "List", + "description": "Grants permission to list default vocabularies associated with a Amazon Connect instance", + "privilege": "ListDefaultVocabularies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "email-address*" + "resource_type": "instance*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -69956,9 +74285,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update details about a specific evaluation form version in the specified Amazon Connect instance. Question and section identifiers cannot be duplicated within the same evaluation form", - "privilege": "UpdateEvaluationForm", + "access_level": "List", + "description": "Grants permission to list versions of an evaluation form in the specified Amazon Connect instance", + "privilege": "ListEvaluationFormVersions", "resource_types": [ { "condition_keys": [], @@ -69975,18 +74304,17 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update hours of operation in an Amazon Connect instance", - "privilege": "UpdateHoursOfOperation", + "access_level": "List", + "description": "Grants permission to list evaluation forms in the specified Amazon Connect instance", + "privilege": "ListEvaluationForms", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "hours-of-operation*" + "resource_type": "instance*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -69995,15 +74323,10 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update an hours of operation override in an Amazon Connect instance", - "privilege": "UpdateHoursOfOperationOverride", + "access_level": "List", + "description": "Grants permission to list summary information about the flow associations for the specified Amazon Connect instance", + "privilege": "ListFlowAssociations", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "hours-of-operation*" - }, { "condition_keys": [], "dependent_actions": [], @@ -70019,55 +74342,22 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update the attribute for an existing Amazon Connect instance", - "privilege": "UpdateInstanceAttribute", + "access_level": "List", + "description": "Grants permission to list hours of operation override resources in an Amazon Connect instance", + "privilege": "ListHoursOfOperationOverrides", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ds:DescribeDirectories", - "iam:AttachRolePolicy", - "iam:CreateServiceLinkedRole", - "iam:PutRolePolicy", - "logs:CreateLogGroup" - ], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:AttributeType", - "connect:InstanceId" - ], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update the storage configuration for an existing Amazon Connect instance", - "privilege": "UpdateInstanceStorageConfig", - "resource_types": [ + "resource_type": "hours-of-operation*" + }, { "condition_keys": [], - "dependent_actions": [ - "ds:DescribeDirectories", - "firehose:DescribeDeliveryStream", - "iam:AttachRolePolicy", - "iam:CreateServiceLinkedRole", - "iam:PutRolePolicy", - "kinesis:DescribeStream", - "kms:CreateGrant", - "kms:DescribeKey", - "s3:GetBucketAcl", - "s3:GetBucketLocation" - ], + "dependent_actions": [], "resource_type": "instance*" }, { "condition_keys": [ - "connect:StorageResourceType", "connect:InstanceId" ], "dependent_actions": [], @@ -70076,9 +74366,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update and continue authentication for a specific contact", - "privilege": "UpdateParticipantAuthentication", + "access_level": "List", + "description": "Grants permission to list hours of operation resources in an Amazon Connect instance", + "privilege": "ListHoursOfOperations", "resource_types": [ { "condition_keys": [], @@ -70095,15 +74385,10 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update participant role configurations associated with a contact", - "privilege": "UpdateParticipantRoleConfig", + "access_level": "List", + "description": "Grants permission to view the attributes of an existing Amazon Connect instance", + "privilege": "ListInstanceAttributes", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact*" - }, { "condition_keys": [], "dependent_actions": [], @@ -70119,28 +74404,17 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update phone number resources in an Amazon Connect instance or traffic distribution group", - "privilege": "UpdatePhoneNumber", + "access_level": "List", + "description": "Grants permission to view storage configurations of an existing Amazon Connect instance", + "privilege": "ListInstanceStorageConfigs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], "resource_type": "instance*" }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "phone-number*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "traffic-distribution-group*" - }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -70149,32 +74423,30 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update the metadata of a phone number resource in an Amazon Connect instance or traffic distribution group", - "privilege": "UpdatePhoneNumberMetadata", + "access_level": "List", + "description": "Grants permission to view the Amazon Connect instances associated with an AWS account", + "privilege": "ListInstances", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "phone-number*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "dependent_actions": [ + "ds:DescribeDirectories" ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a predefined attribute in an Amazon Connect instance", - "privilege": "UpdatePredefinedAttribute", + "access_level": "List", + "description": "Grants permission to list summary information about the integration associations for the specified Amazon Connect instance", + "privilege": "ListIntegrationAssociations", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "connect:DescribeInstance", + "ds:DescribeDirectories" + ], "resource_type": "instance*" }, { @@ -70187,22 +74459,17 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update a prompt's name, description, and Amazon S3 URI in an Amazon Connect instance", - "privilege": "UpdatePrompt", + "access_level": "List", + "description": "Grants permission to view the Lambda functions of an existing Amazon Connect instance", + "privilege": "ListLambdaFunctions", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "kms:Decrypt", - "s3:GetObject", - "s3:GetObjectAcl" - ], - "resource_type": "prompt*" + "dependent_actions": [], + "resource_type": "instance*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -70211,23 +74478,17 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update queue hours of operation in an Amazon Connect instance", - "privilege": "UpdateQueueHoursOfOperation", + "access_level": "List", + "description": "Grants permission to view the Lex bots of an existing Amazon Connect instance", + "privilege": "ListLexBots", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "hours-of-operation*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "queue*" + "resource_type": "instance*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -70236,68 +74497,41 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update queue capacity in an Amazon Connect instance", - "privilege": "UpdateQueueMaxContacts", + "access_level": "List", + "description": "Grants permission to list phone number resources in an Amazon Connect instance", + "privilege": "ListPhoneNumbers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "queue*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "wildcard-legacy-phone-number*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a queue name and description in an Amazon Connect instance", - "privilege": "UpdateQueueName", + "access_level": "List", + "description": "Grants permission to list phone number resources in an Amazon Connect instance", + "privilege": "ListPhoneNumbersV2", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "queue*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "wildcard-phone-number*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update queue outbound caller config in an Amazon Connect instance", - "privilege": "UpdateQueueOutboundCallerConfig", + "access_level": "List", + "description": "Grants permission to list predefined attributes in an Amazon Connect instance", + "privilege": "ListPredefinedAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "queue*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-flow" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "phone-number" + "resource_type": "instance*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -70306,18 +74540,17 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update the outbound email configuration for a queue in an Amazon Connect instance", - "privilege": "UpdateQueueOutboundEmailConfig", + "access_level": "List", + "description": "Grants permission to list prompt resources in an Amazon Connect instance", + "privilege": "ListPrompts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "queue*" + "resource_type": "instance*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -70326,9 +74559,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update queue status in an Amazon Connect instance", - "privilege": "UpdateQueueStatus", + "access_level": "List", + "description": "Grants permission to list quick connect resources in a queue in an Amazon Connect instance", + "privilege": "ListQueueQuickConnects", "resource_types": [ { "condition_keys": [], @@ -70346,54 +74579,55 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update the configuration of a quick connect in an Amazon Connect instance", - "privilege": "UpdateQuickConnectConfig", + "access_level": "List", + "description": "Grants permission to list queue resources in an Amazon Connect instance", + "privilege": "ListQueues", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "quick-connect*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-flow" - }, + "resource_type": "wildcard-queue*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list quick connect resources in an Amazon Connect instance", + "privilege": "ListQuickConnects", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "queue" - }, + "resource_type": "wildcard-quick-connect*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list the analysis segments for a real-time analysis session", + "privilege": "ListRealtimeContactAnalysisSegments", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "contact*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a quick connect name and description in an Amazon Connect instance", - "privilege": "UpdateQuickConnectName", + "access_level": "List", + "description": "Grants permission to list the analysis segments for a real-time chat analytics session", + "privilege": "ListRealtimeContactAnalysisSegmentsV2", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "quick-connect*" + "resource_type": "contact*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" + "connect:ListRealtimeContactAnalysisSegmentsByOutputType", + "connect:ListRealtimeContactAnalysisSegmentsBySegmentType" ], "dependent_actions": [], "resource_type": "" @@ -70401,9 +74635,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update a routing profile agent availability timer in an Amazon Connect instance", - "privilege": "UpdateRoutingProfileAgentAvailabilityTimer", + "access_level": "List", + "description": "Grants permission to list manual assignment queue resources in a routing profile in an Amazon Connect instance", + "privilege": "ListRoutingProfileManualAssignmentQueues", "resource_types": [ { "condition_keys": [], @@ -70421,9 +74655,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update the concurrency in a routing profile in an Amazon Connect instance", - "privilege": "UpdateRoutingProfileConcurrency", + "access_level": "List", + "description": "Grants permission to list queue resources in a routing profile in an Amazon Connect instance", + "privilege": "ListRoutingProfileQueues", "resource_types": [ { "condition_keys": [], @@ -70441,23 +74675,17 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update the outbound queue in a routing profile in an Amazon Connect instance", - "privilege": "UpdateRoutingProfileDefaultOutboundQueue", + "access_level": "List", + "description": "Grants permission to list routing profile resources in an Amazon Connect instance", + "privilege": "ListRoutingProfiles", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "queue*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "routing-profile*" + "resource_type": "instance*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -70466,18 +74694,17 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update a routing profile name and description in an Amazon Connect instance", - "privilege": "UpdateRoutingProfileName", + "access_level": "List", + "description": "Grants permission to list rules associated with a Amazon Connect instance", + "privilege": "ListRules", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "routing-profile*" + "resource_type": "instance*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -70486,18 +74713,17 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update the queues in routing profile in an Amazon Connect instance", - "privilege": "UpdateRoutingProfileQueues", + "access_level": "List", + "description": "Grants permission to view the security keys of an existing Amazon Connect instance", + "privilege": "ListSecurityKeys", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "routing-profile*" + "resource_type": "instance*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -70506,17 +74732,18 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update a rule for an existing Amazon Connect instance", - "privilege": "UpdateRule", + "access_level": "List", + "description": "Grants permission to list applications associated with a specific security profile in an Amazon Connect instance", + "privilege": "ListSecurityProfileApplications", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule*" + "resource_type": "security-profile*" }, { "condition_keys": [ + "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -70525,9 +74752,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update a security profile group for a user in an Amazon Connect instance", - "privilege": "UpdateSecurityProfile", + "access_level": "List", + "description": "Grants permission to list permissions associated with security profile in an Amazon Connect instance", + "privilege": "ListSecurityProfilePermissions", "resource_types": [ { "condition_keys": [], @@ -70545,18 +74772,17 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update task template belonging to a Amazon Connect instance", - "privilege": "UpdateTaskTemplate", + "access_level": "List", + "description": "Grants permission to list security profile resources in an Amazon Connect instance", + "privilege": "ListSecurityProfiles", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "task-template*" + "resource_type": "instance*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], @@ -70565,170 +74791,108 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update traffic distribution for a traffic distribution group", - "privilege": "UpdateTrafficDistribution", + "access_level": "Read", + "description": "Grants permission to list tags for an Amazon Connect resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "traffic-distribution-group*" + "resource_type": "agent-status" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a hierarchy group for a user in an Amazon Connect instance", - "privilege": "UpdateUserHierarchy", - "resource_types": [ + "resource_type": "contact-evaluation" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "contact-flow" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "hierarchy-group" + "resource_type": "contact-flow-module" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a user hierarchy group name in an Amazon Connect instance", - "privilege": "UpdateUserHierarchyGroupName", - "resource_types": [ + "resource_type": "evaluation-form" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "hierarchy-group*" + "resource_type": "hierarchy-group" }, { - "condition_keys": [ - "connect:InstanceId" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update user hierarchy structure in an Amazon Connect instance", - "privilege": "UpdateUserHierarchyStructure", - "resource_types": [ + "resource_type": "hours-of-operation" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "integration-association" }, { - "condition_keys": [ - "connect:InstanceId" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update identity information for a user in an Amazon Connect instance", - "privilege": "UpdateUserIdentityInfo", - "resource_types": [ + "resource_type": "phone-number" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "prompt" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update phone configuration settings for a user in an Amazon Connect instance", - "privilege": "UpdateUserPhoneConfig", - "resource_types": [ + "resource_type": "queue" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "quick-connect" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update user proficiencies from a user in an Amazon Connect instance", - "privilege": "UpdateUserProficiencies", - "resource_types": [ + "resource_type": "routing-profile" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "rule" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "security-profile" }, { - "condition_keys": [ - "connect:InstanceId" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a routing profile for a user in an Amazon Connect instance", - "privilege": "UpdateUserRoutingProfile", - "resource_types": [ + "resource_type": "traffic-distribution-group" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "routing-profile*" + "resource_type": "use-case" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "user" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "wildcard-phone-number" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -70736,24 +74900,30 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update security profiles for a user in an Amazon Connect instance", - "privilege": "UpdateUserSecurityProfiles", + "access_level": "List", + "description": "Grants permission to list task template resources in an Amazon Connect instance", + "privilege": "ListTaskTemplates", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "security-profile*" - }, + "resource_type": "instance*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the active user associations for a traffic distribution group", + "privilege": "ListTrafficDistributionGroupUsers", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "traffic-distribution-group*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -70761,323 +74931,52 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update a view's content in an Amazon Connect instance", - "privilege": "UpdateViewContent", + "access_level": "List", + "description": "Grants permission to list traffic distribution groups", + "privilege": "ListTrafficDistributionGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "customer-managed-view*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "traffic-distribution-group*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a view's metadata in an Amazon Connect instance", - "privilege": "UpdateViewMetadata", + "access_level": "List", + "description": "Grants permission to list the use cases of an integration association", + "privilege": "ListUseCases", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "customer-managed-view*" + "dependent_actions": [ + "connect:DescribeInstance", + "ds:DescribeDirectories" + ], + "resource_type": "instance*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "instance" - }, - { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/contact/${ContactId}", - "condition_keys": [], - "resource": "contact" - }, - { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/agent/${UserId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "user" - }, - { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/routing-profile/${RoutingProfileId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "routing-profile" - }, - { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/security-profile/${SecurityProfileId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "security-profile" - }, - { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/authentication-profile/${AuthenticationProfileId}", - "condition_keys": [], - "resource": "authentication-profile" - }, - { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/agent-group/${HierarchyGroupId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "hierarchy-group" - }, - { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/queue/${QueueId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "queue" - }, - { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/queue/*", - "condition_keys": [], - "resource": "wildcard-queue" - }, - { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/transfer-destination/${QuickConnectId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "quick-connect" - }, - { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/transfer-destination/*", - "condition_keys": [], - "resource": "wildcard-quick-connect" - }, - { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/contact-flow/${ContactFlowId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "contact-flow" - }, - { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/task-template/${TaskTemplateId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "task-template" - }, - { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/flow-module/${ContactFlowModuleId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "contact-flow-module" - }, - { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/contact-flow/*", - "condition_keys": [], - "resource": "wildcard-contact-flow" - }, - { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/operating-hours/${HoursOfOperationId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "hours-of-operation" - }, - { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/agent-state/${AgentStatusId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "agent-status" - }, - { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/agent-state/*", - "condition_keys": [], - "resource": "wildcard-agent-status" - }, - { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/phone-number/${PhoneNumberId}", - "condition_keys": [], - "resource": "legacy-phone-number" - }, - { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/phone-number/*", - "condition_keys": [], - "resource": "wildcard-legacy-phone-number" - }, - { - "arn": "arn:${Partition}:connect:${Region}:${Account}:phone-number/${PhoneNumberId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "phone-number" - }, - { - "arn": "arn:${Partition}:connect:${Region}:${Account}:phone-number/*", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "wildcard-phone-number" - }, - { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/integration-association/${IntegrationAssociationId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "integration-association" - }, - { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/use-case/${UseCaseId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "use-case" - }, - { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/vocabulary/${VocabularyId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "vocabulary" - }, - { - "arn": "arn:${Partition}:connect:${Region}:${Account}:traffic-distribution-group/${TrafficDistributionGroupId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "traffic-distribution-group" - }, - { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/rule/${RuleId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "rule" - }, - { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/evaluation-form/${FormId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "evaluation-form" - }, - { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/contact-evaluation/${EvaluationId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "contact-evaluation" - }, - { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/prompt/${PromptId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "prompt" - }, - { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/view/${ViewId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "customer-managed-view" - }, - { - "arn": "arn:${Partition}:connect:${Region}:aws:view/${ViewId}", - "condition_keys": [], - "resource": "aws-managed-view" - }, - { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/view/${ViewId}:${ViewQualifier}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "qualified-customer-managed-view" - }, - { - "arn": "arn:${Partition}:connect:${Region}:aws:view/${ViewId}:${ViewQualifier}", - "condition_keys": [], - "resource": "qualified-aws-managed-view" - }, - { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/view/${ViewId}:${ViewVersion}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "customer-managed-view-version" }, { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/file/${FileId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "attached-file" - }, - { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/email-address/${EmailAddressId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "email-address" - } - ], - "service_name": "Amazon Connect" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the presence of tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on tag key-value pairs attached to the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters actions based on the presence of tag keys in the request", - "type": "ArrayOfString" - } - ], - "prefix": "connect-campaigns", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to create a campaign", - "privilege": "CreateCampaign", + "access_level": "List", + "description": "Grants permission to list the hierarchy group resources in an Amazon Connect instance", + "privilege": "ListUserHierarchyGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" + "resource_type": "instance*" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -71085,54 +74984,42 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete a campaign", - "privilege": "DeleteCampaign", + "access_level": "List", + "description": "Grants permission to list user proficiencies from a user in an Amazon Connect instance", + "privilege": "ListUserProficiencies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to remove configuration information for an Amazon Connect instance", - "privilege": "DeleteConnectInstanceConfig", - "resource_types": [ + "resource_type": "instance*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to remove onboarding job for an Amazon Connect instance", - "privilege": "DeleteInstanceOnboardingJob", - "resource_types": [ + "resource_type": "user*" + }, { - "condition_keys": [], + "condition_keys": [ + "connect:InstanceId" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a specific campaign", - "privilege": "DescribeCampaign", + "access_level": "List", + "description": "Grants permission to list user resources in an Amazon Connect instance", + "privilege": "ListUsers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" + "resource_type": "instance*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -71140,18 +75027,24 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get state of a campaign", - "privilege": "GetCampaignState", + "access_level": "List", + "description": "Grants permission to list the view versions in an Amazon Connect instance", + "privilege": "ListViewVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" + "resource_type": "aws-managed-view*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "customer-managed-view*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -71159,18 +75052,18 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get state of campaigns", - "privilege": "GetCampaignStateBatch", + "access_level": "List", + "description": "Grants permission to list the views in an Amazon Connect instance", + "privilege": "ListViews", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" + "resource_type": "instance*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -71178,37 +75071,30 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get configuration information for an Amazon Connect instance", - "privilege": "GetConnectInstanceConfig", + "access_level": "Write", + "description": "Grants permission to monitor an ongoing contact", + "privilege": "MonitorContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get onboarding job status for an Amazon Connect instance", - "privilege": "GetInstanceOnboardingJobStatus", - "resource_types": [ + "resource_type": "contact*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to provide summary of all campaigns", - "privilege": "ListCampaigns", - "resource_types": [ + "resource_type": "instance*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "user*" + }, { "condition_keys": [ - "aws:RequestTag/${TagKey}" + "connect:MonitorCapabilities", + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -71216,18 +75102,29 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list tags for a resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to pause an ongoing contact", + "privilege": "PauseContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign" + "resource_type": "contact*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-flow" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -71236,59 +75133,81 @@ }, { "access_level": "Write", - "description": "Grants permission to pause a campaign", - "privilege": "PauseCampaign", + "description": "Grants permission to switch User Status in an Amazon Connect instance", + "privilege": "PutUserStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create dial requests for the specified campaign", - "privilege": "PutDialRequestBatch", - "resource_types": [ + "resource_type": "agent-status*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to resume a campaign", - "privilege": "ResumeCampaign", - "resource_types": [ + "resource_type": "instance*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" + "resource_type": "user*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start a campaign", - "privilege": "StartCampaign", + "description": "Grants permission to release phone number resources in an Amazon Connect instance", + "privilege": "ReleasePhoneNumber", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" + "resource_type": "phone-number*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start onboarding job for an Amazon Connect instance", - "privilege": "StartInstanceOnboardingJob", + "description": "Grants permission to create a replica of an Amazon Connect instance", + "privilege": "ReplicateInstance", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "ds:AuthorizeApplication", + "ds:CheckAlias", + "ds:CreateAlias", + "ds:CreateDirectory", + "ds:CreateIdentityPoolDirectory", + "ds:DeleteDirectory", + "ds:DescribeDirectories", + "ds:UnauthorizeApplication", + "iam:AttachRolePolicy", + "iam:CreateServiceLinkedRole", + "iam:PutRolePolicy" + ], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "connect:InstanceId" + ], "dependent_actions": [], "resource_type": "" } @@ -71296,30 +75215,28 @@ }, { "access_level": "Write", - "description": "Grants permission to stop a campaign", - "privilege": "StopCampaign", + "description": "Grants permission to resume a paused contact", + "privilege": "ResumeContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to tag a resource", - "privilege": "TagResource", - "resource_types": [ + "resource_type": "contact*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign" + "resource_type": "instance*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-flow" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -71327,19 +75244,20 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag a resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to resume recording for the specified contact", + "privilege": "ResumeContactRecording", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign" + "resource_type": "contact*" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "connect:ContactAssociationId", + "connect:Channel", + "connect:UserArn" ], "dependent_actions": [], "resource_type": "" @@ -71347,87 +75265,78 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update the dialer configuration of a campaign", - "privilege": "UpdateCampaignDialerConfig", + "access_level": "Read", + "description": "Grants permission to search agent status resources in an Amazon Connect instance", + "privilege": "SearchAgentStatuses", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "connect:DescribeAgentStatus" + ], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId", + "connect:SearchTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "campaign*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the name of a campaign", - "privilege": "UpdateCampaignName", + "access_level": "List", + "description": "Grants permission to search phone number resources in an Amazon Connect instance or traffic distribution group", + "privilege": "SearchAvailablePhoneNumbers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" + "resource_type": "wildcard-phone-number*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the outbound call configuration of a campaign", - "privilege": "UpdateCampaignOutboundCallConfig", + "access_level": "Read", + "description": "Grants permission to search contact flow module resources in an Amazon Connect instance", + "privilege": "SearchContactFlowModules", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "connect:DescribeContactFlowModule" + ], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId", + "connect:SearchTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "campaign*" + "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:connect-campaigns:${Region}:${Account}:campaign/${CampaignId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "campaign" - } - ], - "service_name": "High-volume outbound communications" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by actions based on the presence of tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by actions based on tag key-value pairs attached to the resource", - "type": "String" }, { - "condition": "aws:TagKeys", - "description": "Filters access by actions based on the presence of tag keys in the request", - "type": "ArrayOfString" - } - ], - "prefix": "connect-campaigns", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to create a campaign", - "privilege": "CreateCampaign", + "access_level": "Read", + "description": "Grants permission to search contact flow resources in an Amazon Connect instance", + "privilege": "SearchContactFlows", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "campaign*" + "dependent_actions": [ + "connect:DescribeContactFlow" + ], + "resource_type": "instance*" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "connect:InstanceId", + "connect:SearchTag/${TagKey}", + "connect:FlowType" ], "dependent_actions": [], "resource_type": "" @@ -71435,84 +75344,139 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete a campaign", - "privilege": "DeleteCampaign", + "access_level": "Read", + "description": "Grants permission to search contacts in an Amazon Connect instance", + "privilege": "SearchContacts", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "connect:DescribeContact" + ], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId", + "connect:SearchContactsByContactAnalysis", + "connect:Channel", + "connect:PreferredUserArn" + ], "dependent_actions": [], - "resource_type": "campaign*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the channel subtype configuration of a campaign", - "privilege": "DeleteCampaignChannelSubtypeConfig", + "access_level": "Read", + "description": "Grants permission to search email address resources in an Amazon Connect instance", + "privilege": "SearchEmailAddresses", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "connect:DescribeEmailAddress" + ], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId", + "connect:SearchTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "campaign*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the communication limits configuration of a campaign", - "privilege": "DeleteCampaignCommunicationLimits", + "access_level": "Read", + "description": "Grants permission to search hours of operation override resources in an Amazon Connect instance", + "privilege": "SearchHoursOfOperationOverrides", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "campaign*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete the communication time configuration of a campaign", - "privilege": "DeleteCampaignCommunicationTime", - "resource_types": [ + "dependent_actions": [ + "connect:DescribeHoursOfOperation", + "connect:ListHoursOfOperationOverrides" + ], + "resource_type": "hours-of-operation*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId", + "connect:SearchTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to remove configuration information for an Amazon Connect instance", - "privilege": "DeleteConnectInstanceConfig", + "access_level": "Read", + "description": "Grants permission to search hours of operation resources in an Amazon Connect instance", + "privilege": "SearchHoursOfOperations", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "connect:DescribeHoursOfOperation" + ], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId", + "connect:SearchTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to remove integration information for an Amazon Connect instance", - "privilege": "DeleteConnectInstanceIntegration", + "access_level": "Read", + "description": "Grants permission to search predefined attributes in an Amazon Connect instance", + "privilege": "SearchPredefinedAttributes", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "connect:DescribePredefinedAttribute" + ], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to remove onboarding job for an Amazon Connect instance", - "privilege": "DeleteInstanceOnboardingJob", + "access_level": "Read", + "description": "Grants permission to search prompt resources in an Amazon Connect instance", + "privilege": "SearchPrompts", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "connect:DescribePrompt" + ], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId", + "connect:SearchTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } @@ -71520,17 +75484,20 @@ }, { "access_level": "Read", - "description": "Grants permission to describe a specific campaign", - "privilege": "DescribeCampaign", + "description": "Grants permission to search queue resources in an Amazon Connect instance", + "privilege": "SearchQueues", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "campaign*" + "dependent_actions": [ + "connect:DescribeQueue" + ], + "resource_type": "instance*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}" + "connect:InstanceId", + "connect:SearchTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -71539,17 +75506,20 @@ }, { "access_level": "Read", - "description": "Grants permission to get state of a campaign", - "privilege": "GetCampaignState", + "description": "Grants permission to search quick connect resources in an Amazon Connect instance", + "privilege": "SearchQuickConnects", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "campaign*" + "dependent_actions": [ + "connect:DescribeQuickConnect" + ], + "resource_type": "instance*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}" + "connect:InstanceId", + "connect:SearchTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -71557,18 +75527,19 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get state of campaigns", - "privilege": "GetCampaignStateBatch", + "access_level": "List", + "description": "Grants permission to search tags that are used in an Amazon Connect instance", + "privilege": "SearchResourceTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" + "resource_type": "instance*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}" + "connect:InstanceId", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -71577,11 +75548,21 @@ }, { "access_level": "Read", - "description": "Grants permission to get configuration information for an Amazon Connect instance", - "privilege": "GetConnectInstanceConfig", + "description": "Grants permission to search routing profile resources in an Amazon Connect instance", + "privilege": "SearchRoutingProfiles", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "connect:DescribeRoutingProfile" + ], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId", + "connect:SearchTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } @@ -71589,24 +75570,42 @@ }, { "access_level": "Read", - "description": "Grants permission to get onboarding job status for an Amazon Connect instance", - "privilege": "GetInstanceOnboardingJobStatus", + "description": "Grants permission to search security profile resources in an Amazon Connect instance", + "privilege": "SearchSecurityProfiles", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "connect:DescribeSecurityProfile" + ], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId", + "connect:SearchTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to provide summary of all campaigns", - "privilege": "ListCampaigns", + "access_level": "Read", + "description": "Grants permission to search user hierarchy group resources in an Amazon Connect instance", + "privilege": "SearchUserHierarchyGroups", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "connect:DescribeUserHierarchyGroup" + ], + "resource_type": "instance*" + }, { "condition_keys": [ - "aws:RequestTag/${TagKey}" + "connect:InstanceId", + "connect:SearchTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -71614,30 +75613,41 @@ ] }, { - "access_level": "List", - "description": "Grants permission to provide summary of all integrations with an Amazon Connect instance", - "privilege": "ListConnectInstanceIntegrations", + "access_level": "Read", + "description": "Grants permission to search user resources in an Amazon Connect instance", + "privilege": "SearchUsers", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "connect:DescribeUser", + "connect:ListUserProficiencies" + ], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId", + "connect:SearchTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list tags for a resource", - "privilege": "ListTagsForResource", + "access_level": "List", + "description": "Grants permission to search vocabularies in a Amazon Connect instance", + "privilege": "SearchVocabularies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign" + "resource_type": "vocabulary*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -71646,20 +75656,20 @@ }, { "access_level": "Write", - "description": "Grants permission to pause a campaign", - "privilege": "PauseCampaign", + "description": "Grants permission to send chat integration events using the Amazon Connect API", + "privilege": "SendChatIntegrationEvent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to put an integration configuration with an Amazon Connect instance", - "privilege": "PutConnectInstanceIntegration", + "description": "Grants permission to send integration events using the Amazon Connect API", + "privilege": "SendIntegrationEvent", "resource_types": [ { "condition_keys": [], @@ -71670,102 +75680,152 @@ }, { "access_level": "Write", - "description": "Grants permission to create dial requests for the specified campaign", - "privilege": "PutDialRequestBatch", + "description": "Grants permission to send outbound email using the Amazon Connect API", + "privilege": "SendOutboundEmail", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create dial requests for the specified campaign", - "privilege": "PutOutboundRequestBatch", + "description": "Grants permission to start an attached file upload in an Amazon Connect instance", + "privilege": "StartAttachedFileUpload", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "cases:CreateRelatedItem" + ], + "resource_type": "attached-file*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "connect:InstanceId", + "connect:UserArn" + ], "dependent_actions": [], - "resource_type": "campaign*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create profile outbound requests for the specified campaign", - "privilege": "PutProfileOutboundRequestBatch", + "description": "Grants permission to initiate a chat using the Amazon Connect API", + "privilege": "StartChatContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" + "resource_type": "contact-flow*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to resume a campaign", - "privilege": "ResumeCampaign", + "description": "Grants permission to start an empty evaluation in the specified Amazon Connect instance, using the given evaluation form for the particular contact. The evaluation form version used for the contact evaluation corresponds to the currently activated version. If no version is activated for the evaluation form, the contact evaluation cannot be started", + "privilege": "StartContactEvaluation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" + "resource_type": "contact*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-evaluation*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "evaluation-form*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start a campaign", - "privilege": "StartCampaign", + "description": "Grants permission to start recording for the specified contact", + "privilege": "StartContactRecording", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" + "resource_type": "contact*" + }, + { + "condition_keys": [ + "connect:ContactAssociationId", + "connect:Channel", + "connect:UserArn" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start onboarding job for an Amazon Connect instance", - "privilege": "StartInstanceOnboardingJob", + "description": "Grants permission to start chat streaming using the Amazon Connect API", + "privilege": "StartContactStreaming", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "instance*" } ] }, { "access_level": "Write", - "description": "Grants permission to stop a campaign", - "privilege": "StopCampaign", + "description": "Grants permission to initiate an inbound email using the Amazon Connect API", + "privilege": "StartEmailContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to tag a resource", - "privilege": "TagResource", - "resource_types": [ + "resource_type": "instance*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" + "resource_type": "contact-flow" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -71773,18 +75833,18 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag a resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to enable forecasting, planning, and scheduling integration on an Amazon Connect instance", + "privilege": "StartForecastingPlanningSchedulingIntegration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" + "resource_type": "instance*" }, { "condition_keys": [ - "aws:TagKeys" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -71793,545 +75853,1000 @@ }, { "access_level": "Write", - "description": "Grants permission to update the channel subtype configuration of a campaign", - "privilege": "UpdateCampaignChannelSubtypeConfig", + "description": "Grants permission to initiate an outbound chat using the Amazon Connect API", + "privilege": "StartOutboundChatContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" + "resource_type": "contact-flow*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "phone-number" + }, + { + "condition_keys": [ + "connect:InstanceId", + "connect:Subtype" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the communication limits configuration of a campaign", - "privilege": "UpdateCampaignCommunicationLimits", + "description": "Grants permission to initiate an outbound email using the Amazon Connect API", + "privilege": "StartOutboundEmailContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" + "resource_type": "instance*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-flow" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the communication time configuration of a campaign", - "privilege": "UpdateCampaignCommunicationTime", + "description": "Grants permission to initiate outbound calls using the Amazon Connect API", + "privilege": "StartOutboundVoiceContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" + "resource_type": "contact*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the dialer configuration of a campaign", - "privilege": "UpdateCampaignDialerConfig", + "description": "Grants permission to start screen sharing for contact", + "privilege": "StartScreenSharing", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" + "resource_type": "contact*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId", + "connect:ContactAssociationId", + "connect:Channel", + "connect:UserArn" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the flow association of a campaign", - "privilege": "UpdateCampaignFlowAssociation", + "description": "Grants permission to initiate a task using the Amazon Connect API", + "privilege": "StartTaskContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" + "resource_type": "contact-flow*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "quick-connect" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "task-template" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId", + "connect:AssignmentType" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the name of a campaign", - "privilege": "UpdateCampaignName", + "description": "Grants permission to initiate a WebRTC contact using the Amazon Connect API", + "privilege": "StartWebRTCContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" + "resource_type": "contact-flow*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the outbound call configuration of a campaign", - "privilege": "UpdateCampaignOutboundCallConfig", + "description": "Grants permission to stop contacts that were initiated using the Amazon Connect API. If you use this operation on an active contact the contact ends, even if the agent is active on a call with a customer", + "privilege": "StopContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" + "resource_type": "contact*" + }, + { + "condition_keys": [ + "connect:InstanceId", + "connect:ContactAssociationId", + "connect:Channel", + "connect:UserArn" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the schedule of a campaign", - "privilege": "UpdateCampaignSchedule", + "description": "Grants permission to stop recording for the specified contact", + "privilege": "StopContactRecording", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" + "resource_type": "contact*" + }, + { + "condition_keys": [ + "connect:ContactAssociationId", + "connect:Channel", + "connect:UserArn" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the source of a campaign", - "privilege": "UpdateCampaignSource", + "description": "Grants permission to stop chat streaming using the Amazon Connect API", + "privilege": "StopContactStreaming", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" + "resource_type": "instance*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:connect-campaigns:${Region}:${Account}:campaign/${CampaignId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "campaign" - } - ], - "service_name": "Amazon Connect Outbound Campaigns" - }, - { - "conditions": [], - "prefix": "consoleapp", - "privileges": [ + }, { - "access_level": "Read", - "description": "Grants permission to retrieve the device identity for a Console Mobile App device", - "privilege": "GetDeviceIdentity", + "access_level": "Write", + "description": "Grants permission to disable forecasting, planning, and scheduling integration on an Amazon Connect instance", + "privilege": "StopForecastingPlanningSchedulingIntegration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "DeviceIdentity*" + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of device identities", - "privilege": "ListDeviceIdentities", + "access_level": "Write", + "description": "Grants permission to submit a contact evaluation in the specified Amazon Connect instance. Answers included in the request are merged with existing answers for the given evaluation. If no answers or notes are passed, the evaluation is submitted with the existing answers and notes. You can delete an answer or note by passing an empty object ( { }) to the question identifier", + "privilege": "SubmitContactEvaluation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "contact-evaluation*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:consoleapp::${Account}:device/${DeviceId}/identity/${IdentityId}", - "condition_keys": [], - "resource": "DeviceIdentity" - } - ], - "service_name": "AWS Management Console Mobile App" - }, - { - "conditions": [], - "prefix": "consolidatedbilling", - "privileges": [ + }, { - "access_level": "Read", - "description": "Grants permission to get account role (Payer, Linked, Regular)", - "privilege": "GetAccountBillingRole", + "access_level": "Write", + "description": "Grants permission to suspend recording for the specified contact", + "privilege": "SuspendContactRecording", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "contact*" + }, + { + "condition_keys": [ + "connect:ContactAssociationId", + "connect:Channel", + "connect:UserArn" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to get list of member/linked accounts", - "privilege": "ListLinkedAccounts", + "access_level": "Write", + "description": "Grants permission to tag a contact in an Amazon Connect instance", + "privilege": "TagContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "contact*" + }, + { + "condition_keys": [ + "connect:InstanceId", + "connect:ContactAssociationId", + "connect:Channel", + "connect:UserArn" + ], + "dependent_actions": [], "resource_type": "" } ] - } - ], - "resources": [], - "service_name": "AWS Consolidated Billing" - }, - { - "conditions": [], - "prefix": "controlcatalog", - "privileges": [ + }, { - "access_level": "Read", - "description": "Grants permission to return details about a specific control", - "privilege": "GetControl", + "access_level": "Tagging", + "description": "Grants permission to tag an Amazon Connect resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "control*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to return a paginated list of common controls from the AWS Control Catalog", - "privilege": "ListCommonControls", - "resource_types": [ + "resource_type": "agent-status" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-evaluation" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-flow" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-flow-module" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "customer-managed-view" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "email-address" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "evaluation-form" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "hierarchy-group" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "hours-of-operation" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "instance" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "integration-association" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "phone-number" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "prompt" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "queue" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "quick-connect" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "routing-profile" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rule" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "security-profile" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "task-template" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "traffic-distribution-group" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "use-case" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "user" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "vocabulary" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "wildcard-phone-number" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to return a paginated list of all available controls in the AWS Control Catalog library", - "privilege": "ListControls", + "access_level": "Write", + "description": "Grants permission to transfer the contact to another queue or agent", + "privilege": "TransferContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "control*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to return a paginated list of domains from the AWS Control Catalog", - "privilege": "ListDomains", - "resource_types": [ + "resource_type": "contact*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-flow*" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId", + "connect:ContactAssociationId", + "connect:Channel", + "connect:UserArn" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to return a paginated list of objectives from the AWS Control Catalog", - "privilege": "ListObjectives", + "access_level": "Write", + "description": "Grants permission to untag a contact in an Amazon Connect instance", + "privilege": "UntagContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "contact*" + }, + { + "condition_keys": [ + "connect:InstanceId", + "connect:ContactAssociationId", + "connect:Channel", + "connect:UserArn" + ], + "dependent_actions": [], "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:controlcatalog:::common-control/${CommonControlId}", - "condition_keys": [], - "resource": "common-control" - }, - { - "arn": "arn:${Partition}:controlcatalog:::control/${ControlId}", - "condition_keys": [], - "resource": "control" - }, - { - "arn": "arn:${Partition}:controlcatalog:::domain/${DomainId}", - "condition_keys": [], - "resource": "domain" - }, - { - "arn": "arn:${Partition}:controlcatalog:::objective/${ObjectiveId}", - "condition_keys": [], - "resource": "objective" - } - ], - "service_name": "AWS Control Catalog" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", - "type": "String" }, { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", - "type": "ArrayOfString" - } - ], - "prefix": "controltower", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to create a landing zone", - "privilege": "CreateLandingZone", + "access_level": "Tagging", + "description": "Grants permission to untag an Amazon Connect resource", + "privilege": "UntagResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "agent-status" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-evaluation" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-flow" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-flow-module" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "customer-managed-view" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "email-address" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "evaluation-form" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "hierarchy-group" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "hours-of-operation" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "instance" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "integration-association" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "phone-number" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "prompt" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "queue" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "quick-connect" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "routing-profile" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rule" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "security-profile" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "task-template" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "traffic-distribution-group" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "use-case" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "user" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "vocabulary" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "wildcard-phone-number" + }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", "aws:TagKeys" ], - "dependent_actions": [ - "controltower:TagResource" - ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create an account managed by AWS Control Tower", - "privilege": "CreateManagedAccount", + "description": "Grants permission to update agent status in an Amazon Connect instance", + "privilege": "UpdateAgentStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "agent-status*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete AWS Control Tower landing zone", - "privilege": "DeleteLandingZone", + "description": "Grants permission to update authentication profile resources in an Amazon Connect instance", + "privilege": "UpdateAuthenticationProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "LandingZone*" + "resource_type": "authentication-profile*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to deregister an account created through the account factory from AWS Control Tower", - "privilege": "DeregisterManagedAccount", + "description": "Grants permission to update a contact in an Amazon Connect instance", + "privilege": "UpdateContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "contact*" + }, + { + "condition_keys": [ + "connect:InstanceId", + "connect:ContactAssociationId", + "connect:Channel", + "connect:UserArn" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to deregister an organizational unit from AWS Control Tower management", - "privilege": "DeregisterOrganizationalUnit", + "description": "Grants permission to create or update the contact attributes associated with the specified contact", + "privilege": "UpdateContactAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "contact*" + }, + { + "condition_keys": [ + "connect:InstanceId", + "connect:ContactAssociationId", + "connect:Channel", + "connect:UserArn" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe the current account factory configuration", - "privilege": "DescribeAccountFactoryConfig", + "access_level": "Write", + "description": "Grants permission to update details about a contact evaluation in the specified Amazon Connect instance. A contact evaluation must be in the draft state. Answers included in the request are merged with existing answers for the given evaluation. An answer or note can be deleted by passing an empty object ( { }) to the question identifier", + "privilege": "UpdateContactEvaluation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "contact-evaluation*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe resources managed by core accounts in AWS Control Tower", - "privilege": "DescribeCoreService", + "access_level": "Write", + "description": "Grants permission to update contact flow content in an Amazon Connect instance", + "privilege": "UpdateContactFlowContent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "contact-flow*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId", + "connect:FlowType" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a guardrail", - "privilege": "DescribeGuardrail", + "access_level": "Write", + "description": "Grants permission to update the metadata of a contact flow in an Amazon Connect instance", + "privilege": "UpdateContactFlowMetadata", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "contact-flow*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId", + "connect:FlowType" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a guardrail for a organizational unit", - "privilege": "DescribeGuardrailForTarget", + "access_level": "Write", + "description": "Grants permission to update contact flow module content in an Amazon Connect instance", + "privilege": "UpdateContactFlowModuleContent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "contact-flow-module*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe the current Landing Zone configuration", - "privilege": "DescribeLandingZoneConfiguration", + "access_level": "Write", + "description": "Grants permission to update the metadata of a contact flow module in an Amazon Connect instance", + "privilege": "UpdateContactFlowModuleMetadata", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "contact-flow-module*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe an account created through account factory", - "privilege": "DescribeManagedAccount", + "access_level": "Write", + "description": "Grants permission to update the name and description of a contact flow in an Amazon Connect instance", + "privilege": "UpdateContactFlowName", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "contact-flow*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId", + "connect:FlowType" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe an AWS Organizations organizational unit managed by AWS Control Tower", - "privilege": "DescribeManagedOrganizationalUnit", + "access_level": "Write", + "description": "Grants permission to update routing properties on a contact in an Amazon Connect instance", + "privilege": "UpdateContactRoutingData", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "contact*" + }, + { + "condition_keys": [ + "connect:InstanceId", + "connect:ContactAssociationId", + "connect:Channel", + "connect:UserArn" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a Register Organizational Unit Operation", - "privilege": "DescribeRegisterOrganizationalUnitOperation", + "access_level": "Write", + "description": "Grants permission to update the schedule of a contact that is already scheduled in an Amazon Connect instance", + "privilege": "UpdateContactSchedule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "contact*" + }, + { + "condition_keys": [ + "connect:InstanceId", + "connect:ContactAssociationId", + "connect:Channel", + "connect:UserArn" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe the current AWS Control Tower IAM Identity Center configuration", - "privilege": "DescribeSingleSignOn", + "access_level": "Write", + "description": "Grants permission to update the metadata of an email address resource in an Amazon Connect instance", + "privilege": "UpdateEmailAddressMetadata", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "email-address*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to disable a Baseline on a target", - "privilege": "DisableBaseline", + "description": "Grants permission to update details about a specific evaluation form version in the specified Amazon Connect instance. Question and section identifiers cannot be duplicated within the same evaluation form", + "privilege": "UpdateEvaluationForm", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "EnabledBaseline*" + "resource_type": "evaluation-form*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to remove a control from an organizational unit", - "privilege": "DisableControl", + "description": "Grants permission to update hours of operation in an Amazon Connect instance", + "privilege": "UpdateHoursOfOperation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "EnabledControl*" + "resource_type": "hours-of-operation*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to disable a guardrail from an organizational unit", - "privilege": "DisableGuardrail", + "description": "Grants permission to update an hours of operation override in an Amazon Connect instance", + "privilege": "UpdateHoursOfOperationOverride", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "hours-of-operation*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to enable a Baseline on a target", - "privilege": "EnableBaseline", + "description": "Grants permission to update the attribute for an existing Amazon Connect instance", + "privilege": "UpdateInstanceAttribute", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [ - "controltower:TagResource" + "ds:DescribeDirectories", + "iam:AttachRolePolicy", + "iam:CreateServiceLinkedRole", + "iam:PutRolePolicy", + "logs:CreateLogGroup" + ], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:AttributeType", + "connect:InstanceId" ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to activate a control for an organizational unit", - "privilege": "EnableControl", + "description": "Grants permission to update the storage configuration for an existing Amazon Connect instance", + "privilege": "UpdateInstanceStorageConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "controltower:TagResource" + "ds:DescribeDirectories", + "firehose:DescribeDeliveryStream", + "iam:AttachRolePolicy", + "iam:CreateServiceLinkedRole", + "iam:PutRolePolicy", + "kinesis:DescribeStream", + "kms:CreateGrant", + "kms:DescribeKey", + "s3:GetBucketAcl", + "s3:GetBucketLocation" ], - "resource_type": "EnabledControl" + "resource_type": "instance*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "connect:StorageResourceType", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -72340,441 +76855,551 @@ }, { "access_level": "Write", - "description": "Grants permission to enable a guardrail to an organizational unit", - "privilege": "EnableGuardrail", + "description": "Grants permission to update and continue authentication for a specific contact", + "privilege": "UpdateParticipantAuthentication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe an account email and validate that it exists", - "privilege": "GetAccountInfo", + "access_level": "Write", + "description": "Grants permission to update participant role configurations associated with a contact", + "privilege": "UpdateParticipantRoleConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list available updates for the current AWS Control Tower deployment", - "privilege": "GetAvailableUpdates", - "resource_types": [ + "resource_type": "contact*" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get Baseline details", - "privilege": "GetBaseline", + "access_level": "Write", + "description": "Grants permission to update phone number resources in an Amazon Connect instance or traffic distribution group", + "privilege": "UpdatePhoneNumber", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Baseline*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get the current status of a particular Baseline operation", - "privilege": "GetBaselineOperation", - "resource_types": [ + "resource_type": "instance*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get the current status of a particular EnabledControl or DisableControl operation", - "privilege": "GetControlOperation", - "resource_types": [ + "resource_type": "phone-number*" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "traffic-distribution-group*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get an enabled Baseline", - "privilege": "GetEnabledBaseline", + "access_level": "Write", + "description": "Grants permission to update the metadata of a phone number resource in an Amazon Connect instance or traffic distribution group", + "privilege": "UpdatePhoneNumberMetadata", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "EnabledBaseline*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get an enabled control from an organizational unit", - "privilege": "GetEnabledControl", - "resource_types": [ + "resource_type": "phone-number*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "EnabledControl*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the current compliance status of a guardrail", - "privilege": "GetGuardrailComplianceStatus", + "access_level": "Write", + "description": "Grants permission to update a predefined attribute in an Amazon Connect instance", + "privilege": "UpdatePredefinedAttribute", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the home region of the AWS Control Tower setup", - "privilege": "GetHomeRegion", + "access_level": "Write", + "description": "Grants permission to update a prompt's name, description, and Amazon S3 URI in an Amazon Connect instance", + "privilege": "UpdatePrompt", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "kms:Decrypt", + "s3:GetObject", + "s3:GetObjectAcl" + ], + "resource_type": "prompt*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the current status of the landing zone setup", - "privilege": "GetLandingZone", + "access_level": "Write", + "description": "Grants permission to update queue hours of operation in an Amazon Connect instance", + "privilege": "UpdateQueueHoursOfOperation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "LandingZone*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get the current landing zone drift status", - "privilege": "GetLandingZoneDriftStatus", - "resource_types": [ + "resource_type": "hours-of-operation*" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "queue*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the current status of a particular landing zone operation", - "privilege": "GetLandingZoneOperation", + "access_level": "Write", + "description": "Grants permission to update queue capacity in an Amazon Connect instance", + "privilege": "UpdateQueueMaxContacts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "queue*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the current status of the landing zone setup", - "privilege": "GetLandingZoneStatus", + "access_level": "Write", + "description": "Grants permission to update a queue name and description in an Amazon Connect instance", + "privilege": "UpdateQueueName", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "queue*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list Baselines", - "privilege": "ListBaselines", + "access_level": "Write", + "description": "Grants permission to update queue outbound caller config in an Amazon Connect instance", + "privilege": "UpdateQueueOutboundCallerConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list all control operations", - "privilege": "ListControlOperations", - "resource_types": [ + "resource_type": "queue*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list the current directory groups available through IAM Identity Center", - "privilege": "ListDirectoryGroups", - "resource_types": [ + "resource_type": "contact-flow" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "phone-number" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list occurrences of drift in AWS Control Tower", - "privilege": "ListDriftDetails", + "access_level": "Write", + "description": "Grants permission to update the outbound email configuration for a queue in an Amazon Connect instance", + "privilege": "UpdateQueueOutboundEmailConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "queue*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list enabled Baselines", - "privilege": "ListEnabledBaselines", + "access_level": "Write", + "description": "Grants permission to update queue status in an Amazon Connect instance", + "privilege": "UpdateQueueStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "queue*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all enabled controls in a specified organizational unit", - "privilege": "ListEnabledControls", + "access_level": "Write", + "description": "Grants permission to update the configuration of a quick connect in an Amazon Connect instance", + "privilege": "UpdateQuickConnectConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list currently enabled guardrails", - "privilege": "ListEnabledGuardrails", - "resource_types": [ + "resource_type": "quick-connect*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list Precheck details for an Organizational Unit", - "privilege": "ListExtendGovernancePrecheckDetails", - "resource_types": [ + "resource_type": "contact-flow" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list the compliance of external AWS Config rules", - "privilege": "ListExternalConfigRuleCompliance", - "resource_types": [ + "resource_type": "queue" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "user" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list existing guardrail violations", - "privilege": "ListGuardrailViolations", + "access_level": "Write", + "description": "Grants permission to update a quick connect name and description in an Amazon Connect instance", + "privilege": "UpdateQuickConnectName", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "quick-connect*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all available guardrails", - "privilege": "ListGuardrails", + "access_level": "Write", + "description": "Grants permission to update a routing profile agent availability timer in an Amazon Connect instance", + "privilege": "UpdateRoutingProfileAgentAvailabilityTimer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "routing-profile*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list guardrails and their current state for a organizational unit", - "privilege": "ListGuardrailsForTarget", + "access_level": "Write", + "description": "Grants permission to update the concurrency in a routing profile in an Amazon Connect instance", + "privilege": "UpdateRoutingProfileConcurrency", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "routing-profile*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all landing zone operations", - "privilege": "ListLandingZoneOperations", + "access_level": "Write", + "description": "Grants permission to update the outbound queue in a routing profile in an Amazon Connect instance", + "privilege": "UpdateRoutingProfileDefaultOutboundQueue", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "queue*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "routing-profile*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all landing zones", - "privilege": "ListLandingZones", + "access_level": "Write", + "description": "Grants permission to update a routing profile name and description in an Amazon Connect instance", + "privilege": "UpdateRoutingProfileName", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "routing-profile*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list accounts managed through AWS Control Tower", - "privilege": "ListManagedAccounts", + "access_level": "Write", + "description": "Grants permission to update the queues in routing profile in an Amazon Connect instance", + "privilege": "UpdateRoutingProfileQueues", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "routing-profile*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list managed accounts with a specified guardrail applied", - "privilege": "ListManagedAccountsForGuardrail", + "access_level": "Write", + "description": "Grants permission to update a rule for an existing Amazon Connect instance", + "privilege": "UpdateRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "rule*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list managed accounts under an organizational unit", - "privilege": "ListManagedAccountsForParent", + "access_level": "Write", + "description": "Grants permission to update a security profile group for a user in an Amazon Connect instance", + "privilege": "UpdateSecurityProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "security-profile*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list organizational units managed by AWS Control Tower", - "privilege": "ListManagedOrganizationalUnits", + "access_level": "Write", + "description": "Grants permission to update task template belonging to a Amazon Connect instance", + "privilege": "UpdateTaskTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "task-template*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list managed organizational units that have a specified guardrail applied", - "privilege": "ListManagedOrganizationalUnitsForGuardrail", + "access_level": "Write", + "description": "Grants permission to update traffic distribution for a traffic distribution group", + "privilege": "UpdateTrafficDistribution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "traffic-distribution-group*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list the tags for a resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to update a hierarchy group for a user in an Amazon Connect instance", + "privilege": "UpdateUserHierarchy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "EnabledBaseline" + "resource_type": "user*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "EnabledControl" + "resource_type": "hierarchy-group" }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], "dependent_actions": [], - "resource_type": "LandingZone" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to set up an organizational unit to be managed by AWS Control Tower", - "privilege": "ManageOrganizationalUnit", + "description": "Grants permission to update a user hierarchy group name in an Amazon Connect instance", + "privilege": "UpdateUserHierarchyGroupName", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to perform validations in an account", - "privilege": "PerformPreLaunchChecks", - "resource_types": [ + "resource_type": "hierarchy-group*" + }, { - "condition_keys": [], + "condition_keys": [ + "connect:InstanceId" + ], "dependent_actions": [], "resource_type": "" } @@ -72782,76 +77407,81 @@ }, { "access_level": "Write", - "description": "Grants permission to reset an enabled Baseline", - "privilege": "ResetEnabledBaseline", + "description": "Grants permission to update user hierarchy structure in an Amazon Connect instance", + "privilege": "UpdateUserHierarchyStructure", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "EnabledBaseline*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to reset an enabled control for an organizational unit", - "privilege": "ResetEnabledControl", - "resource_types": [ + "resource_type": "instance*" + }, { - "condition_keys": [], + "condition_keys": [ + "connect:InstanceId" + ], "dependent_actions": [], - "resource_type": "EnabledControl*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to reset a landing zone", - "privilege": "ResetLandingZone", + "description": "Grants permission to update identity information for a user in an Amazon Connect instance", + "privilege": "UpdateUserIdentityInfo", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "LandingZone*" + "resource_type": "user*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to set up or update AWS Control Tower landing zone", - "privilege": "SetupLandingZone", + "description": "Grants permission to update phone configuration settings for a user in an Amazon Connect instance", + "privilege": "UpdateUserPhoneConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "user*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add tags to a resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to update user proficiencies from a user in an Amazon Connect instance", + "privilege": "UpdateUserProficiencies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "EnabledBaseline" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "EnabledControl" + "resource_type": "instance*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "LandingZone" + "resource_type": "user*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -72859,28 +77489,24 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from a resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to update a routing profile for a user in an Amazon Connect instance", + "privilege": "UpdateUserRoutingProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "EnabledBaseline" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "EnabledControl" + "resource_type": "routing-profile*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "LandingZone" + "resource_type": "user*" }, { "condition_keys": [ - "aws:TagKeys" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -72889,155 +77515,405 @@ }, { "access_level": "Write", - "description": "Grants permission to update the account factory configuration", - "privilege": "UpdateAccountFactoryConfig", + "description": "Grants permission to update security profiles for a user in an Amazon Connect instance", + "privilege": "UpdateUserSecurityProfiles", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update an enabled Baseline", - "privilege": "UpdateEnabledBaseline", - "resource_types": [ + "resource_type": "security-profile*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "EnabledBaseline*" + "resource_type": "user*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update an enabled control for an organizational unit", - "privilege": "UpdateEnabledControl", + "description": "Grants permission to update a view's content in an Amazon Connect instance", + "privilege": "UpdateViewContent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "EnabledControl*" + "resource_type": "customer-managed-view*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a landing zone", - "privilege": "UpdateLandingZone", + "description": "Grants permission to update a view's metadata in an Amazon Connect instance", + "privilege": "UpdateViewMetadata", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "LandingZone*" + "resource_type": "customer-managed-view*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] } ], "resources": [ { - "arn": "arn:${Partition}:controltower:${Region}:${Account}:enabledcontrol/${EnabledControlId}", + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "EnabledControl" + "resource": "instance" }, { - "arn": "arn:${Partition}:controltower:${Region}::baseline/${BaselineId}", + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/contact/${ContactId}", "condition_keys": [], - "resource": "Baseline" + "resource": "contact" }, { - "arn": "arn:${Partition}:controltower:${Region}:${Account}:enabledbaseline/${EnabledBaselineId}", + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/agent/${UserId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "EnabledBaseline" + "resource": "user" }, { - "arn": "arn:${Partition}:controltower:${Region}:${Account}:landingzone/${LandingZoneId}", + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/routing-profile/${RoutingProfileId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "LandingZone" + "resource": "routing-profile" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/security-profile/${SecurityProfileId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "security-profile" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/authentication-profile/${AuthenticationProfileId}", + "condition_keys": [], + "resource": "authentication-profile" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/agent-group/${HierarchyGroupId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "hierarchy-group" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/queue/${QueueId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "queue" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/queue/*", + "condition_keys": [], + "resource": "wildcard-queue" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/transfer-destination/${QuickConnectId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "quick-connect" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/transfer-destination/*", + "condition_keys": [], + "resource": "wildcard-quick-connect" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/contact-flow/${ContactFlowId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "contact-flow" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/task-template/${TaskTemplateId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "task-template" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/flow-module/${ContactFlowModuleId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "contact-flow-module" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/contact-flow/*", + "condition_keys": [], + "resource": "wildcard-contact-flow" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/operating-hours/${HoursOfOperationId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "hours-of-operation" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/agent-state/${AgentStatusId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "agent-status" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/agent-state/*", + "condition_keys": [], + "resource": "wildcard-agent-status" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/phone-number/${PhoneNumberId}", + "condition_keys": [], + "resource": "legacy-phone-number" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/phone-number/*", + "condition_keys": [], + "resource": "wildcard-legacy-phone-number" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:phone-number/${PhoneNumberId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "phone-number" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:phone-number/*", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "wildcard-phone-number" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/integration-association/${IntegrationAssociationId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "integration-association" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/use-case/${UseCaseId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "use-case" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/vocabulary/${VocabularyId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "vocabulary" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:traffic-distribution-group/${TrafficDistributionGroupId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "traffic-distribution-group" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/rule/${RuleId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "rule" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/evaluation-form/${FormId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "evaluation-form" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/contact-evaluation/${EvaluationId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "contact-evaluation" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/prompt/${PromptId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "prompt" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/view/${ViewId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "customer-managed-view" + }, + { + "arn": "arn:${Partition}:connect:${Region}:aws:view/${ViewId}", + "condition_keys": [], + "resource": "aws-managed-view" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/view/${ViewId}:${ViewQualifier}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "qualified-customer-managed-view" + }, + { + "arn": "arn:${Partition}:connect:${Region}:aws:view/${ViewId}:${ViewQualifier}", + "condition_keys": [], + "resource": "qualified-aws-managed-view" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/view/${ViewId}:${ViewVersion}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "customer-managed-view-version" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/file/${FileId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "attached-file" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/email-address/${EmailAddressId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "email-address" } ], - "service_name": "AWS Control Tower" + "service_name": "Amazon Connect" }, { - "conditions": [], - "prefix": "cost-optimization-hub", + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by actions based on the presence of tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by actions based on tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by actions based on the presence of tag keys in the request", + "type": "ArrayOfString" + } + ], + "prefix": "connect-campaigns", "privileges": [ { - "access_level": "Read", - "description": "Grants permission to get preferences", - "privilege": "GetPreferences", + "access_level": "Write", + "description": "Grants permission to create a campaign", + "privilege": "CreateCampaign", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "campaign*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get resource configuration and estimated cost impact for a recommendation", - "privilege": "GetRecommendation", + "access_level": "Write", + "description": "Grants permission to delete a campaign", + "privilege": "DeleteCampaign", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "campaign*" } ] }, { - "access_level": "List", - "description": "Grants permission to list enrollment statuses for the specified account or all members under a management account", - "privilege": "ListEnrollmentStatuses", + "access_level": "Write", + "description": "Grants permission to delete the channel subtype configuration of a campaign", + "privilege": "DeleteCampaignChannelSubtypeConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "campaign*" } ] }, { - "access_level": "List", - "description": "Grants permission to list recommendation summaries by group", - "privilege": "ListRecommendationSummaries", + "access_level": "Write", + "description": "Grants permission to delete the communication limits configuration of a campaign", + "privilege": "DeleteCampaignCommunicationLimits", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "cost-optimization-hub:GetRecommendation" - ], - "resource_type": "" + "dependent_actions": [], + "resource_type": "campaign*" } ] }, { - "access_level": "List", - "description": "Grants permission to list summary view of recommendations", - "privilege": "ListRecommendations", + "access_level": "Write", + "description": "Grants permission to delete the communication time configuration of a campaign", + "privilege": "DeleteCampaignCommunicationTime", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "cost-optimization-hub:GetRecommendation" - ], - "resource_type": "" + "dependent_actions": [], + "resource_type": "campaign*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the enrollment status", - "privilege": "UpdateEnrollmentStatus", + "description": "Grants permission to remove configuration information for an Amazon Connect instance", + "privilege": "DeleteConnectInstanceConfig", "resource_types": [ { "condition_keys": [], @@ -73048,8 +77924,8 @@ }, { "access_level": "Write", - "description": "Grants permission to update preferences", - "privilege": "UpdatePreferences", + "description": "Grants permission to remove integration information for an Amazon Connect instance", + "privilege": "DeleteConnectInstanceIntegration", "resource_types": [ { "condition_keys": [], @@ -73057,83 +77933,80 @@ "resource_type": "" } ] - } - ], - "resources": [], - "service_name": "AWS Cost Optimization Hub" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", - "type": "String" }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", - "type": "ArrayOfString" - } - ], - "prefix": "cur", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to delete Cost and Usage Report Definition", - "privilege": "DeleteReportDefinition", + "description": "Grants permission to remove onboarding job for an Amazon Connect instance", + "privilege": "DeleteInstanceOnboardingJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cur*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get Cost and Usage Report Definitions", - "privilege": "DescribeReportDefinitions", + "description": "Grants permission to describe a specific campaign", + "privilege": "DescribeCampaign", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "campaign*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get Bills CSV report", - "privilege": "GetClassicReport", + "description": "Grants permission to get state of a campaign", + "privilege": "GetCampaignState", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "campaign*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get the classic report enablement status for Usage Reports", - "privilege": "GetClassicReportPreferences", + "description": "Grants permission to get state of campaigns", + "privilege": "GetCampaignStateBatch", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "campaign*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get list of AWS services, usage type and operation for the Usage Report workflow. Allows or denies download of usage reports too", - "privilege": "GetUsageReport", + "description": "Grants permission to get configuration information for an Amazon Connect instance", + "privilege": "GetConnectInstanceConfig", "resource_types": [ { "condition_keys": [], @@ -73144,73 +78017,66 @@ }, { "access_level": "Read", - "description": "Grants permission to list tags for a resource", - "privilege": "ListTagsForResource", + "description": "Grants permission to get the communication limits configuration of an Amazon Connect instance", + "privilege": "GetInstanceCommunicationLimits", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cur*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to modify Cost and Usage Report Definition", - "privilege": "ModifyReportDefinition", + "access_level": "Read", + "description": "Grants permission to get onboarding job status for an Amazon Connect instance", + "privilege": "GetInstanceOnboardingJobStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cur*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to enable classic reports", - "privilege": "PutClassicReportPreferences", + "access_level": "List", + "description": "Grants permission to provide summary of all campaigns", + "privilege": "ListCampaigns", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to write Cost and Usage Report Definition", - "privilege": "PutReportDefinition", + "access_level": "List", + "description": "Grants permission to provide summary of all integrations with an Amazon Connect instance", + "privilege": "ListConnectInstanceIntegrations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cur*" + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag a resource", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to list tags for a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cur*" + "resource_type": "campaign" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], @@ -73219,29 +78085,21 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag a resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to pause a campaign", + "privilege": "PauseCampaign", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cur*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "campaign*" } ] }, { - "access_level": "Read", - "description": "Grants permission to validates if the s3 bucket exists with appropriate permissions for CUR delivery", - "privilege": "ValidateReportDestination", + "access_level": "Write", + "description": "Grants permission to put an integration configuration with an Amazon Connect instance", + "privilege": "PutConnectInstanceIntegration", "resource_types": [ { "condition_keys": [], @@ -73249,37 +78107,23 @@ "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:cur:${Region}:${Account}:definition/${ReportName}", - "condition_keys": [], - "resource": "cur" - } - ], - "service_name": "AWS Cost and Usage Report" - }, - { - "conditions": [], - "prefix": "customer-verification", - "privileges": [ + }, { "access_level": "Write", - "description": "Grants permission to create customer verification data", - "privilege": "CreateCustomerVerificationDetails", + "description": "Grants permission to create dial requests for the specified campaign", + "privilege": "PutDialRequestBatch", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "campaign*" } ] }, { "access_level": "Write", - "description": "Grants permission to create upload URLs", - "privilege": "CreateUploadUrls", + "description": "Grants permission to put the communication limits configuration of an Amazon Connect instance", + "privilege": "PutInstanceCommunicationLimits", "resource_types": [ { "condition_keys": [], @@ -73289,87 +78133,60 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get customer verification data", - "privilege": "GetCustomerVerificationDetails", + "access_level": "Write", + "description": "Grants permission to create dial requests for the specified campaign", + "privilege": "PutOutboundRequestBatch", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "campaign*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get customer verification eligibility", - "privilege": "GetCustomerVerificationEligibility", + "access_level": "Write", + "description": "Grants permission to create profile outbound requests for the specified campaign", + "privilege": "PutProfileOutboundRequestBatch", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "campaign*" } ] }, { "access_level": "Write", - "description": "Grants permission to update customer verification data", - "privilege": "UpdateCustomerVerificationDetails", + "description": "Grants permission to resume a campaign", + "privilege": "ResumeCampaign", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "campaign*" } ] - } - ], - "resources": [], - "service_name": "AWS Customer Verification Service" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", - "type": "String" }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", - "type": "ArrayOfString" - } - ], - "prefix": "databrew", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to delete one or more recipe versions", - "privilege": "BatchDeleteRecipeVersion", + "description": "Grants permission to start a campaign", + "privilege": "StartCampaign", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Recipe*" + "resource_type": "campaign*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a dataset", - "privilege": "CreateDataset", + "description": "Grants permission to start onboarding job for an Amazon Connect instance", + "privilege": "StartInstanceOnboardingJob", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -73377,28 +78194,30 @@ }, { "access_level": "Write", - "description": "Grants permission to create a profile job", - "privilege": "CreateProfileJob", + "description": "Grants permission to stop a campaign", + "privilege": "StopCampaign", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "campaign*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a project", - "privilege": "CreateProject", + "access_level": "Tagging", + "description": "Grants permission to tag a resource", + "privilege": "TagResource", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "condition_keys": [], + "dependent_actions": [], + "resource_type": "campaign*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -73406,13 +78225,17 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a recipe", - "privilege": "CreateRecipe", + "access_level": "Tagging", + "description": "Grants permission to untag a resource", + "privilege": "UntagResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "campaign*" + }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -73422,233 +78245,262 @@ }, { "access_level": "Write", - "description": "Grants permission to create a recipe job", - "privilege": "CreateRecipeJob", + "description": "Grants permission to update the channel subtype configuration of a campaign", + "privilege": "UpdateCampaignChannelSubtypeConfig", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "campaign*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a ruleset", - "privilege": "CreateRuleset", + "description": "Grants permission to update the communication limits configuration of a campaign", + "privilege": "UpdateCampaignCommunicationLimits", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "campaign*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a schedule", - "privilege": "CreateSchedule", + "description": "Grants permission to update the communication time configuration of a campaign", + "privilege": "UpdateCampaignCommunicationTime", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "campaign*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a dataset", - "privilege": "DeleteDataset", + "description": "Grants permission to update the dialer configuration of a campaign", + "privilege": "UpdateCampaignDialerConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Dataset*" + "resource_type": "campaign*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a job", - "privilege": "DeleteJob", + "description": "Grants permission to update the flow association of a campaign", + "privilege": "UpdateCampaignFlowAssociation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Job*" + "resource_type": "campaign*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a project", - "privilege": "DeleteProject", + "description": "Grants permission to update the name of a campaign", + "privilege": "UpdateCampaignName", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Project*" + "resource_type": "campaign*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a recipe version", - "privilege": "DeleteRecipeVersion", + "description": "Grants permission to update the outbound call configuration of a campaign", + "privilege": "UpdateCampaignOutboundCallConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Recipe*" + "resource_type": "campaign*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a ruleset", - "privilege": "DeleteRuleset", + "description": "Grants permission to update the schedule of a campaign", + "privilege": "UpdateCampaignSchedule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Ruleset*" + "resource_type": "campaign*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a schedule", - "privilege": "DeleteSchedule", + "description": "Grants permission to update the source of a campaign", + "privilege": "UpdateCampaignSource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Schedule*" + "resource_type": "campaign*" } ] - }, + } + ], + "resources": [ + { + "arn": "arn:${Partition}:connect-campaigns:${Region}:${Account}:campaign/${CampaignId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "campaign" + } + ], + "service_name": "Amazon Connect Outbound Campaigns" + }, + { + "conditions": [], + "prefix": "consoleapp", + "privileges": [ { "access_level": "Read", - "description": "Grants permission to view details about a dataset", - "privilege": "DescribeDataset", + "description": "Grants permission to retrieve the device identity for a Console Mobile App device", + "privilege": "GetDeviceIdentity", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Dataset*" + "resource_type": "DeviceIdentity*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view details about a job", - "privilege": "DescribeJob", + "access_level": "List", + "description": "Grants permission to retrieve a list of device identities", + "privilege": "ListDeviceIdentities", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Job*" + "resource_type": "" } ] - }, + } + ], + "resources": [ + { + "arn": "arn:${Partition}:consoleapp::${Account}:device/${DeviceId}/identity/${IdentityId}", + "condition_keys": [], + "resource": "DeviceIdentity" + } + ], + "service_name": "AWS Management Console Mobile App" + }, + { + "conditions": [], + "prefix": "consolidatedbilling", + "privileges": [ { "access_level": "Read", - "description": "Grants permission to view details about job run for a given job", - "privilege": "DescribeJobRun", + "description": "Grants permission to get account role (Payer, Linked, Regular)", + "privilege": "GetAccountBillingRole", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Job*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view details about a project", - "privilege": "DescribeProject", + "access_level": "List", + "description": "Grants permission to get list of member/linked accounts", + "privilege": "ListLinkedAccounts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Project*" + "resource_type": "" } ] - }, + } + ], + "resources": [], + "service_name": "AWS Consolidated Billing" + }, + { + "conditions": [], + "prefix": "controlcatalog", + "privileges": [ { "access_level": "Read", - "description": "Grants permission to view details about a recipe", - "privilege": "DescribeRecipe", + "description": "Grants permission to return details about a specific control", + "privilege": "GetControl", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Recipe*" + "resource_type": "control*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view details about a ruleset", - "privilege": "DescribeRuleset", + "access_level": "List", + "description": "Grants permission to return a paginated list of common controls from the AWS Control Catalog", + "privilege": "ListCommonControls", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Ruleset*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view details about a schedule", - "privilege": "DescribeSchedule", + "access_level": "List", + "description": "Grants permission to return a paginated list of control mappings from the AWS Control Catalog", + "privilege": "ListControlMappings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Schedule*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list datasets in your account", - "privilege": "ListDatasets", + "access_level": "List", + "description": "Grants permission to return a paginated list of all available controls in the AWS Control Catalog library", + "privilege": "ListControls", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "control*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list job runs for a given job", - "privilege": "ListJobRuns", + "access_level": "List", + "description": "Grants permission to return a paginated list of domains from the AWS Control Catalog", + "privilege": "ListDomains", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Job*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list jobs in your account", - "privilege": "ListJobs", + "access_level": "List", + "description": "Grants permission to return a paginated list of objectives from the AWS Control Catalog", + "privilege": "ListObjectives", "resource_types": [ { "condition_keys": [], @@ -73656,11 +78508,73 @@ "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:controlcatalog:::common-control/${CommonControlId}", + "condition_keys": [], + "resource": "common-control" }, { - "access_level": "Read", - "description": "Grants permission to list projects in your account", - "privilege": "ListProjects", + "arn": "arn:${Partition}:controlcatalog:::control/${ControlId}", + "condition_keys": [], + "resource": "control" + }, + { + "arn": "arn:${Partition}:controlcatalog:::domain/${DomainId}", + "condition_keys": [], + "resource": "domain" + }, + { + "arn": "arn:${Partition}:controlcatalog:::objective/${ObjectiveId}", + "condition_keys": [], + "resource": "objective" + } + ], + "service_name": "AWS Control Catalog" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "controltower", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create a landing zone", + "privilege": "CreateLandingZone", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "controltower:TagResource" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an account managed by AWS Control Tower", + "privilege": "CreateManagedAccount", "resource_types": [ { "condition_keys": [], @@ -73670,21 +78584,21 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list versions in your recipe", - "privilege": "ListRecipeVersions", + "access_level": "Write", + "description": "Grants permission to delete AWS Control Tower landing zone", + "privilege": "DeleteLandingZone", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Recipe*" + "resource_type": "LandingZone*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list recipes in your account", - "privilege": "ListRecipes", + "access_level": "Write", + "description": "Grants permission to deregister an account created through the account factory from AWS Control Tower", + "privilege": "DeregisterManagedAccount", "resource_types": [ { "condition_keys": [], @@ -73694,9 +78608,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list rulesets in your account", - "privilege": "ListRulesets", + "access_level": "Write", + "description": "Grants permission to deregister an organizational unit from AWS Control Tower management", + "privilege": "DeregisterOrganizationalUnit", "resource_types": [ { "condition_keys": [], @@ -73707,8 +78621,8 @@ }, { "access_level": "Read", - "description": "Grants permission to list schedules in your account", - "privilege": "ListSchedules", + "description": "Grants permission to describe the current account factory configuration", + "privilege": "DescribeAccountFactoryConfig", "resource_types": [ { "condition_keys": [], @@ -73719,183 +78633,168 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve tags associated with a resource", - "privilege": "ListTagsForResource", + "description": "Grants permission to describe resources managed by core accounts in AWS Control Tower", + "privilege": "DescribeCoreService", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Dataset" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe a guardrail", + "privilege": "DescribeGuardrail", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Job" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe a guardrail for a organizational unit", + "privilege": "DescribeGuardrailForTarget", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Project" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe the current Landing Zone configuration", + "privilege": "DescribeLandingZoneConfiguration", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Recipe" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe an account created through account factory", + "privilege": "DescribeManagedAccount", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Ruleset" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe an AWS Organizations organizational unit managed by AWS Control Tower", + "privilege": "DescribeManagedOrganizationalUnit", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Schedule" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to publish a major verison of a recipe", - "privilege": "PublishRecipe", + "access_level": "Read", + "description": "Grants permission to describe a Register Organizational Unit Operation", + "privilege": "DescribeRegisterOrganizationalUnitOperation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Recipe*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to submit an action to the interactive session for a project", - "privilege": "SendProjectSessionAction", + "access_level": "Read", + "description": "Grants permission to describe the current AWS Control Tower IAM Identity Center configuration", + "privilege": "DescribeSingleSignOn", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Project*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start running a job", - "privilege": "StartJobRun", + "description": "Grants permission to disable a Baseline on a target", + "privilege": "DisableBaseline", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Job*" + "resource_type": "EnabledBaseline*" } ] }, { "access_level": "Write", - "description": "Grants permission to start an interactive session for a project", - "privilege": "StartProjectSession", + "description": "Grants permission to remove a control from an organizational unit", + "privilege": "DisableControl", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Project*" + "resource_type": "EnabledControl*" } ] }, { "access_level": "Write", - "description": "Grants permission to stop a job run for a job", - "privilege": "StopJobRun", + "description": "Grants permission to disable a guardrail from an organizational unit", + "privilege": "DisableGuardrail", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Job*" + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add tags to a resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to enable a Baseline on a target", + "privilege": "EnableBaseline", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Dataset" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Job" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Project" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Recipe" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Ruleset" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Schedule" - }, { "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys" ], - "dependent_actions": [], + "dependent_actions": [ + "controltower:TagResource" + ], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags associated with a resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to activate a control for an organizational unit", + "privilege": "EnableControl", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "Dataset" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Job" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Project" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Recipe" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Ruleset" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Schedule" + "dependent_actions": [ + "controltower:TagResource" + ], + "resource_type": "EnabledControl" }, { "condition_keys": [ + "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -73905,232 +78804,140 @@ }, { "access_level": "Write", - "description": "Grants permission to modify a dataset", - "privilege": "UpdateDataset", + "description": "Grants permission to enable a guardrail to an organizational unit", + "privilege": "EnableGuardrail", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Dataset*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to modify a profile job", - "privilege": "UpdateProfileJob", + "access_level": "Read", + "description": "Grants permission to describe an account email and validate that it exists", + "privilege": "GetAccountInfo", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Job*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to modify a project", - "privilege": "UpdateProject", + "access_level": "Read", + "description": "Grants permission to list available updates for the current AWS Control Tower deployment", + "privilege": "GetAvailableUpdates", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Project*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to modify a recipe", - "privilege": "UpdateRecipe", + "access_level": "Read", + "description": "Grants permission to get Baseline details", + "privilege": "GetBaseline", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Recipe*" + "resource_type": "Baseline*" } ] }, { - "access_level": "Write", - "description": "Grants permission to modify a recipe job", - "privilege": "UpdateRecipeJob", + "access_level": "Read", + "description": "Grants permission to get the current status of a particular Baseline operation", + "privilege": "GetBaselineOperation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Job*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to modify a ruleset", - "privilege": "UpdateRuleset", + "access_level": "Read", + "description": "Grants permission to get the current status of a particular EnabledControl or DisableControl operation", + "privilege": "GetControlOperation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Ruleset*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to modify a schedule", - "privilege": "UpdateSchedule", + "access_level": "Read", + "description": "Grants permission to get an enabled Baseline", + "privilege": "GetEnabledBaseline", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Schedule*" + "resource_type": "EnabledBaseline*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:databrew:${Region}:${Account}:project/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Project" - }, - { - "arn": "arn:${Partition}:databrew:${Region}:${Account}:dataset/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Dataset" - }, - { - "arn": "arn:${Partition}:databrew:${Region}:${Account}:ruleset/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Ruleset" - }, - { - "arn": "arn:${Partition}:databrew:${Region}:${Account}:recipe/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Recipe" - }, - { - "arn": "arn:${Partition}:databrew:${Region}:${Account}:job/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Job" - }, - { - "arn": "arn:${Partition}:databrew:${Region}:${Account}:schedule/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Schedule" - } - ], - "service_name": "AWS Glue DataBrew" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the allowed set of values for each of the mandatory tags in the create request", - "type": "String" }, { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tag value associated with the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the presence of mandatory tags in the create request", - "type": "ArrayOfString" - }, - { - "condition": "dataexchange:JobType", - "description": "Filters access by the specified job type", - "type": "String" - } - ], - "prefix": "dataexchange", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to accept a data grant", - "privilege": "AcceptDataGrant", + "access_level": "Read", + "description": "Grants permission to get an enabled control from an organizational unit", + "privilege": "GetEnabledControl", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "data-grants*" + "resource_type": "EnabledControl*" } ] }, { - "access_level": "Write", - "description": "Grants permission to cancel a job", - "privilege": "CancelJob", + "access_level": "Read", + "description": "Grants permission to get the current compliance status of a guardrail", + "privilege": "GetGuardrailComplianceStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "jobs*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an asset (for example, in a Job)", - "privilege": "CreateAsset", + "access_level": "Read", + "description": "Grants permission to get the home region of the AWS Control Tower setup", + "privilege": "GetHomeRegion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "revisions*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a data grant", - "privilege": "CreateDataGrant", - "resource_types": [ - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "dataexchange:PublishToDataGrant" - ], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a data set", - "privilege": "CreateDataSet", + "access_level": "Read", + "description": "Grants permission to get the current status of the landing zone setup", + "privilege": "GetLandingZone", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "LandingZone*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an event action", - "privilege": "CreateEventAction", + "access_level": "Read", + "description": "Grants permission to get the current landing zone drift status", + "privilege": "GetLandingZoneDriftStatus", "resource_types": [ { "condition_keys": [], @@ -74140,9 +78947,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a job to import or export assets", - "privilege": "CreateJob", + "access_level": "Read", + "description": "Grants permission to get the current status of a particular landing zone operation", + "privilege": "GetLandingZoneOperation", "resource_types": [ { "condition_keys": [], @@ -74152,193 +78959,165 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a revision", - "privilege": "CreateRevision", + "access_level": "Read", + "description": "Grants permission to get the current status of the landing zone setup", + "privilege": "GetLandingZoneStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "data-sets*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an asset", - "privilege": "DeleteAsset", + "access_level": "List", + "description": "Grants permission to list Baselines", + "privilege": "ListBaselines", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "assets*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a data grant", - "privilege": "DeleteDataGrant", + "access_level": "List", + "description": "Grants permission to list all control operations", + "privilege": "ListControlOperations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "data-grants*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a data set", - "privilege": "DeleteDataSet", + "access_level": "List", + "description": "Grants permission to list the current directory groups available through IAM Identity Center", + "privilege": "ListDirectoryGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "data-sets*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "entitled-data-sets*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an event action", - "privilege": "DeleteEventAction", + "access_level": "Read", + "description": "Grants permission to list occurrences of drift in AWS Control Tower", + "privilege": "ListDriftDetails", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-actions*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a revision", - "privilege": "DeleteRevision", + "access_level": "List", + "description": "Grants permission to list enabled Baselines", + "privilege": "ListEnabledBaselines", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "revisions*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about an asset and to export it (for example, in a Job)", - "privilege": "GetAsset", + "access_level": "List", + "description": "Grants permission to list all enabled controls in a specified organizational unit", + "privilege": "ListEnabledControls", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "assets*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "entitled-assets*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a data grant", - "privilege": "GetDataGrant", + "access_level": "List", + "description": "Grants permission to list currently enabled guardrails", + "privilege": "ListEnabledGuardrails", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "data-grants*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about a data set", - "privilege": "GetDataSet", + "access_level": "List", + "description": "Grants permission to list Precheck details for an Organizational Unit", + "privilege": "ListExtendGovernancePrecheckDetails", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "data-sets*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "entitled-data-sets*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get an event action", - "privilege": "GetEventAction", + "description": "Grants permission to list the compliance of external AWS Config rules", + "privilege": "ListExternalConfigRuleCompliance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-actions*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about a job", - "privilege": "GetJob", + "access_level": "List", + "description": "Grants permission to list existing guardrail violations", + "privilege": "ListGuardrailViolations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "jobs*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a received data grant", - "privilege": "GetReceivedDataGrant", + "access_level": "List", + "description": "Grants permission to list all available guardrails", + "privilege": "ListGuardrails", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "data-grants*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about a revision", - "privilege": "GetRevision", + "access_level": "List", + "description": "Grants permission to list guardrails and their current state for a organizational unit", + "privilege": "ListGuardrailsForTarget", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "entitled-revisions*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "revisions*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list data grants for the account", - "privilege": "ListDataGrants", + "description": "Grants permission to list all landing zone operations", + "privilege": "ListLandingZoneOperations", "resource_types": [ { "condition_keys": [], @@ -74349,25 +79128,20 @@ }, { "access_level": "List", - "description": "Grants permission to list the revisions of a data set", - "privilege": "ListDataSetRevisions", + "description": "Grants permission to list all landing zones", + "privilege": "ListLandingZones", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "data-sets*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "entitled-data-sets*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list data sets for the account", - "privilege": "ListDataSets", + "description": "Grants permission to list accounts managed through AWS Control Tower", + "privilege": "ListManagedAccounts", "resource_types": [ { "condition_keys": [], @@ -74378,8 +79152,8 @@ }, { "access_level": "List", - "description": "Grants permission to list event actions for the account", - "privilege": "ListEventActions", + "description": "Grants permission to list managed accounts with a specified guardrail applied", + "privilege": "ListManagedAccountsForGuardrail", "resource_types": [ { "condition_keys": [], @@ -74390,8 +79164,8 @@ }, { "access_level": "List", - "description": "Grants permission to list jobs for the account", - "privilege": "ListJobs", + "description": "Grants permission to list managed accounts under an organizational unit", + "privilege": "ListManagedAccountsForParent", "resource_types": [ { "condition_keys": [], @@ -74402,8 +79176,8 @@ }, { "access_level": "List", - "description": "Grants permission to list received data grants for the account", - "privilege": "ListReceivedDataGrants", + "description": "Grants permission to list organizational units managed by AWS Control Tower", + "privilege": "ListManagedOrganizationalUnits", "resource_types": [ { "condition_keys": [], @@ -74414,147 +79188,129 @@ }, { "access_level": "List", - "description": "Grants permission to get list the assets of a revision", - "privilege": "ListRevisionAssets", + "description": "Grants permission to list managed organizational units that have a specified guardrail applied", + "privilege": "ListManagedOrganizationalUnitsForGuardrail", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "entitled-revisions*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "revisions*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the tags that you associated with the specified resource", + "access_level": "Read", + "description": "Grants permission to list the tags for a resource", "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "data-grants" + "resource_type": "EnabledBaseline" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "data-sets" + "resource_type": "EnabledControl" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "revisions" + "resource_type": "LandingZone" } ] }, { "access_level": "Write", - "description": "Grants permission to publish a data set to a product", - "privilege": "PublishDataSet", + "description": "Grants permission to set up an organizational unit to be managed by AWS Control Tower", + "privilege": "ManageOrganizationalUnit", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "data-sets*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to publish a data set to a data grant", - "privilege": "PublishToDataGrant", + "access_level": "Read", + "description": "Grants permission to perform validations in an account", + "privilege": "PerformPreLaunchChecks", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "data-sets*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to revoke subscriber access to a revision", - "privilege": "RevokeRevision", + "description": "Grants permission to reset an enabled Baseline", + "privilege": "ResetEnabledBaseline", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "revisions*" + "resource_type": "EnabledBaseline*" } ] }, { "access_level": "Write", - "description": "Grants permission to send a request to an API asset", - "privilege": "SendApiAsset", + "description": "Grants permission to reset an enabled control for an organizational unit", + "privilege": "ResetEnabledControl", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "assets*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "entitled-assets*" + "resource_type": "EnabledControl*" } ] }, { "access_level": "Write", - "description": "Grants permission to send a notification to subscribers of a data set", - "privilege": "SendDataSetNotification", + "description": "Grants permission to reset a landing zone", + "privilege": "ResetLandingZone", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "data-sets*" + "resource_type": "LandingZone*" } ] }, { "access_level": "Write", - "description": "Grants permission to start a job", - "privilege": "StartJob", + "description": "Grants permission to set up or update AWS Control Tower landing zone", + "privilege": "SetupLandingZone", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "dataexchange:CreateAsset", - "dataexchange:DeleteDataSet", - "dataexchange:GetAsset", - "dataexchange:GetDataSet", - "dataexchange:GetRevision", - "dataexchange:PublishDataSet", - "redshift:AuthorizeDataShare" - ], - "resource_type": "jobs*" + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Tagging", - "description": "Grants permission to add one or more tags to a specified resource", + "description": "Grants permission to add tags to a resource", "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "data-grants" + "resource_type": "EnabledBaseline" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "data-sets" + "resource_type": "EnabledControl" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "revisions" + "resource_type": "LandingZone" }, { "condition_keys": [ @@ -74568,23 +79324,23 @@ }, { "access_level": "Tagging", - "description": "Grants permission to remove one or more tags from a specified resource", + "description": "Grants permission to remove tags from a resource", "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "data-grants" + "resource_type": "EnabledBaseline" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "data-sets" + "resource_type": "EnabledControl" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "revisions" + "resource_type": "LandingZone" }, { "condition_keys": [ @@ -74597,314 +79353,251 @@ }, { "access_level": "Write", - "description": "Grants permission to get update information about an asset", - "privilege": "UpdateAsset", + "description": "Grants permission to update the account factory configuration", + "privilege": "UpdateAccountFactoryConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "assets*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update information about a data set", - "privilege": "UpdateDataSet", + "description": "Grants permission to update an enabled Baseline", + "privilege": "UpdateEnabledBaseline", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "data-sets*" + "resource_type": "EnabledBaseline*" } ] }, { "access_level": "Write", - "description": "Grants permission to update information for an event action", - "privilege": "UpdateEventAction", + "description": "Grants permission to update an enabled control for an organizational unit", + "privilege": "UpdateEnabledControl", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-actions*" + "resource_type": "EnabledControl*" } ] }, { "access_level": "Write", - "description": "Grants permission to update information about a revision", - "privilege": "UpdateRevision", + "description": "Grants permission to update a landing zone", + "privilege": "UpdateLandingZone", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "dataexchange:PublishDataSet", - "dataexchange:PublishToDataGrant" - ], - "resource_type": "revisions*" + "dependent_actions": [], + "resource_type": "LandingZone*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:dataexchange:${Region}:${Account}:jobs/${JobId}", - "condition_keys": [ - "dataexchange:JobType" - ], - "resource": "jobs" - }, - { - "arn": "arn:${Partition}:dataexchange:${Region}:${Account}:data-sets/${DataSetId}", + "arn": "arn:${Partition}:controltower:${Region}:${Account}:enabledcontrol/${EnabledControlId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "data-sets" + "resource": "EnabledControl" }, { - "arn": "arn:${Partition}:dataexchange:${Region}::data-sets/${DataSetId}", + "arn": "arn:${Partition}:controltower:${Region}::baseline/${BaselineId}", "condition_keys": [], - "resource": "entitled-data-sets" + "resource": "Baseline" }, { - "arn": "arn:${Partition}:dataexchange:${Region}:${Account}:data-sets/${DataSetId}/revisions/${RevisionId}", + "arn": "arn:${Partition}:controltower:${Region}:${Account}:enabledbaseline/${EnabledBaselineId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "revisions" - }, - { - "arn": "arn:${Partition}:dataexchange:${Region}::data-sets/${DataSetId}/revisions/${RevisionId}", - "condition_keys": [], - "resource": "entitled-revisions" - }, - { - "arn": "arn:${Partition}:dataexchange:${Region}:${Account}:data-sets/${DataSetId}/revisions/${RevisionId}/assets/${AssetId}", - "condition_keys": [], - "resource": "assets" - }, - { - "arn": "arn:${Partition}:dataexchange:${Region}::data-sets/${DataSetId}/revisions/${RevisionId}/assets/${AssetId}", - "condition_keys": [], - "resource": "entitled-assets" - }, - { - "arn": "arn:${Partition}:dataexchange:${Region}:${Account}:event-actions/${EventActionId}", - "condition_keys": [], - "resource": "event-actions" + "resource": "EnabledBaseline" }, { - "arn": "arn:${Partition}:dataexchange:${Region}:${Account}:data-grants/${DataGrantId}", + "arn": "arn:${Partition}:controltower:${Region}:${Account}:landingzone/${LandingZoneId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "data-grants" + "resource": "LandingZone" } ], - "service_name": "AWS Data Exchange" + "service_name": "AWS Control Tower" }, { - "conditions": [ + "conditions": [], + "prefix": "cost-optimization-hub", + "privileges": [ { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request", - "type": "String" + "access_level": "Read", + "description": "Grants permission to get preferences", + "privilege": "GetPreferences", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tag key-value pairs attached to the resource", - "type": "String" + "access_level": "Read", + "description": "Grants permission to get resource configuration and estimated cost impact for a recommendation", + "privilege": "GetRecommendation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "aws:TagKeys", - "description": "Filters access by the presence of tag keys in the request", - "type": "ArrayOfString" + "access_level": "List", + "description": "Grants permission to list enrollment statuses for the specified account or all members under a management account", + "privilege": "ListEnrollmentStatuses", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "datapipeline:PipelineCreator", - "description": "Filters access by the IAM user that created the pipeline", - "type": "ArrayOfString" - }, - { - "condition": "datapipeline:Tag/${TagKey}", - "description": "Filters access by customer-specified key/value pair that can be attached to a resource", - "type": "String" - }, - { - "condition": "datapipeline:workerGroup", - "description": "Filters access by the name of a worker group for which a Task Runner retrieves work", - "type": "ArrayOfString" - } - ], - "prefix": "datapipeline", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to validate the specified pipeline and starts processing pipeline tasks. If the pipeline does not pass validation, activation fails", - "privilege": "ActivatePipeline", + "access_level": "List", + "description": "Grants permission to list recommendation summaries by group", + "privilege": "ListRecommendationSummaries", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "pipeline*" - }, - { - "condition_keys": [ - "datapipeline:PipelineCreator", - "datapipeline:Tag/${TagKey}", - "datapipeline:workerGroup" + "dependent_actions": [ + "cost-optimization-hub:GetRecommendation" ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add or modify tags for the specified pipeline", - "privilege": "AddTags", + "access_level": "List", + "description": "Grants permission to list summary view of recommendations", + "privilege": "ListRecommendations", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "pipeline*" - }, - { - "condition_keys": [ - "datapipeline:PipelineCreator", - "datapipeline:Tag/${TagKey}", - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "dependent_actions": [ + "cost-optimization-hub:GetRecommendation" ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new, empty pipeline", - "privilege": "CreatePipeline", + "description": "Grants permission to update the enrollment status", + "privilege": "UpdateEnrollmentStatus", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "datapipeline:Tag/${TagKey}" - ], - "dependent_actions": [ - "datapipeline:AddTags" - ], + "condition_keys": [], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to Deactivate the specified running pipeline", - "privilege": "DeactivatePipeline", + "description": "Grants permission to update preferences", + "privilege": "UpdatePreferences", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" - }, - { - "condition_keys": [ - "datapipeline:PipelineCreator", - "datapipeline:Tag/${TagKey}", - "datapipeline:workerGroup" - ], - "dependent_actions": [], "resource_type": "" } ] + } + ], + "resources": [], + "service_name": "AWS Cost Optimization Hub" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "cur", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to delete a pipeline, its pipeline definition, and its run history", - "privilege": "DeletePipeline", + "description": "Grants permission to delete Cost and Usage Report Definition", + "privilege": "DeleteReportDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" - }, - { - "condition_keys": [ - "datapipeline:PipelineCreator", - "datapipeline:Tag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "cur*" } ] }, { "access_level": "Read", - "description": "Grants permission to get the object definitions for a set of objects associated with the pipeline", - "privilege": "DescribeObjects", + "description": "Grants permission to get Cost and Usage Report Definitions", + "privilege": "DescribeReportDefinitions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" - }, - { - "condition_keys": [ - "datapipeline:PipelineCreator", - "datapipeline:Tag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieves metadata about one or more pipelines", - "privilege": "DescribePipelines", + "description": "Grants permission to get Bills CSV report", + "privilege": "GetClassicReport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" - }, - { - "condition_keys": [ - "datapipeline:PipelineCreator", - "datapipeline:Tag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to task runners to call EvaluateExpression, to evaluate a string in the context of the specified object", - "privilege": "EvaluateExpression", + "description": "Grants permission to get the classic report enablement status for Usage Reports", + "privilege": "GetClassicReportPreferences", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" - }, - { - "condition_keys": [ - "datapipeline:PipelineCreator", - "datapipeline:Tag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to call GetAccountLimits", - "privilege": "GetAccountLimits", + "access_level": "Read", + "description": "Grants permission to get list of AWS services, usage type and operation for the Usage Report workflow. Allows or denies download of usage reports too", + "privilege": "GetUsageReport", "resource_types": [ { "condition_keys": [], @@ -74915,19 +79608,17 @@ }, { "access_level": "Read", - "description": "Grants permission to gets the definition of the specified pipeline", - "privilege": "GetPipelineDefinition", + "description": "Grants permission to list tags for a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "cur*" }, { "condition_keys": [ - "datapipeline:PipelineCreator", - "datapipeline:Tag/${TagKey}", - "datapipeline:workerGroup" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -74935,26 +79626,24 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the pipeline identifiers for all active pipelines that you have permission to access", - "privilege": "ListPipelines", + "access_level": "Write", + "description": "Grants permission to modify Cost and Usage Report Definition", + "privilege": "ModifyReportDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "cur*" } ] }, { "access_level": "Write", - "description": "Grants permission to task runners to call PollForTask, to receive a task to perform from AWS Data Pipeline", - "privilege": "PollForTask", + "description": "Grants permission to enable classic reports", + "privilege": "PutClassicReportPreferences", "resource_types": [ { - "condition_keys": [ - "datapipeline:workerGroup" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -74962,31 +79651,35 @@ }, { "access_level": "Write", - "description": "Grants permission to call PutAccountLimits", - "privilege": "PutAccountLimits", + "description": "Grants permission to write Cost and Usage Report Definition", + "privilege": "PutReportDefinition", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "" + "resource_type": "cur*" } ] }, { - "access_level": "Write", - "description": "Grants permission to add tasks, schedules, and preconditions to the specified pipeline", - "privilege": "PutPipelineDefinition", + "access_level": "Tagging", + "description": "Grants permission to tag a resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "cur*" }, { "condition_keys": [ - "datapipeline:PipelineCreator", - "datapipeline:Tag/${TagKey}", - "datapipeline:workerGroup" + "aws:TagKeys", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -74994,19 +79687,19 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to query the specified pipeline for the names of objects that match the specified set of conditions", - "privilege": "QueryObjects", + "access_level": "Tagging", + "description": "Grants permission to untag a resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "cur*" }, { "condition_keys": [ - "datapipeline:PipelineCreator", - "datapipeline:Tag/${TagKey}" + "aws:TagKeys", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -75014,43 +79707,47 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove existing tags from the specified pipeline", - "privilege": "RemoveTags", + "access_level": "Read", + "description": "Grants permission to validates if the s3 bucket exists with appropriate permissions for CUR delivery", + "privilege": "ValidateReportDestination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" - }, - { - "condition_keys": [ - "datapipeline:PipelineCreator", - "datapipeline:Tag/${TagKey}", - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] - }, + } + ], + "resources": [ + { + "arn": "arn:${Partition}:cur:${Region}:${Account}:definition/${ReportName}", + "condition_keys": [], + "resource": "cur" + } + ], + "service_name": "AWS Cost and Usage Report" + }, + { + "conditions": [], + "prefix": "customer-verification", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to task runners to call ReportTaskProgress, when they are assigned a task to acknowledge that it has the task", - "privilege": "ReportTaskProgress", + "description": "Grants permission to create customer verification data", + "privilege": "CreateCustomerVerificationDetails", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to task runners to call ReportTaskRunnerHeartbeat every 15 minutes to indicate that they are operational", - "privilege": "ReportTaskRunnerHeartbeat", + "description": "Grants permission to create upload URLs", + "privilege": "CreateUploadUrls", "resource_types": [ { "condition_keys": [], @@ -75060,214 +79757,87 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to requests that the status of the specified physical or logical pipeline objects be updated in the specified pipeline", - "privilege": "SetStatus", + "access_level": "Read", + "description": "Grants permission to get customer verification data", + "privilege": "GetCustomerVerificationDetails", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" - }, - { - "condition_keys": [ - "datapipeline:PipelineCreator", - "datapipeline:Tag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to task runners to call SetTaskStatus to notify AWS Data Pipeline that a task is completed and provide information about the final status", - "privilege": "SetTaskStatus", + "access_level": "Read", + "description": "Grants permission to get customer verification eligibility", + "privilege": "GetCustomerVerificationEligibility", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to validate the specified pipeline definition to ensure that it is well formed and can be run without error", - "privilege": "ValidatePipelineDefinition", + "access_level": "Write", + "description": "Grants permission to update customer verification data", + "privilege": "UpdateCustomerVerificationDetails", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" - }, - { - "condition_keys": [ - "datapipeline:PipelineCreator", - "datapipeline:Tag/${TagKey}", - "datapipeline:workerGroup" - ], - "dependent_actions": [], "resource_type": "" } ] } ], - "resources": [ - { - "arn": "arn:${Partition}:datapipeline:${Region}:${Account}:pipeline/${PipelineId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "pipeline" - } - ], - "service_name": "AWS Data Pipeline" + "resources": [], + "service_name": "AWS Customer Verification Service" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tag key-value pairs in the request", + "description": "Filters access by the tags that are passed in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tag key-value pairs associated with the resource", + "description": "Filters access by the tags associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by the tag keys in the request", + "description": "Filters access by the tag keys that are passed in the request", "type": "ArrayOfString" } ], - "prefix": "datasync", + "prefix": "databrew", "privileges": [ { "access_level": "Write", - "description": "Grants permission to create a storage system", - "privilege": "AddStorageSystem", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "agent*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to cancel execution of a sync task", - "privilege": "CancelTaskExecution", + "description": "Grants permission to delete one or more recipe versions", + "privilege": "BatchDeleteRecipeVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "taskexecution*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to activate an agent that you have deployed on your host", - "privilege": "CreateAgent", - "resource_types": [ - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create an endpoint for a Microsoft Azure Blob Storage container", - "privilege": "CreateLocationAzureBlob", - "resource_types": [ - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create an endpoint for an Amazon EFS file system", - "privilege": "CreateLocationEfs", - "resource_types": [ - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create an endpoint for an Amazon Fsx Lustre", - "privilege": "CreateLocationFsxLustre", - "resource_types": [ - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create an endpoint for Amazon FSx for ONTAP", - "privilege": "CreateLocationFsxOntap", - "resource_types": [ - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "Recipe*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an endpoint for Amazon FSx for OpenZFS", - "privilege": "CreateLocationFsxOpenZfs", + "description": "Grants permission to create a dataset", + "privilege": "CreateDataset", "resource_types": [ { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -75276,13 +79846,14 @@ }, { "access_level": "Write", - "description": "Grants permission to create an endpoint for an Amazon FSx Windows File Server file system", - "privilege": "CreateLocationFsxWindows", + "description": "Grants permission to create a profile job", + "privilege": "CreateProfileJob", "resource_types": [ { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -75291,13 +79862,14 @@ }, { "access_level": "Write", - "description": "Grants permission to create an endpoint for an Amazon Hdfs", - "privilege": "CreateLocationHdfs", + "description": "Grants permission to create a project", + "privilege": "CreateProject", "resource_types": [ { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -75306,13 +79878,14 @@ }, { "access_level": "Write", - "description": "Grants permission to create an endpoint for a NFS file system", - "privilege": "CreateLocationNfs", + "description": "Grants permission to create a recipe", + "privilege": "CreateRecipe", "resource_types": [ { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -75321,13 +79894,14 @@ }, { "access_level": "Write", - "description": "Grants permission to create an endpoint for a self-managed object storage bucket", - "privilege": "CreateLocationObjectStorage", + "description": "Grants permission to create a recipe job", + "privilege": "CreateRecipeJob", "resource_types": [ { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -75336,13 +79910,14 @@ }, { "access_level": "Write", - "description": "Grants permission to create an endpoint for an Amazon S3 bucket", - "privilege": "CreateLocationS3", + "description": "Grants permission to create a ruleset", + "privilege": "CreateRuleset", "resource_types": [ { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -75351,13 +79926,14 @@ }, { "access_level": "Write", - "description": "Grants permission to create an endpoint for an SMB file system", - "privilege": "CreateLocationSmb", + "description": "Grants permission to create a schedule", + "privilege": "CreateSchedule", "resource_types": [ { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -75366,316 +79942,224 @@ }, { "access_level": "Write", - "description": "Grants permission to create a sync task", - "privilege": "CreateTask", + "description": "Grants permission to delete a dataset", + "privilege": "DeleteDataset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "location*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "agent" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "Dataset*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an agent", - "privilege": "DeleteAgent", + "description": "Grants permission to delete a job", + "privilege": "DeleteJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "agent*" + "resource_type": "Job*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a location used by AWS DataSync", - "privilege": "DeleteLocation", + "description": "Grants permission to delete a project", + "privilege": "DeleteProject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "location*" + "resource_type": "Project*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a sync task", - "privilege": "DeleteTask", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "task*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to view metadata such as name, network interfaces, and the status (that is, whether the agent is running or not) about a sync agent", - "privilege": "DescribeAgent", + "description": "Grants permission to delete a recipe version", + "privilege": "DeleteRecipeVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "agent*" + "resource_type": "Recipe*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe metadata about a discovery job", - "privilege": "DescribeDiscoveryJob", + "access_level": "Write", + "description": "Grants permission to delete a ruleset", + "privilege": "DeleteRuleset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "discoveryjob*" + "resource_type": "Ruleset*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view metadata, such as the path information about an Azure Blob Storage sync location", - "privilege": "DescribeLocationAzureBlob", + "access_level": "Write", + "description": "Grants permission to delete a schedule", + "privilege": "DeleteSchedule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "location*" + "resource_type": "Schedule*" } ] }, { "access_level": "Read", - "description": "Grants permission to view metadata, such as the path information about an Amazon EFS sync location", - "privilege": "DescribeLocationEfs", + "description": "Grants permission to view details about a dataset", + "privilege": "DescribeDataset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "location*" + "resource_type": "Dataset*" } ] }, { "access_level": "Read", - "description": "Grants permission to view metadata, such as the path information about an Amazon FSx Lustre sync location", - "privilege": "DescribeLocationFsxLustre", + "description": "Grants permission to view details about a job", + "privilege": "DescribeJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "location*" + "resource_type": "Job*" } ] }, { "access_level": "Read", - "description": "Grants permission to view metadata, such as the path information about an Amazon FSx for ONTAP sync location", - "privilege": "DescribeLocationFsxOntap", + "description": "Grants permission to view details about job run for a given job", + "privilege": "DescribeJobRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "location*" + "resource_type": "Job*" } ] }, { "access_level": "Read", - "description": "Grants permission to view metadata, such as the path information about an Amazon FSx OpenZFS sync location", - "privilege": "DescribeLocationFsxOpenZfs", + "description": "Grants permission to view details about a project", + "privilege": "DescribeProject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "location*" + "resource_type": "Project*" } ] }, { "access_level": "Read", - "description": "Grants permission to view metadata, such as the path information about an Amazon FSx Windows sync location", - "privilege": "DescribeLocationFsxWindows", + "description": "Grants permission to view details about a recipe", + "privilege": "DescribeRecipe", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "location*" + "resource_type": "Recipe*" } ] }, { "access_level": "Read", - "description": "Grants permission to view metadata, such as the path information about an Amazon HDFS sync location", - "privilege": "DescribeLocationHdfs", + "description": "Grants permission to view details about a ruleset", + "privilege": "DescribeRuleset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "location*" + "resource_type": "Ruleset*" } ] }, { "access_level": "Read", - "description": "Grants permission to view metadata, such as the path information, about a NFS sync location", - "privilege": "DescribeLocationNfs", + "description": "Grants permission to view details about a schedule", + "privilege": "DescribeSchedule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "location*" + "resource_type": "Schedule*" } ] }, { "access_level": "Read", - "description": "Grants permission to view metadata about a self-managed object storage server location", - "privilege": "DescribeLocationObjectStorage", + "description": "Grants permission to list datasets in your account", + "privilege": "ListDatasets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "location*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to view metadata, such as bucket name, about an Amazon S3 bucket sync location", - "privilege": "DescribeLocationS3", + "description": "Grants permission to list job runs for a given job", + "privilege": "ListJobRuns", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "location*" + "resource_type": "Job*" } ] }, { "access_level": "Read", - "description": "Grants permission to view metadata, such as the path information, about an SMB sync location", - "privilege": "DescribeLocationSmb", + "description": "Grants permission to list jobs in your account", + "privilege": "ListJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "location*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to view metadata about a storage system", - "privilege": "DescribeStorageSystem", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "storagesystem*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to describe resource metrics collected by a discovery job", - "privilege": "DescribeStorageSystemResourceMetrics", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "discoveryjob*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to describe resources identified by a discovery job", - "privilege": "DescribeStorageSystemResources", + "description": "Grants permission to list projects in your account", + "privilege": "ListProjects", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "discoveryjob*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to view metadata about a sync task", - "privilege": "DescribeTask", + "description": "Grants permission to list versions in your recipe", + "privilege": "ListRecipeVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "task*" + "resource_type": "Recipe*" } ] }, { "access_level": "Read", - "description": "Grants permission to view metadata about a sync task that is being executed", - "privilege": "DescribeTaskExecution", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "taskexecution*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to generate recommendations for a resource identified by a discovery job", - "privilege": "GenerateRecommendations", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "discoveryjob*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list agents owned by an AWS account in a region specified in the request", - "privilege": "ListAgents", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list discovery jobs", - "privilege": "ListDiscoveryJobs", + "description": "Grants permission to list recipes in your account", + "privilege": "ListRecipes", "resource_types": [ { "condition_keys": [], @@ -75685,9 +80169,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list source and destination sync locations", - "privilege": "ListLocations", + "access_level": "Read", + "description": "Grants permission to list rulesets in your account", + "privilege": "ListRulesets", "resource_types": [ { "condition_keys": [], @@ -75697,9 +80181,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list storage systems", - "privilege": "ListStorageSystems", + "access_level": "Read", + "description": "Grants permission to list schedules in your account", + "privilege": "ListSchedules", "resource_types": [ { "condition_keys": [], @@ -75710,158 +80194,135 @@ }, { "access_level": "Read", - "description": "Grants permission to list tags that have been added to the specified resource", + "description": "Grants permission to retrieve tags associated with a resource", "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "agent" + "resource_type": "Dataset" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "discoveryjob" + "resource_type": "Job" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "location" + "resource_type": "Project" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "storagesystem" + "resource_type": "Recipe" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "task" + "resource_type": "Ruleset" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "taskexecution" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list executed sync tasks", - "privilege": "ListTaskExecutions", - "resource_types": [ - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "Schedule" } ] }, { - "access_level": "List", - "description": "Grants permission to list of all the sync tasks", - "privilege": "ListTasks", + "access_level": "Write", + "description": "Grants permission to publish a major verison of a recipe", + "privilege": "PublishRecipe", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Recipe*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a storage system", - "privilege": "RemoveStorageSystem", + "description": "Grants permission to submit an action to the interactive session for a project", + "privilege": "SendProjectSessionAction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "storagesystem*" + "resource_type": "Project*" } ] }, { "access_level": "Write", - "description": "Grants permission to start a discovery job for a storage system", - "privilege": "StartDiscoveryJob", + "description": "Grants permission to start running a job", + "privilege": "StartJobRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "storagesystem*" + "resource_type": "Job*" } ] }, { "access_level": "Write", - "description": "Grants permission to start a specific invocation of a sync task", - "privilege": "StartTaskExecution", + "description": "Grants permission to start an interactive session for a project", + "privilege": "StartProjectSession", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "task*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "Project*" } ] }, { "access_level": "Write", - "description": "Grants permission to stop a discovery job", - "privilege": "StopDiscoveryJob", + "description": "Grants permission to stop a job run for a job", + "privilege": "StopJobRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "discoveryjob*" + "resource_type": "Job*" } ] }, { "access_level": "Tagging", - "description": "Grants permission to apply a key-value pair to an AWS resource", + "description": "Grants permission to add tags to a resource", "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "agent" + "resource_type": "Dataset" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "discoveryjob" + "resource_type": "Job" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "location" + "resource_type": "Project" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "storagesystem" + "resource_type": "Recipe" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "task" + "resource_type": "Ruleset" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "taskexecution" + "resource_type": "Schedule" }, { "condition_keys": [ @@ -75875,38 +80336,38 @@ }, { "access_level": "Tagging", - "description": "Grants permission to remove one or more tags from the specified resource", + "description": "Grants permission to remove tags associated with a resource", "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "agent" + "resource_type": "Dataset" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "discoveryjob" + "resource_type": "Job" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "location" + "resource_type": "Project" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "storagesystem" + "resource_type": "Recipe" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "task" + "resource_type": "Ruleset" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "taskexecution" + "resource_type": "Schedule" }, { "condition_keys": [ @@ -75919,328 +80380,213 @@ }, { "access_level": "Write", - "description": "Grants permission to update the name of an agent", - "privilege": "UpdateAgent", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "agent*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a discovery job", - "privilege": "UpdateDiscoveryJob", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "discoveryjob*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update an Azure Blob Storage sync location", - "privilege": "UpdateLocationAzureBlob", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "location*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update an EFS sync Location", - "privilege": "UpdateLocationEfs", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "location*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update an FSx Lustre sync Location", - "privilege": "UpdateLocationFsxLustre", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "location*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update an FSx ONTAP sync Location", - "privilege": "UpdateLocationFsxOntap", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "location*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update an FSx OpenZFS sync Location", - "privilege": "UpdateLocationFsxOpenZfs", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "location*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update an FSx Windows sync Location", - "privilege": "UpdateLocationFsxWindows", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "location*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update an HDFS sync Location", - "privilege": "UpdateLocationHdfs", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "location*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update an NFS sync Location", - "privilege": "UpdateLocationNfs", + "description": "Grants permission to modify a dataset", + "privilege": "UpdateDataset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "location*" + "resource_type": "Dataset*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a self-managed object storage server location", - "privilege": "UpdateLocationObjectStorage", + "description": "Grants permission to modify a profile job", + "privilege": "UpdateProfileJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "location*" + "resource_type": "Job*" } ] }, { "access_level": "Write", - "description": "Grants permission to update an S3 sync Location", - "privilege": "UpdateLocationS3", + "description": "Grants permission to modify a project", + "privilege": "UpdateProject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "location*" + "resource_type": "Project*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a SMB sync location", - "privilege": "UpdateLocationSmb", + "description": "Grants permission to modify a recipe", + "privilege": "UpdateRecipe", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "location*" + "resource_type": "Recipe*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a storage system", - "privilege": "UpdateStorageSystem", + "description": "Grants permission to modify a recipe job", + "privilege": "UpdateRecipeJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "storagesystem*" + "resource_type": "Job*" } ] }, { "access_level": "Write", - "description": "Grants permission to update metadata associated with a sync task", - "privilege": "UpdateTask", + "description": "Grants permission to modify a ruleset", + "privilege": "UpdateRuleset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "task*" + "resource_type": "Ruleset*" } ] }, { "access_level": "Write", - "description": "Grants permission to update execution of a sync task", - "privilege": "UpdateTaskExecution", + "description": "Grants permission to modify a schedule", + "privilege": "UpdateSchedule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "taskexecution*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "Schedule*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:datasync:${Region}:${AccountId}:agent/${AgentId}", + "arn": "arn:${Partition}:databrew:${Region}:${Account}:project/${ResourceId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "agent" + "resource": "Project" }, { - "arn": "arn:${Partition}:datasync:${Region}:${AccountId}:location/${LocationId}", + "arn": "arn:${Partition}:databrew:${Region}:${Account}:dataset/${ResourceId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "location" + "resource": "Dataset" }, { - "arn": "arn:${Partition}:datasync:${Region}:${AccountId}:task/${TaskId}", + "arn": "arn:${Partition}:databrew:${Region}:${Account}:ruleset/${ResourceId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "task" + "resource": "Ruleset" }, { - "arn": "arn:${Partition}:datasync:${Region}:${AccountId}:task/${TaskId}/execution/${ExecutionId}", + "arn": "arn:${Partition}:databrew:${Region}:${Account}:recipe/${ResourceId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "taskexecution" + "resource": "Recipe" }, { - "arn": "arn:${Partition}:datasync:${Region}:${AccountId}:system/${StorageSystemId}", + "arn": "arn:${Partition}:databrew:${Region}:${Account}:job/${ResourceId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "storagesystem" + "resource": "Job" }, { - "arn": "arn:${Partition}:datasync:${Region}:${AccountId}:system/${StorageSystemId}/job/${DiscoveryJobId}", + "arn": "arn:${Partition}:databrew:${Region}:${Account}:schedule/${ResourceId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "discoveryjob" + "resource": "Schedule" } ], - "service_name": "AWS DataSync" + "service_name": "AWS Glue DataBrew" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", + "description": "Filters access by the allowed set of values for each of the mandatory tags in the create request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", + "description": "Filters access by the tag value associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", + "description": "Filters access by the presence of mandatory tags in the create request", "type": "ArrayOfString" }, { - "condition": "datazone:domainId", - "description": "Filters access by the domain ID passed in the request", - "type": "String" - }, - { - "condition": "datazone:projectId", - "description": "Filters access by the project ID passed in the request", - "type": "String" - }, - { - "condition": "datazone:userId", - "description": "Filters access by the user ID passed in the request", + "condition": "dataexchange:JobType", + "description": "Filters access by the specified job type", "type": "String" } ], - "prefix": "datazone", + "prefix": "dataexchange", "privileges": [ { "access_level": "Write", - "description": "Grants permission to accept prediction", - "privilege": "AcceptPredictions", + "description": "Grants permission to accept a data grant", + "privilege": "AcceptDataGrant", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "data-grants*" } ] }, { "access_level": "Write", - "description": "Grants permission to approve a subscription request for a Data Asset", - "privilege": "AcceptSubscriptionRequest", + "description": "Grants permission to cancel a job", + "privilege": "CancelJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "jobs*" } ] }, { "access_level": "Write", - "description": "Grants permission to add an owner to an entity like domain unit", - "privilege": "AddEntityOwner", + "description": "Grants permission to create an asset (for example, in a Job)", + "privilege": "CreateAsset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "revisions*" } ] }, { "access_level": "Write", - "description": "Grants permission to add a policy grant", - "privilege": "AddPolicyGrant", - "resource_types": [ + "description": "Grants permission to create a data grant", + "privilege": "CreateDataGrant", + "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "dataexchange:PublishToDataGrant" + ], + "resource_type": "data-grants*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -76248,203 +80594,251 @@ }, { "access_level": "Write", - "description": "Grants permission to associate a role in a default service blueprint environment", - "privilege": "AssociateEnvironmentRole", + "description": "Grants permission to create a data set", + "privilege": "CreateDataSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "data-sets*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to remove linked type items from an Amazon DataZone Domain", - "privilege": "BatchDeleteLinkedTypes", + "description": "Grants permission to create an event action", + "privilege": "CreateEventAction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "event-actions*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to put linked type items to an Amazon DataZone Domain", - "privilege": "BatchPutLinkedTypes", + "description": "Grants permission to create a job to import or export assets", + "privilege": "CreateJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "jobs*" + }, + { + "condition_keys": [ + "dataexchange:JobType" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to cancel metadata generation run", - "privilege": "CancelMetadataGenerationRun", + "description": "Grants permission to create a revision", + "privilege": "CreateRevision", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "data-sets*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to revoke or unsubscribe an approved subscription to Data Asset", - "privilege": "CancelSubscription", + "description": "Grants permission to delete an asset", + "privilege": "DeleteAsset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "assets*" } ] }, { "access_level": "Write", - "description": "Grants permission to create asset", - "privilege": "CreateAsset", + "description": "Grants permission to delete a data grant", + "privilege": "DeleteDataGrant", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "data-grants*" } ] }, { "access_level": "Write", - "description": "Grants permission to create asset filter", - "privilege": "CreateAssetFilter", + "description": "Grants permission to delete a data set", + "privilege": "DeleteDataSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "data-sets*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "entitled-data-sets*" } ] }, { "access_level": "Write", - "description": "Grants permission to create new revision of an asset", - "privilege": "CreateAssetRevision", + "description": "Grants permission to delete an event action", + "privilege": "DeleteEventAction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "event-actions*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an asset type", - "privilege": "CreateAssetType", + "description": "Grants permission to delete a revision", + "privilege": "DeleteRevision", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "revisions*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create connections", - "privilege": "CreateConnection", + "access_level": "Read", + "description": "Grants permission to get information about an asset and to export it (for example, in a Job)", + "privilege": "GetAsset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "assets*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "entitled-assets*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create data product", - "privilege": "CreateDataProduct", + "access_level": "Read", + "description": "Grants permission to get a data grant", + "privilege": "GetDataGrant", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "data-grants*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create data product revision", - "privilege": "CreateDataProductRevision", + "access_level": "Read", + "description": "Grants permission to get information about a data set", + "privilege": "GetDataSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "data-sets*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "entitled-data-sets*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new DataSource", - "privilege": "CreateDataSource", + "access_level": "Read", + "description": "Grants permission to get an event action", + "privilege": "GetEventAction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "event-actions*" } ] }, { - "access_level": "Write", - "description": "Grants permission to provision a domain which is a top level entity that contains other Amazon DataZone resources", - "privilege": "CreateDomain", + "access_level": "Read", + "description": "Grants permission to get information about a job", + "privilege": "GetJob", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "jobs*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a domain unit", - "privilege": "CreateDomainUnit", + "access_level": "Read", + "description": "Grants permission to get a received data grant", + "privilege": "GetReceivedDataGrant", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "data-grants*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a collection of configurated resources used to publish and subscribe to data", - "privilege": "CreateEnvironment", + "access_level": "Read", + "description": "Grants permission to get information about a revision", + "privilege": "GetRevision", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "entitled-revisions*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "revisions*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an environment action in a default service blueprint environment", - "privilege": "CreateEnvironmentAction", + "access_level": "List", + "description": "Grants permission to list data grants for the account", + "privilege": "ListDataGrants", "resource_types": [ { "condition_keys": [], @@ -76454,21 +80848,26 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a custom Environment Blueprint that allow user to add Environments to their Project", - "privilege": "CreateEnvironmentBlueprint", + "access_level": "List", + "description": "Grants permission to list the revisions of a data set", + "privilege": "ListDataSetRevisions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "data-sets*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "entitled-data-sets*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a template from a Blueprint that can be used to create a Environment", - "privilege": "CreateEnvironmentProfile", + "access_level": "List", + "description": "Grants permission to list data sets for the account", + "privilege": "ListDataSets", "resource_types": [ { "condition_keys": [], @@ -76478,9 +80877,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a form type or a new revision of it", - "privilege": "CreateFormType", + "access_level": "List", + "description": "Grants permission to list event actions for the account", + "privilege": "ListEventActions", "resource_types": [ { "condition_keys": [], @@ -76490,9 +80889,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a business glossary", - "privilege": "CreateGlossary", + "access_level": "List", + "description": "Grants permission to list jobs for the account", + "privilege": "ListJobs", "resource_types": [ { "condition_keys": [], @@ -76502,9 +80901,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a glossary term", - "privilege": "CreateGlossaryTerm", + "access_level": "List", + "description": "Grants permission to list received data grants for the account", + "privilege": "ListReceivedDataGrants", "resource_types": [ { "condition_keys": [], @@ -76514,273 +80913,523 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a DataZone group profile for an IAM Identity Center group", - "privilege": "CreateGroupProfile", + "access_level": "List", + "description": "Grants permission to get list the assets of a revision", + "privilege": "ListRevisionAssets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "entitled-revisions*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "revisions*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create listing change set", - "privilege": "CreateListingChangeSet", + "access_level": "List", + "description": "Grants permission to list the tags that you associated with the specified resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "data-grants" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "data-sets" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "event-actions" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "revisions" } ] }, { "access_level": "Write", - "description": "Grants permission to create a Project to enable your team to publish and subscribe to data", - "privilege": "CreateProject", + "description": "Grants permission to publish a data set to a product", + "privilege": "PublishDataSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "data-sets*" } ] }, { "access_level": "Write", - "description": "Grants permission to add a user to a Project", - "privilege": "CreateProjectMembership", + "description": "Grants permission to publish a data set to a data grant", + "privilege": "PublishToDataGrant", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "data-sets*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a project profile", - "privilege": "CreateProjectProfile", + "description": "Grants permission to revoke subscriber access to a revision", + "privilege": "RevokeRevision", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "revisions*" } ] }, { "access_level": "Write", - "description": "Grants permission to create rule", - "privilege": "CreateRule", + "description": "Grants permission to send a request to an API asset", + "privilege": "SendApiAsset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "assets*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "entitled-assets*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a grant for an approved subscription on a subscription target", - "privilege": "CreateSubscriptionGrant", + "description": "Grants permission to send a notification to subscribers of a data set", + "privilege": "SendDataSetNotification", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "data-sets*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a subscription request for a Data Asset", - "privilege": "CreateSubscriptionRequest", + "description": "Grants permission to start a job", + "privilege": "StartJob", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "dataexchange:CreateAsset", + "dataexchange:DeleteDataSet", + "dataexchange:GetAsset", + "dataexchange:GetDataSet", + "dataexchange:GetRevision", + "dataexchange:PublishDataSet", + "redshift:AuthorizeDataShare" + ], + "resource_type": "jobs*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a subscription target for a Environment in the project", - "privilege": "CreateSubscriptionTarget", + "access_level": "Tagging", + "description": "Grants permission to add one or more tags to a specified resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "data-grants" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "data-sets" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "event-actions" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "revisions" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a user profile for an existing user in the customers IAM Identity Center", - "privilege": "CreateUserProfile", + "access_level": "Tagging", + "description": "Grants permission to remove one or more tags from a specified resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "data-grants" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "data-sets" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "event-actions" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "revisions" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an asset", - "privilege": "DeleteAsset", + "description": "Grants permission to get update information about an asset", + "privilege": "UpdateAsset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "assets*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete asset filter", - "privilege": "DeleteAssetFilter", + "description": "Grants permission to update information about a data set", + "privilege": "UpdateDataSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "data-sets*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an asset type", - "privilege": "DeleteAssetType", + "description": "Grants permission to update information for an event action", + "privilege": "UpdateEventAction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "event-actions*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete connections", - "privilege": "DeleteConnection", + "description": "Grants permission to update information about a revision", + "privilege": "UpdateRevision", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "dataexchange:PublishDataSet", + "dataexchange:PublishToDataGrant" + ], + "resource_type": "revisions*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:dataexchange:${Region}:${Account}:jobs/${JobId}", + "condition_keys": [ + "dataexchange:JobType" + ], + "resource": "jobs" + }, + { + "arn": "arn:${Partition}:dataexchange:${Region}:${Account}:data-sets/${DataSetId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "data-sets" + }, + { + "arn": "arn:${Partition}:dataexchange:${Region}::data-sets/${DataSetId}", + "condition_keys": [], + "resource": "entitled-data-sets" + }, + { + "arn": "arn:${Partition}:dataexchange:${Region}:${Account}:data-sets/${DataSetId}/revisions/${RevisionId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "revisions" + }, + { + "arn": "arn:${Partition}:dataexchange:${Region}::data-sets/${DataSetId}/revisions/${RevisionId}", + "condition_keys": [], + "resource": "entitled-revisions" + }, + { + "arn": "arn:${Partition}:dataexchange:${Region}:${Account}:data-sets/${DataSetId}/revisions/${RevisionId}/assets/${AssetId}", + "condition_keys": [], + "resource": "assets" + }, + { + "arn": "arn:${Partition}:dataexchange:${Region}::data-sets/${DataSetId}/revisions/${RevisionId}/assets/${AssetId}", + "condition_keys": [], + "resource": "entitled-assets" + }, + { + "arn": "arn:${Partition}:dataexchange:${Region}:${Account}:event-actions/${EventActionId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "event-actions" + }, + { + "arn": "arn:${Partition}:dataexchange:${Region}:${Account}:data-grants/${DataGrantId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "data-grants" + } + ], + "service_name": "AWS Data Exchange" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the presence of tag keys in the request", + "type": "ArrayOfString" + }, + { + "condition": "datapipeline:PipelineCreator", + "description": "Filters access by the IAM user that created the pipeline", + "type": "ArrayOfString" + }, + { + "condition": "datapipeline:Tag/${TagKey}", + "description": "Filters access by customer-specified key/value pair that can be attached to a resource", + "type": "String" }, + { + "condition": "datapipeline:workerGroup", + "description": "Filters access by the name of a worker group for which a Task Runner retrieves work", + "type": "ArrayOfString" + } + ], + "prefix": "datapipeline", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to delete data product", - "privilege": "DeleteDataProduct", + "description": "Grants permission to validate the specified pipeline and starts processing pipeline tasks. If the pipeline does not pass validation, activation fails", + "privilege": "ActivatePipeline", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "pipeline*" + }, + { + "condition_keys": [ + "datapipeline:PipelineCreator", + "datapipeline:Tag/${TagKey}", + "datapipeline:workerGroup" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update existing DataSource", - "privilege": "DeleteDataSource", + "access_level": "Tagging", + "description": "Grants permission to add or modify tags for the specified pipeline", + "privilege": "AddTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "pipeline*" + }, + { + "condition_keys": [ + "datapipeline:PipelineCreator", + "datapipeline:Tag/${TagKey}", + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a provisioned domain", - "privilege": "DeleteDomain", + "description": "Grants permission to create a new, empty pipeline", + "privilege": "CreatePipeline", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "domain*" + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "datapipeline:Tag/${TagKey}" + ], + "dependent_actions": [ + "datapipeline:AddTags" + ], + "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to delete a resource policy for a DataZone Domain", - "privilege": "DeleteDomainSharingPolicy", + "access_level": "Write", + "description": "Grants permission to Deactivate the specified running pipeline", + "privilege": "DeactivatePipeline", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "pipeline*" + }, + { + "condition_keys": [ + "datapipeline:PipelineCreator", + "datapipeline:Tag/${TagKey}", + "datapipeline:workerGroup" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an existing domain unit", - "privilege": "DeleteDomainUnit", + "description": "Grants permission to delete a pipeline, its pipeline definition, and its run history", + "privilege": "DeletePipeline", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "pipeline*" + }, + { + "condition_keys": [ + "datapipeline:PipelineCreator", + "datapipeline:Tag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to Delete Environment", - "privilege": "DeleteEnvironment", + "access_level": "Read", + "description": "Grants permission to get the object definitions for a set of objects associated with the pipeline", + "privilege": "DescribeObjects", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "pipeline*" + }, + { + "condition_keys": [ + "datapipeline:PipelineCreator", + "datapipeline:Tag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an environment action in a default service blueprint environment", - "privilege": "DeleteEnvironmentAction", + "access_level": "Read", + "description": "Grants permission to retrieves metadata about one or more pipelines", + "privilege": "DescribePipelines", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "pipeline*" + }, + { + "condition_keys": [ + "datapipeline:PipelineCreator", + "datapipeline:Tag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete Environment Blueprint", - "privilege": "DeleteEnvironmentBlueprint", + "access_level": "Read", + "description": "Grants permission to task runners to call EvaluateExpression, to evaluate a string in the context of the specified object", + "privilege": "EvaluateExpression", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "pipeline*" + }, + { + "condition_keys": [ + "datapipeline:PipelineCreator", + "datapipeline:Tag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete environment blueprint configuration", - "privilege": "DeleteEnvironmentBlueprintConfiguration", + "access_level": "List", + "description": "Grants permission to call GetAccountLimits", + "privilege": "GetAccountLimits", "resource_types": [ { "condition_keys": [], @@ -76790,21 +81439,30 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete Environment Profile", - "privilege": "DeleteEnvironmentProfile", + "access_level": "Read", + "description": "Grants permission to gets the definition of the specified pipeline", + "privilege": "GetPipelineDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "pipeline*" + }, + { + "condition_keys": [ + "datapipeline:PipelineCreator", + "datapipeline:Tag/${TagKey}", + "datapipeline:workerGroup" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a form type", - "privilege": "DeleteFormType", + "access_level": "List", + "description": "Grants permission to list the pipeline identifiers for all active pipelines that you have permission to access", + "privilege": "ListPipelines", "resource_types": [ { "condition_keys": [], @@ -76815,11 +81473,13 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a business glossary", - "privilege": "DeleteGlossary", + "description": "Grants permission to task runners to call PollForTask, to receive a task to perform from AWS Data Pipeline", + "privilege": "PollForTask", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "datapipeline:workerGroup" + ], "dependent_actions": [], "resource_type": "" } @@ -76827,8 +81487,8 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a glossary term", - "privilege": "DeleteGlossaryTerm", + "description": "Grants permission to call PutAccountLimits", + "privilege": "PutAccountLimits", "resource_types": [ { "condition_keys": [], @@ -76839,56 +81499,83 @@ }, { "access_level": "Write", - "description": "Grants permission to delete listing", - "privilege": "DeleteListing", + "description": "Grants permission to add tasks, schedules, and preconditions to the specified pipeline", + "privilege": "PutPipelineDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "pipeline*" + }, + { + "condition_keys": [ + "datapipeline:PipelineCreator", + "datapipeline:Tag/${TagKey}", + "datapipeline:workerGroup" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a Project that enables your team to publish and subscribe to data", - "privilege": "DeleteProject", + "access_level": "Read", + "description": "Grants permission to query the specified pipeline for the names of objects that match the specified set of conditions", + "privilege": "QueryObjects", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "pipeline*" + }, + { + "condition_keys": [ + "datapipeline:PipelineCreator", + "datapipeline:Tag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to remove a user from a project", - "privilege": "DeleteProjectMembership", + "access_level": "Tagging", + "description": "Grants permission to remove existing tags from the specified pipeline", + "privilege": "RemoveTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "pipeline*" + }, + { + "condition_keys": [ + "datapipeline:PipelineCreator", + "datapipeline:Tag/${TagKey}", + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a project profile", - "privilege": "DeleteProjectProfile", + "description": "Grants permission to task runners to call ReportTaskProgress, when they are assigned a task to acknowledge that it has the task", + "privilege": "ReportTaskProgress", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "pipeline*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete rule", - "privilege": "DeleteRule", + "description": "Grants permission to task runners to call ReportTaskRunnerHeartbeat every 15 minutes to indicate that they are operational", + "privilege": "ReportTaskRunnerHeartbeat", "resource_types": [ { "condition_keys": [], @@ -76899,488 +81586,609 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a subscription grant from a subscription target", - "privilege": "DeleteSubscriptionGrant", + "description": "Grants permission to requests that the status of the specified physical or logical pipeline objects be updated in the specified pipeline", + "privilege": "SetStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "pipeline*" + }, + { + "condition_keys": [ + "datapipeline:PipelineCreator", + "datapipeline:Tag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a pending subscription request for a Data Asset", - "privilege": "DeleteSubscriptionRequest", + "description": "Grants permission to task runners to call SetTaskStatus to notify AWS Data Pipeline that a task is completed and provide information about the final status", + "privilege": "SetTaskStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "pipeline*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a subscription target from a Environment in the project", - "privilege": "DeleteSubscriptionTarget", + "access_level": "Read", + "description": "Grants permission to validate the specified pipeline definition to ensure that it is well formed and can be run without error", + "privilege": "ValidatePipelineDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "pipeline*" + }, + { + "condition_keys": [ + "datapipeline:PipelineCreator", + "datapipeline:Tag/${TagKey}", + "datapipeline:workerGroup" + ], + "dependent_actions": [], "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:datapipeline:${Region}:${Account}:pipeline/${PipelineId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "pipeline" + } + ], + "service_name": "AWS Data Pipeline" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tag key-value pairs associated with the resource", + "type": "String" }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys in the request", + "type": "ArrayOfString" + } + ], + "prefix": "datasync", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to delete existing TimeSeriesDataPoints", - "privilege": "DeleteTimeSeriesDataPoints", + "description": "Grants permission to create a storage system", + "privilege": "AddStorageSystem", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "agent*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate a role in a default service blueprint environment", - "privilege": "DisassociateEnvironmentRole", + "description": "Grants permission to cancel execution of a sync task", + "privilege": "CancelTaskExecution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "taskexecution*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve an asset", - "privilege": "GetAsset", + "access_level": "Write", + "description": "Grants permission to activate an agent that you have deployed on your host", + "privilege": "CreateAgent", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get asset filter", - "privilege": "GetAssetFilter", + "access_level": "Write", + "description": "Grants permission to create an endpoint for a Microsoft Azure Blob Storage container", + "privilege": "CreateLocationAzureBlob", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get an asset type", - "privilege": "GetAssetType", + "access_level": "Write", + "description": "Grants permission to create an endpoint for an Amazon EFS file system", + "privilege": "CreateLocationEfs", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get connections", - "privilege": "GetConnection", + "access_level": "Write", + "description": "Grants permission to create an endpoint for an Amazon Fsx Lustre", + "privilege": "CreateLocationFsxLustre", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get data product", - "privilege": "GetDataProduct", + "access_level": "Write", + "description": "Grants permission to create an endpoint for Amazon FSx for ONTAP", + "privilege": "CreateLocationFsxOntap", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to Get a existing DataSource in Amazon DataZone using its identifier", - "privilege": "GetDataSource", + "access_level": "Write", + "description": "Grants permission to create an endpoint for Amazon FSx for OpenZFS", + "privilege": "CreateLocationFsxOpenZfs", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get DataSource run job in Amazon DataZone using it's identifier", - "privilege": "GetDataSourceRun", + "access_level": "Write", + "description": "Grants permission to create an endpoint for an Amazon FSx Windows File Server file system", + "privilege": "CreateLocationFsxWindows", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about a domain", - "privilege": "GetDomain", + "access_level": "Write", + "description": "Grants permission to create an endpoint for an Amazon Hdfs", + "privilege": "CreateLocationHdfs", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to use features that require access to domain execution role credentials", - "privilege": "GetDomainExecutionRoleCredentials", + "access_level": "Write", + "description": "Grants permission to create an endpoint for a NFS file system", + "privilege": "CreateLocationNfs", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a resource policy for a DataZone Domain", - "privilege": "GetDomainSharingPolicy", + "access_level": "Write", + "description": "Grants permission to create an endpoint for a self-managed object storage bucket", + "privilege": "CreateLocationObjectStorage", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get an existing domain unit", - "privilege": "GetDomainUnit", + "access_level": "Write", + "description": "Grants permission to create an endpoint for an Amazon S3 bucket", + "privilege": "CreateLocationS3", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get Environment details", - "privilege": "GetEnvironment", + "access_level": "Write", + "description": "Grants permission to create an endpoint for an SMB file system", + "privilege": "CreateLocationSmb", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get an environment action in a default service blueprint environment", - "privilege": "GetEnvironmentAction", + "access_level": "Write", + "description": "Grants permission to create a sync task", + "privilege": "CreateTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "location*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "agent" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get environment action link", - "privilege": "GetEnvironmentActionLink", + "access_level": "Write", + "description": "Grants permission to delete an agent", + "privilege": "DeleteAgent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "agent*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get Environment Blueprint details", - "privilege": "GetEnvironmentBlueprint", + "access_level": "Write", + "description": "Grants permission to delete a location used by AWS DataSync", + "privilege": "DeleteLocation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "location*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get environment blueprint configuration", - "privilege": "GetEnvironmentBlueprintConfiguration", + "access_level": "Write", + "description": "Grants permission to delete a sync task", + "privilege": "DeleteTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "task*" } ] }, { "access_level": "Read", - "description": "Grants permission to get short term credentials that assume the Environment user role", - "privilege": "GetEnvironmentCredentials", + "description": "Grants permission to view metadata such as name, network interfaces, and the status (that is, whether the agent is running or not) about a sync agent", + "privilege": "DescribeAgent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "agent*" } ] }, { "access_level": "Read", - "description": "Grants permission to get Environment Profile details", - "privilege": "GetEnvironmentProfile", + "description": "Grants permission to describe metadata about a discovery job", + "privilege": "DescribeDiscoveryJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "discoveryjob*" } ] }, { "access_level": "Read", - "description": "Grants permission to get a form type", - "privilege": "GetFormType", + "description": "Grants permission to view metadata, such as the path information about an Azure Blob Storage sync location", + "privilege": "DescribeLocationAzureBlob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "location*" } ] }, { "access_level": "Read", - "description": "Grants permission to get a business glossary", - "privilege": "GetGlossary", + "description": "Grants permission to view metadata, such as the path information about an Amazon EFS sync location", + "privilege": "DescribeLocationEfs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "location*" } ] }, { "access_level": "Read", - "description": "Grants permission to get a glossary term", - "privilege": "GetGlossaryTerm", + "description": "Grants permission to view metadata, such as the path information about an Amazon FSx Lustre sync location", + "privilege": "DescribeLocationFsxLustre", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "location*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve an existing DataZone group profile", - "privilege": "GetGroupProfile", + "description": "Grants permission to view metadata, such as the path information about an Amazon FSx for ONTAP sync location", + "privilege": "DescribeLocationFsxOntap", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "location*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to an IAM principal to log into the DataZone Portal", - "privilege": "GetIamPortalLoginUrl", + "access_level": "Read", + "description": "Grants permission to view metadata, such as the path information about an Amazon FSx OpenZFS sync location", + "privilege": "DescribeLocationFsxOpenZfs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "location*" } ] }, { "access_level": "Read", - "description": "Grants permission to get job runs", - "privilege": "GetJobRun", + "description": "Grants permission to view metadata, such as the path information about an Amazon FSx Windows sync location", + "privilege": "DescribeLocationFsxWindows", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "location*" } ] }, { "access_level": "Read", - "description": "Grants permission to get lineage events", - "privilege": "GetLineageEvent", + "description": "Grants permission to view metadata, such as the path information about an Amazon HDFS sync location", + "privilege": "DescribeLocationHdfs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "location*" } ] }, { "access_level": "Read", - "description": "Grants permission to get the lineage node", - "privilege": "GetLineageNode", + "description": "Grants permission to view metadata, such as the path information, about a NFS sync location", + "privilege": "DescribeLocationNfs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "location*" } ] }, { "access_level": "Read", - "description": "Grants permission to get listing", - "privilege": "GetListing", + "description": "Grants permission to view metadata about a self-managed object storage server location", + "privilege": "DescribeLocationObjectStorage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "location*" } ] }, { "access_level": "Read", - "description": "Grants permission to get metadata generation run", - "privilege": "GetMetadataGenerationRun", + "description": "Grants permission to view metadata, such as bucket name, about an Amazon S3 bucket sync location", + "privilege": "DescribeLocationS3", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "location*" } ] }, { "access_level": "Read", - "description": "Grants permission to get Project details", - "privilege": "GetProject", + "description": "Grants permission to view metadata, such as the path information, about an SMB sync location", + "privilege": "DescribeLocationSmb", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "location*" } ] }, { "access_level": "Read", - "description": "Grants permission to get project profile details", - "privilege": "GetProjectProfile", + "description": "Grants permission to view metadata about a storage system", + "privilege": "DescribeStorageSystem", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "storagesystem*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get rule", - "privilege": "GetRule", + "access_level": "List", + "description": "Grants permission to describe resource metrics collected by a discovery job", + "privilege": "DescribeStorageSystemResourceMetrics", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "discoveryjob*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a subscription", - "privilege": "GetSubscription", + "access_level": "List", + "description": "Grants permission to describe resources identified by a discovery job", + "privilege": "DescribeStorageSystemResources", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "discoveryjob*" } ] }, { "access_level": "Read", - "description": "Grants permission to get subscription eligibilty", - "privilege": "GetSubscriptionEligibility", + "description": "Grants permission to view metadata about a sync task", + "privilege": "DescribeTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "task*" } ] }, { "access_level": "Read", - "description": "Grants permission to retireve a subscription grant", - "privilege": "GetSubscriptionGrant", + "description": "Grants permission to view metadata about a sync task that is being executed", + "privilege": "DescribeTaskExecution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "taskexecution*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to reject a subscription request for a Data Asset", - "privilege": "GetSubscriptionRequestDetails", + "access_level": "Write", + "description": "Grants permission to generate recommendations for a resource identified by a discovery job", + "privilege": "GenerateRecommendations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "discoveryjob*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retireve details of subscription target", - "privilege": "GetSubscriptionTarget", + "access_level": "List", + "description": "Grants permission to list agents owned by an AWS account in a region specified in the request", + "privilege": "ListAgents", "resource_types": [ { "condition_keys": [], @@ -77390,9 +82198,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get an existing TimeSeriesDataPoints in Amazon DataZone using its identifier", - "privilege": "GetTimeSeriesDataPoint", + "access_level": "List", + "description": "Grants permission to list discovery jobs", + "privilege": "ListDiscoveryJobs", "resource_types": [ { "condition_keys": [], @@ -77402,9 +82210,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a user profile for an existing user in the DataZone Domain", - "privilege": "GetUserProfile", + "access_level": "List", + "description": "Grants permission to list source and destination sync locations", + "privilege": "ListLocations", "resource_types": [ { "condition_keys": [], @@ -77415,8 +82223,8 @@ }, { "access_level": "List", - "description": "Grants permission to list Environments across all domains in an AWS Account", - "privilege": "ListAccountEnvironments", + "description": "Grants permission to list storage systems", + "privilege": "ListStorageSystems", "resource_types": [ { "condition_keys": [], @@ -77426,24 +82234,51 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list asset filters", - "privilege": "ListAssetFilters", + "access_level": "Read", + "description": "Grants permission to list tags that have been added to the specified resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "agent" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "discoveryjob" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "location" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "storagesystem" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "task" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "taskexecution" } ] }, { "access_level": "List", - "description": "Grants permission to list revisions of an asset", - "privilege": "ListAssetRevisions", + "description": "Grants permission to list executed sync tasks", + "privilege": "ListTaskExecutions", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } @@ -77451,8 +82286,8 @@ }, { "access_level": "List", - "description": "Grants permission to list connections", - "privilege": "ListConnections", + "description": "Grants permission to list of all the sync tasks", + "privilege": "ListTasks", "resource_types": [ { "condition_keys": [], @@ -77462,273 +82297,436 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list data product revisions", - "privilege": "ListDataProductRevisions", + "access_level": "Write", + "description": "Grants permission to delete a storage system", + "privilege": "RemoveStorageSystem", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "storagesystem*" } ] }, { - "access_level": "List", - "description": "Grants permission to list DataSource runs job's activities on Asset", - "privilege": "ListDataSourceRunActivities", + "access_level": "Write", + "description": "Grants permission to start a discovery job for a storage system", + "privilege": "StartDiscoveryJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "storagesystem*" } ] }, { - "access_level": "List", - "description": "Grants permission to list DataSource runs job", - "privilege": "ListDataSourceRuns", + "access_level": "Write", + "description": "Grants permission to start a specific invocation of a sync task", + "privilege": "StartTaskExecution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "task*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list existing DataSources", - "privilege": "ListDataSources", + "access_level": "Write", + "description": "Grants permission to stop a discovery job", + "privilege": "StopDiscoveryJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "discoveryjob*" } ] }, { - "access_level": "List", - "description": "Grants permission to list child domain units for a given parent domain unit", - "privilege": "ListDomainUnitsForParent", + "access_level": "Tagging", + "description": "Grants permission to apply a key-value pair to an AWS resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "agent" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "discoveryjob" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "location" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "storagesystem" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "task" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "taskexecution" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve all domains", - "privilege": "ListDomains", + "access_level": "Tagging", + "description": "Grants permission to remove one or more tags from the specified resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "agent" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "discoveryjob" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "location" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "storagesystem" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "task" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "taskexecution" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list owners of an entity like domain unit", - "privilege": "ListEntityOwners", + "access_level": "Write", + "description": "Grants permission to update the name of an agent", + "privilege": "UpdateAgent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "agent*" } ] }, { - "access_level": "List", - "description": "Grants permission to list environment actions in a default service blueprint environment", - "privilege": "ListEnvironmentActions", + "access_level": "Write", + "description": "Grants permission to update a discovery job", + "privilege": "UpdateDiscoveryJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "discoveryjob*" } ] }, { - "access_level": "List", - "description": "Grants permission to list environment blueprint configuration summaries", - "privilege": "ListEnvironmentBlueprintConfigurationSummaries", + "access_level": "Write", + "description": "Grants permission to update an Azure Blob Storage sync location", + "privilege": "UpdateLocationAzureBlob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "location*" } ] }, { - "access_level": "List", - "description": "Grants permission to list environment blueprint configurations", - "privilege": "ListEnvironmentBlueprintConfigurations", + "access_level": "Write", + "description": "Grants permission to update an EFS sync Location", + "privilege": "UpdateLocationEfs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "location*" } ] }, { - "access_level": "List", - "description": "Grants permission to list Domain for Environment Blueprints", - "privilege": "ListEnvironmentBlueprints", + "access_level": "Write", + "description": "Grants permission to update an FSx Lustre sync Location", + "privilege": "UpdateLocationFsxLustre", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "location*" } ] }, { - "access_level": "List", - "description": "Grants permission to list Domain for Environment Profiles", - "privilege": "ListEnvironmentProfiles", + "access_level": "Write", + "description": "Grants permission to update an FSx ONTAP sync Location", + "privilege": "UpdateLocationFsxOntap", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "location*" } ] }, { - "access_level": "List", - "description": "Grants permission to show Environments in the Domain", - "privilege": "ListEnvironments", + "access_level": "Write", + "description": "Grants permission to update an FSx OpenZFS sync Location", + "privilege": "UpdateLocationFsxOpenZfs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "location*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all the DataZone group profiles that the DataZone user profile is a member of", - "privilege": "ListGroupsForUser", + "access_level": "Write", + "description": "Grants permission to update an FSx Windows sync Location", + "privilege": "UpdateLocationFsxWindows", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "location*" } ] }, { - "access_level": "List", - "description": "Grants permission to list job runs", - "privilege": "ListJobRuns", + "access_level": "Write", + "description": "Grants permission to update an HDFS sync Location", + "privilege": "UpdateLocationHdfs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "location*" } ] }, { - "access_level": "List", - "description": "Grants permission to list lineage events", - "privilege": "ListLineageEvents", + "access_level": "Write", + "description": "Grants permission to update an NFS sync Location", + "privilege": "UpdateLocationNfs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "location*" } ] }, { - "access_level": "List", - "description": "Grants permission to list historical versions of lineage node", - "privilege": "ListLineageNodeHistory", + "access_level": "Write", + "description": "Grants permission to update a self-managed object storage server location", + "privilege": "UpdateLocationObjectStorage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "location*" } ] }, { - "access_level": "List", - "description": "Grants permission to list linked type items linked to an Amazon DataZone Domain", - "privilege": "ListLinkedTypes", + "access_level": "Write", + "description": "Grants permission to update an S3 sync Location", + "privilege": "UpdateLocationS3", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "location*" } ] }, { - "access_level": "List", - "description": "Grants permission to list metadata generation runs", - "privilege": "ListMetadataGenerationRuns", + "access_level": "Write", + "description": "Grants permission to update a SMB sync location", + "privilege": "UpdateLocationSmb", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "location*" } ] }, { - "access_level": "List", - "description": "Grants permission to list notifications and events for a datazone user", - "privilege": "ListNotifications", + "access_level": "Write", + "description": "Grants permission to update a storage system", + "privilege": "UpdateStorageSystem", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "storagesystem*" } ] }, { - "access_level": "List", - "description": "Grants permission to list policy grants", - "privilege": "ListPolicyGrants", + "access_level": "Write", + "description": "Grants permission to update metadata associated with a sync task", + "privilege": "UpdateTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "task*" } ] }, { - "access_level": "List", - "description": "Grants permission to list Project Members", - "privilege": "ListProjectMemberships", + "access_level": "Write", + "description": "Grants permission to update execution of a sync task", + "privilege": "UpdateTaskExecution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "taskexecution*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:datasync:${Region}:${AccountId}:agent/${AgentId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "agent" }, { - "access_level": "List", - "description": "Grants permission to list project profiles", - "privilege": "ListProjectProfiles", + "arn": "arn:${Partition}:datasync:${Region}:${AccountId}:location/${LocationId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "location" + }, + { + "arn": "arn:${Partition}:datasync:${Region}:${AccountId}:task/${TaskId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "task" + }, + { + "arn": "arn:${Partition}:datasync:${Region}:${AccountId}:task/${TaskId}/execution/${ExecutionId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "taskexecution" + }, + { + "arn": "arn:${Partition}:datasync:${Region}:${AccountId}:system/${StorageSystemId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "storagesystem" + }, + { + "arn": "arn:${Partition}:datasync:${Region}:${AccountId}:system/${StorageSystemId}/job/${DiscoveryJobId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "discoveryjob" + } + ], + "service_name": "AWS DataSync" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + }, + { + "condition": "datazone:domainId", + "description": "Filters access by the domain ID passed in the request", + "type": "String" + }, + { + "condition": "datazone:projectId", + "description": "Filters access by the project ID passed in the request", + "type": "String" + }, + { + "condition": "datazone:userId", + "description": "Filters access by the user ID passed in the request", + "type": "String" + } + ], + "prefix": "datazone", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to accept prediction", + "privilege": "AcceptPredictions", "resource_types": [ { "condition_keys": [], @@ -77738,9 +82736,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list Projects", - "privilege": "ListProjects", + "access_level": "Write", + "description": "Grants permission to approve a subscription request for a Data Asset", + "privilege": "AcceptSubscriptionRequest", "resource_types": [ { "condition_keys": [], @@ -77750,9 +82748,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list rules", - "privilege": "ListRules", + "access_level": "Write", + "description": "Grants permission to add an owner to an entity like domain unit", + "privilege": "AddEntityOwner", "resource_types": [ { "condition_keys": [], @@ -77762,9 +82760,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to List subscription grants for a subscribed principal", - "privilege": "ListSubscriptionGrants", + "access_level": "Permissions management", + "description": "Grants permission to add a policy grant", + "privilege": "AddPolicyGrant", "resource_types": [ { "condition_keys": [], @@ -77774,9 +82772,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list subscription requests", - "privilege": "ListSubscriptionRequests", + "access_level": "Write", + "description": "Grants permission to associate a role in a default service blueprint environment", + "privilege": "AssociateEnvironmentRole", "resource_types": [ { "condition_keys": [], @@ -77786,9 +82784,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list subscription targets", - "privilege": "ListSubscriptionTargets", + "access_level": "Write", + "description": "Grants permission to associate governed terms to an asset", + "privilege": "AssociateGovernedTerms", "resource_types": [ { "condition_keys": [], @@ -77798,33 +82796,33 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list subscriptions", - "privilege": "ListSubscriptions", + "access_level": "Write", + "description": "Grants permission to remove linked type items from an Amazon DataZone Domain", + "privilege": "BatchDeleteLinkedTypes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "domain*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve all tags associated with a resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to put linked type items to an Amazon DataZone Domain", + "privilege": "BatchPutLinkedTypes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain" + "resource_type": "domain*" } ] }, { - "access_level": "List", - "description": "Grants permission to list existing TimeSeriesDataPoints", - "privilege": "ListTimeSeriesDataPoints", + "access_level": "Write", + "description": "Grants permission to cancel metadata generation run", + "privilege": "CancelMetadataGenerationRun", "resource_types": [ { "condition_keys": [], @@ -77834,9 +82832,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list available Manager Secrets", - "privilege": "ListWarehouseMetadata", + "access_level": "Write", + "description": "Grants permission to revoke or unsubscribe an approved subscription to Data Asset", + "privilege": "CancelSubscription", "resource_types": [ { "condition_keys": [], @@ -77847,8 +82845,8 @@ }, { "access_level": "Write", - "description": "Grants permission to post lineage events", - "privilege": "PostLineageEvent", + "description": "Grants permission to create an account pool", + "privilege": "CreateAccountPool", "resource_types": [ { "condition_keys": [], @@ -77859,8 +82857,8 @@ }, { "access_level": "Write", - "description": "Grants permission to post a new TimeSeriesDataPoints", - "privilege": "PostTimeSeriesDataPoints", + "description": "Grants permission to create asset", + "privilege": "CreateAsset", "resource_types": [ { "condition_keys": [], @@ -77871,8 +82869,8 @@ }, { "access_level": "Write", - "description": "Grants permission to provision domain with default project setup", - "privilege": "ProvisionDomain", + "description": "Grants permission to create asset filter", + "privilege": "CreateAssetFilter", "resource_types": [ { "condition_keys": [], @@ -77882,9 +82880,9 @@ ] }, { - "access_level": "Permissions management", - "description": "Grants permission to add a resource policy for a DataZone Domain", - "privilege": "PutDomainSharingPolicy", + "access_level": "Write", + "description": "Grants permission to create new revision of an asset", + "privilege": "CreateAssetRevision", "resource_types": [ { "condition_keys": [], @@ -77895,8 +82893,8 @@ }, { "access_level": "Write", - "description": "Grants permission to put environment blueprint configuration", - "privilege": "PutEnvironmentBlueprintConfiguration", + "description": "Grants permission to create an asset type", + "privilege": "CreateAssetType", "resource_types": [ { "condition_keys": [], @@ -77907,8 +82905,8 @@ }, { "access_level": "Write", - "description": "Grants permission to refresh token", - "privilege": "RefreshToken", + "description": "Grants permission to create connections", + "privilege": "CreateConnection", "resource_types": [ { "condition_keys": [], @@ -77919,8 +82917,8 @@ }, { "access_level": "Write", - "description": "Grants permission to reject prediction", - "privilege": "RejectPredictions", + "description": "Grants permission to create data product", + "privilege": "CreateDataProduct", "resource_types": [ { "condition_keys": [], @@ -77931,8 +82929,8 @@ }, { "access_level": "Write", - "description": "Grants permission to reject a subscription request for a Data Asset", - "privilege": "RejectSubscriptionRequest", + "description": "Grants permission to create data product revision", + "privilege": "CreateDataProductRevision", "resource_types": [ { "condition_keys": [], @@ -77943,8 +82941,8 @@ }, { "access_level": "Write", - "description": "Grants permission to remove an existing owner of an entity like domain unit", - "privilege": "RemoveEntityOwner", + "description": "Grants permission to create a new DataSource", + "privilege": "CreateDataSource", "resource_types": [ { "condition_keys": [], @@ -77955,11 +82953,14 @@ }, { "access_level": "Write", - "description": "Grants permission to remove a policy grant", - "privilege": "RemovePolicyGrant", + "description": "Grants permission to provision a domain which is a top level entity that contains other Amazon DataZone resources", + "privilege": "CreateDomain", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -77967,8 +82968,8 @@ }, { "access_level": "Write", - "description": "Grants permission to revoke a subscription", - "privilege": "RevokeSubscription", + "description": "Grants permission to create a domain unit", + "privilege": "CreateDomainUnit", "resource_types": [ { "condition_keys": [], @@ -77978,9 +82979,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to search datazone entities", - "privilege": "Search", + "access_level": "Write", + "description": "Grants permission to create a collection of configurated resources used to publish and subscribe to data", + "privilege": "CreateEnvironment", "resource_types": [ { "condition_keys": [], @@ -77990,9 +82991,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to search DataZone group profiles and IAM Identity Center groups", - "privilege": "SearchGroupProfiles", + "access_level": "Write", + "description": "Grants permission to create an environment action in a default service blueprint environment", + "privilege": "CreateEnvironmentAction", "resource_types": [ { "condition_keys": [], @@ -78002,9 +83003,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to search listings", - "privilege": "SearchListings", + "access_level": "Write", + "description": "Grants permission to create a custom Environment Blueprint that allow user to add Environments to their Project", + "privilege": "CreateEnvironmentBlueprint", "resource_types": [ { "condition_keys": [], @@ -78014,9 +83015,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to search rules", - "privilege": "SearchRules", + "access_level": "Write", + "description": "Grants permission to create a template from a Blueprint that can be used to create a Environment", + "privilege": "CreateEnvironmentProfile", "resource_types": [ { "condition_keys": [], @@ -78026,9 +83027,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to search types such asset types and form types in a domain", - "privilege": "SearchTypes", + "access_level": "Write", + "description": "Grants permission to create a form type or a new revision of it", + "privilege": "CreateFormType", "resource_types": [ { "condition_keys": [], @@ -78038,9 +83039,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to search DataZone user profiles, IAM Identity Center users, and DataZone IAM principal profiles", - "privilege": "SearchUserProfiles", + "access_level": "Write", + "description": "Grants permission to create a business glossary", + "privilege": "CreateGlossary", "resource_types": [ { "condition_keys": [], @@ -78051,8 +83052,8 @@ }, { "access_level": "Write", - "description": "Grants permission to login using SSO", - "privilege": "SsoLogin", + "description": "Grants permission to create a glossary term", + "privilege": "CreateGlossaryTerm", "resource_types": [ { "condition_keys": [], @@ -78063,8 +83064,8 @@ }, { "access_level": "Write", - "description": "Grants permission to logout as SSO user", - "privilege": "SsoLogout", + "description": "Grants permission to create a DataZone group profile for an IAM Identity Center group", + "privilege": "CreateGroupProfile", "resource_types": [ { "condition_keys": [], @@ -78075,8 +83076,8 @@ }, { "access_level": "Write", - "description": "Grants permission to start a DataSource run job", - "privilege": "StartDataSourceRun", + "description": "Grants permission to create listing change set", + "privilege": "CreateListingChangeSet", "resource_types": [ { "condition_keys": [], @@ -78087,8 +83088,8 @@ }, { "access_level": "Write", - "description": "Grants permission to start metadata generation run", - "privilege": "StartMetadataGenerationRun", + "description": "Grants permission to create a Project to enable your team to publish and subscribe to data", + "privilege": "CreateProject", "resource_types": [ { "condition_keys": [], @@ -78099,8 +83100,8 @@ }, { "access_level": "Write", - "description": "Grants permission to stop metadata generation run", - "privilege": "StopMetadataGenerationRun", + "description": "Grants permission to add a user to a Project", + "privilege": "CreateProjectMembership", "resource_types": [ { "condition_keys": [], @@ -78110,48 +83111,33 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to add or update tags to a resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to create a project profile", + "privilege": "CreateProjectProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags associated with a resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to create rule", + "privilege": "CreateRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update asset filter", - "privilege": "UpdateAssetFilter", + "description": "Grants permission to create a grant for an approved subscription on a subscription target", + "privilege": "CreateSubscriptionGrant", "resource_types": [ { "condition_keys": [], @@ -78162,8 +83148,8 @@ }, { "access_level": "Write", - "description": "Grants permission to update connections", - "privilege": "UpdateConnection", + "description": "Grants permission to create a subscription request for a Data Asset", + "privilege": "CreateSubscriptionRequest", "resource_types": [ { "condition_keys": [], @@ -78174,8 +83160,8 @@ }, { "access_level": "Write", - "description": "Grants permission to update existing DataSource", - "privilege": "UpdateDataSource", + "description": "Grants permission to create a subscription target for a Environment in the project", + "privilege": "CreateSubscriptionTarget", "resource_types": [ { "condition_keys": [], @@ -78186,8 +83172,8 @@ }, { "access_level": "Write", - "description": "Grants permission to update data source run activities", - "privilege": "UpdateDataSourceRunActivities", + "description": "Grants permission to create a user profile for an existing user in the customers IAM Identity Center", + "privilege": "CreateUserProfile", "resource_types": [ { "condition_keys": [], @@ -78198,20 +83184,20 @@ }, { "access_level": "Write", - "description": "Grants permission to update information for a domain", - "privilege": "UpdateDomain", + "description": "Grants permission to delete an account pool", + "privilege": "DeleteAccountPool", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update an existing domain unit", - "privilege": "UpdateDomainUnit", + "description": "Grants permission to delete an asset", + "privilege": "DeleteAsset", "resource_types": [ { "condition_keys": [], @@ -78222,8 +83208,8 @@ }, { "access_level": "Write", - "description": "Grants permission to update Environment settings", - "privilege": "UpdateEnvironment", + "description": "Grants permission to delete asset filter", + "privilege": "DeleteAssetFilter", "resource_types": [ { "condition_keys": [], @@ -78234,8 +83220,8 @@ }, { "access_level": "Write", - "description": "Grants permission to update an environment action in a default service blueprint environment", - "privilege": "UpdateEnvironmentAction", + "description": "Grants permission to delete an asset type", + "privilege": "DeleteAssetType", "resource_types": [ { "condition_keys": [], @@ -78246,8 +83232,8 @@ }, { "access_level": "Write", - "description": "Grants permission to update Environment Blueprint settings", - "privilege": "UpdateEnvironmentBlueprint", + "description": "Grants permission to delete connections", + "privilege": "DeleteConnection", "resource_types": [ { "condition_keys": [], @@ -78258,8 +83244,8 @@ }, { "access_level": "Write", - "description": "Grants permission to update environment configuration", - "privilege": "UpdateEnvironmentConfiguration", + "description": "Grants permission to delete data product", + "privilege": "DeleteDataProduct", "resource_types": [ { "condition_keys": [], @@ -78270,8 +83256,8 @@ }, { "access_level": "Write", - "description": "Grants permission to update status of the Environment deployment", - "privilege": "UpdateEnvironmentDeploymentStatus", + "description": "Grants permission to update existing DataSource", + "privilege": "DeleteDataSource", "resource_types": [ { "condition_keys": [], @@ -78282,20 +83268,20 @@ }, { "access_level": "Write", - "description": "Grants permission to update EnvironmentProfile configuration", - "privilege": "UpdateEnvironmentProfile", + "description": "Grants permission to delete a provisioned domain", + "privilege": "DeleteDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "domain*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a business glossary", - "privilege": "UpdateGlossary", + "access_level": "Permissions management", + "description": "Grants permission to delete a resource policy for a DataZone Domain", + "privilege": "DeleteDomainSharingPolicy", "resource_types": [ { "condition_keys": [], @@ -78306,8 +83292,8 @@ }, { "access_level": "Write", - "description": "Grants permission to update a glossary term", - "privilege": "UpdateGlossaryTerm", + "description": "Grants permission to delete an existing domain unit", + "privilege": "DeleteDomainUnit", "resource_types": [ { "condition_keys": [], @@ -78318,8 +83304,8 @@ }, { "access_level": "Write", - "description": "Grants permission to update a DataZone group profile", - "privilege": "UpdateGroupProfile", + "description": "Grants permission to Delete Environment", + "privilege": "DeleteEnvironment", "resource_types": [ { "condition_keys": [], @@ -78330,8 +83316,8 @@ }, { "access_level": "Write", - "description": "Grants permission to update a Project that enables your team to publish and subscribe to data", - "privilege": "UpdateProject", + "description": "Grants permission to delete an environment action in a default service blueprint environment", + "privilege": "DeleteEnvironmentAction", "resource_types": [ { "condition_keys": [], @@ -78342,8 +83328,8 @@ }, { "access_level": "Write", - "description": "Grants permission to update a project profile", - "privilege": "UpdateProjectProfile", + "description": "Grants permission to delete Environment Blueprint", + "privilege": "DeleteEnvironmentBlueprint", "resource_types": [ { "condition_keys": [], @@ -78354,8 +83340,8 @@ }, { "access_level": "Write", - "description": "Grants permission to update rule", - "privilege": "UpdateRule", + "description": "Grants permission to delete environment blueprint configuration", + "privilege": "DeleteEnvironmentBlueprintConfiguration", "resource_types": [ { "condition_keys": [], @@ -78366,8 +83352,8 @@ }, { "access_level": "Write", - "description": "Grants permission to update a subscription grant status for custom grants", - "privilege": "UpdateSubscriptionGrantStatus", + "description": "Grants permission to delete Environment Profile", + "privilege": "DeleteEnvironmentProfile", "resource_types": [ { "condition_keys": [], @@ -78378,8 +83364,8 @@ }, { "access_level": "Write", - "description": "Grants permission to update business reason for subscription request for a Data Asset", - "privilege": "UpdateSubscriptionRequest", + "description": "Grants permission to delete a form type", + "privilege": "DeleteFormType", "resource_types": [ { "condition_keys": [], @@ -78390,8 +83376,8 @@ }, { "access_level": "Write", - "description": "Grants permission to update a subscription target", - "privilege": "UpdateSubscriptionTarget", + "description": "Grants permission to delete a business glossary", + "privilege": "DeleteGlossary", "resource_types": [ { "condition_keys": [], @@ -78402,8 +83388,8 @@ }, { "access_level": "Write", - "description": "Grants permission to update a DataZone user profile", - "privilege": "UpdateUserProfile", + "description": "Grants permission to delete a glossary term", + "privilege": "DeleteGlossaryTerm", "resource_types": [ { "condition_keys": [], @@ -78414,8 +83400,8 @@ }, { "access_level": "Write", - "description": "Grants permission to validate pass role", - "privilege": "ValidatePassRole", + "description": "Grants permission to delete listing", + "privilege": "DeleteListing", "resource_types": [ { "condition_keys": [], @@ -78423,43 +83409,11 @@ "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:datazone:${Region}:${Account}:domain/${DomainId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "domain" - } - ], - "service_name": "Amazon DataZone" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", - "type": "String" }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", - "type": "ArrayOfString" - } - ], - "prefix": "datazonecontrol", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to request association of an account with a given domain", - "privilege": "CreateAccountAssociationInvitation", + "description": "Grants permission to delete a Project that enables your team to publish and subscribe to data", + "privilege": "DeleteProject", "resource_types": [ { "condition_keys": [], @@ -78470,14 +83424,11 @@ }, { "access_level": "Write", - "description": "Grants permission to create Amazon DataZone data sources used for publishing and subscribing to data", - "privilege": "CreateDataSource", + "description": "Grants permission to remove a user from a project", + "privilege": "DeleteProjectMembership", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -78485,14 +83436,11 @@ }, { "access_level": "Write", - "description": "Grants permission to provision a root-domain which is a top level entity that contains other Amazon DataZone resources", - "privilege": "CreateEnvironment", + "description": "Grants permission to delete a project profile", + "privilege": "DeleteProjectProfile", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -78500,32 +83448,32 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a data source", - "privilege": "DeleteDataSource", + "description": "Grants permission to delete rule", + "privilege": "DeleteRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "data-source*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a provisioned root-domain", - "privilege": "DeleteEnvironment", + "description": "Grants permission to delete a subscription grant from a subscription target", + "privilege": "DeleteSubscriptionGrant", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate an account with a given domain", - "privilege": "DissociateAccount", + "description": "Grants permission to delete a pending subscription request for a Data Asset", + "privilege": "DeleteSubscriptionRequest", "resource_types": [ { "condition_keys": [], @@ -78535,9 +83483,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about any associated domain in the associated account", - "privilege": "GetAssociatedDomain", + "access_level": "Write", + "description": "Grants permission to delete a subscription target from a Environment in the project", + "privilege": "DeleteSubscriptionTarget", "resource_types": [ { "condition_keys": [], @@ -78547,21 +83495,21 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve any data source under any domain for a given root-domain", - "privilege": "GetDataSourceByEnvironment", + "access_level": "Write", + "description": "Grants permission to delete existing TimeSeriesDataPoints", + "privilege": "DeleteTimeSeriesDataPoints", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "data-source*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about any domain in the account", - "privilege": "GetDomain", + "access_level": "Write", + "description": "Grants permission to disassociate a role in a default service blueprint environment", + "privilege": "DisassociateEnvironmentRole", "resource_types": [ { "condition_keys": [], @@ -78571,21 +83519,21 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about a root-domain", - "privilege": "GetEnvironment", + "access_level": "Write", + "description": "Grants permission to disassociate governed terms to an asset", + "privilege": "DisassociateGovernedTerms", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve a publishing job", - "privilege": "GetMetadataCollector", + "description": "Grants permission to get account pool details", + "privilege": "GetAccountPool", "resource_types": [ { "condition_keys": [], @@ -78596,8 +83544,8 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve credentials to log into Amazon DataZone data portal from AWS management console", - "privilege": "GetUserPortalLoginAuthCode", + "description": "Grants permission to retrieve an asset", + "privilege": "GetAsset", "resource_types": [ { "condition_keys": [], @@ -78607,9 +83555,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to retrieve all account-association invitations for a given associated account", - "privilege": "ListAccountAssociationInvitations", + "access_level": "Read", + "description": "Grants permission to get asset filter", + "privilege": "GetAssetFilter", "resource_types": [ { "condition_keys": [], @@ -78619,9 +83567,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all associated accounts under the given root-domain, including accounts associated to its sub-domains", - "privilege": "ListAllAssociatedAccountsForEnvironment", + "access_level": "Read", + "description": "Grants permission to get an asset type", + "privilege": "GetAssetType", "resource_types": [ { "condition_keys": [], @@ -78631,9 +83579,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to lists all the associated domains for a given associated account", - "privilege": "ListAssociatedEnvironments", + "access_level": "Read", + "description": "Grants permission to get connections", + "privilege": "GetConnection", "resource_types": [ { "condition_keys": [], @@ -78643,9 +83591,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to retrieve all data sources under any domain in the associated account", - "privilege": "ListDataSources", + "access_level": "Read", + "description": "Grants permission to get data product", + "privilege": "GetDataProduct", "resource_types": [ { "condition_keys": [], @@ -78655,9 +83603,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to retrieve all data sources under any domain for a given root-domain", - "privilege": "ListDataSourcesByEnvironment", + "access_level": "Read", + "description": "Grants permission to Get a existing DataSource in Amazon DataZone using its identifier", + "privilege": "GetDataSource", "resource_types": [ { "condition_keys": [], @@ -78667,9 +83615,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all the sub-domains for a given domain or a root-domain", - "privilege": "ListDomains", + "access_level": "Read", + "description": "Grants permission to get DataSource run job in Amazon DataZone using it's identifier", + "privilege": "GetDataSourceRun", "resource_types": [ { "condition_keys": [], @@ -78679,21 +83627,21 @@ ] }, { - "access_level": "List", - "description": "Grants permission to retrieve all root-domains", - "privilege": "ListEnvironment", + "access_level": "Read", + "description": "Grants permission to retrieve information about a domain", + "privilege": "GetDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "domain*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all runs for a given publishing job through Amazon DataZone console for a data source", - "privilege": "ListMetadataCollectorRuns", + "access_level": "Read", + "description": "Grants permission to use features that require access to domain execution role credentials", + "privilege": "GetDomainExecutionRoleCredentials", "resource_types": [ { "condition_keys": [], @@ -78703,9 +83651,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to retrieve all publishing jobs", - "privilege": "ListMetadataCollectors", + "access_level": "Read", + "description": "Grants permission to retrieve a resource policy for a DataZone Domain", + "privilege": "GetDomainSharingPolicy", "resource_types": [ { "condition_keys": [], @@ -78715,9 +83663,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to retrieve all Amazon DataZone projects", - "privilege": "ListProjects", + "access_level": "Read", + "description": "Grants permission to get an existing domain unit", + "privilege": "GetDomainUnit", "resource_types": [ { "condition_keys": [], @@ -78728,25 +83676,20 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve all tags associated with a resource", - "privilege": "ListTagsForResource", + "description": "Grants permission to get Environment details", + "privilege": "GetEnvironment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "data-source" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "environment" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to accept or reject the pending association requests for the given account", - "privilege": "ReviewAccountAssociationInvitation", + "access_level": "Read", + "description": "Grants permission to get an environment action in a default service blueprint environment", + "privilege": "GetEnvironmentAction", "resource_types": [ { "condition_keys": [], @@ -78756,58 +83699,33 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to add or update tags to a resource", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to get environment action link", + "privilege": "GetEnvironmentActionLink", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "data-source" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "environment" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags associated with a resource", - "privilege": "UntagResource", + "access_level": "Read", + "description": "Grants permission to get Environment Blueprint details", + "privilege": "GetEnvironmentBlueprint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "data-source" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "environment" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the description of the account association of the given associated account and given domain", - "privilege": "UpdateAccountAssociationDescription", + "access_level": "Read", + "description": "Grants permission to get environment blueprint configuration", + "privilege": "GetEnvironmentBlueprintConfiguration", "resource_types": [ { "condition_keys": [], @@ -78817,121 +83735,81 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update a data source", - "privilege": "UpdateDataSource", + "access_level": "Read", + "description": "Grants permission to get short term credentials that assume the Environment user role", + "privilege": "GetEnvironmentCredentials", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "data-source*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update information for a root-domain", - "privilege": "UpdateEnvironment", + "access_level": "Read", + "description": "Grants permission to get Environment Profile details", + "privilege": "GetEnvironmentProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:datazonecontrol:${Region}:${Account}:domain/${DomainId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "environment" }, - { - "arn": "arn:${Partition}:datazonecontrol:${Region}:${Account}:data-source/${DomainId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "data-source" - } - ], - "service_name": "Amazon DataZone Control" - }, - { - "conditions": [ - { - "condition": "dax:EnclosingOperation", - "description": "Used to block Transactions APIs calls and allow the non-Transaction APIs calls and vice-versa", - "type": "String" - } - ], - "prefix": "dax", - "privileges": [ { "access_level": "Read", - "description": "Grants permission to return the attributes of one or more items from one or more tables", - "privilege": "BatchGetItem", + "description": "Grants permission to get a form type", + "privilege": "GetFormType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to put or delete multiple items in one or more tables", - "privilege": "BatchWriteItem", + "access_level": "Read", + "description": "Grants permission to get a business glossary", + "privilege": "GetGlossary", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to the ConditionCheckItem operation that checks the existence of a set of attributes for the item with the given primary key", - "privilege": "ConditionCheckItem", + "description": "Grants permission to get a glossary term", + "privilege": "GetGlossaryTerm", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a DAX cluster", - "privilege": "CreateCluster", + "access_level": "Read", + "description": "Grants permission to retrieve an existing DataZone group profile", + "privilege": "GetGroupProfile", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "dax:CreateParameterGroup", - "dax:CreateSubnetGroup", - "ec2:CreateNetworkInterface", - "ec2:DeleteNetworkInterface", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "iam:GetRole", - "iam:PassRole" - ], - "resource_type": "application*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a parameter group", - "privilege": "CreateParameterGroup", + "access_level": "Permissions management", + "description": "Grants permission to an IAM principal to log into the DataZone Portal", + "privilege": "GetIamPortalLoginUrl", "resource_types": [ { "condition_keys": [], @@ -78941,9 +83819,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a subnet group", - "privilege": "CreateSubnetGroup", + "access_level": "Read", + "description": "Grants permission to get job runs", + "privilege": "GetJobRun", "resource_types": [ { "condition_keys": [], @@ -78953,52 +83831,45 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to remove one or more nodes from a DAX cluster", - "privilege": "DecreaseReplicationFactor", + "access_level": "Read", + "description": "Grants permission to get lineage events", + "privilege": "GetLineageEvent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a previously provisioned DAX cluster", - "privilege": "DeleteCluster", + "access_level": "Read", + "description": "Grants permission to get the lineage node", + "privilege": "GetLineageNode", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a single item in a table by primary key", - "privilege": "DeleteItem", + "access_level": "Read", + "description": "Grants permission to get listing", + "privilege": "GetListing", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" - }, - { - "condition_keys": [ - "dax:EnclosingOperation" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified parameter group", - "privilege": "DeleteParameterGroup", + "access_level": "Read", + "description": "Grants permission to get metadata generation run", + "privilege": "GetMetadataGenerationRun", "resource_types": [ { "condition_keys": [], @@ -79008,9 +83879,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete a subnet group", - "privilege": "DeleteSubnetGroup", + "access_level": "Read", + "description": "Grants permission to get Project details", + "privilege": "GetProject", "resource_types": [ { "condition_keys": [], @@ -79020,21 +83891,21 @@ ] }, { - "access_level": "List", - "description": "Grants permission to return information about all provisioned DAX clusters", - "privilege": "DescribeClusters", + "access_level": "Read", + "description": "Grants permission to get project profile details", + "privilege": "GetProjectProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to return the default system parameter information for DAX", - "privilege": "DescribeDefaultParameters", + "access_level": "Read", + "description": "Grants permission to get rule", + "privilege": "GetRule", "resource_types": [ { "condition_keys": [], @@ -79044,9 +83915,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to return events related to DAX clusters and parameter groups", - "privilege": "DescribeEvents", + "access_level": "Read", + "description": "Grants permission to retrieve a subscription", + "privilege": "GetSubscription", "resource_types": [ { "condition_keys": [], @@ -79056,9 +83927,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to return a list of parameter group descriptions", - "privilege": "DescribeParameterGroups", + "access_level": "Read", + "description": "Grants permission to get subscription eligibilty", + "privilege": "GetSubscriptionEligibility", "resource_types": [ { "condition_keys": [], @@ -79069,8 +83940,8 @@ }, { "access_level": "Read", - "description": "Grants permission to return the detailed parameter list for a particular parameter group", - "privilege": "DescribeParameters", + "description": "Grants permission to retireve a subscription grant", + "privilege": "GetSubscriptionGrant", "resource_types": [ { "condition_keys": [], @@ -79080,9 +83951,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to return a list of subnet group descriptions", - "privilege": "DescribeSubnetGroups", + "access_level": "Read", + "description": "Grants permission to reject a subscription request for a Data Asset", + "privilege": "GetSubscriptionRequestDetails", "resource_types": [ { "condition_keys": [], @@ -79093,161 +83964,140 @@ }, { "access_level": "Read", - "description": "Grants permission to the GetItem operation that returns a set of attributes for the item with the given primary key", - "privilege": "GetItem", + "description": "Grants permission to retireve details of subscription target", + "privilege": "GetSubscriptionTarget", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" - }, - { - "condition_keys": [ - "dax:EnclosingOperation" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to add one or more nodes to a DAX cluster", - "privilege": "IncreaseReplicationFactor", + "access_level": "Read", + "description": "Grants permission to get an existing TimeSeriesDataPoints in Amazon DataZone using its identifier", + "privilege": "GetTimeSeriesDataPoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to return a list all of the tags for a DAX cluster", - "privilege": "ListTags", + "description": "Grants permission to get update eligibility status for project constructs", + "privilege": "GetUpdateEligibility", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new item, or replace an old item with a new item", - "privilege": "PutItem", + "access_level": "Read", + "description": "Grants permission to retrieve a user profile for an existing user in the DataZone Domain", + "privilege": "GetUserProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" - }, - { - "condition_keys": [ - "dax:EnclosingOperation" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to use the primary key of a table or a secondary index to directly access items from that table or index", - "privilege": "Query", + "access_level": "List", + "description": "Grants permission to list Environments across all domains in an AWS Account", + "privilege": "ListAccountEnvironments", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to reboot a single node of a DAX cluster", - "privilege": "RebootNode", + "access_level": "List", + "description": "Grants permission to list account pools", + "privilege": "ListAccountPools", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return one or more items and item attributes by accessing every item in a table or a secondary index", - "privilege": "Scan", + "access_level": "List", + "description": "Grants permission to list accounts in an account pool", + "privilege": "ListAccountsInAccountPool", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to associate a set of tags with a DAX resource", - "privilege": "TagResource", + "access_level": "List", + "description": "Grants permission to list asset filters", + "privilege": "ListAssetFilters", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove the association of tags from a DAX resource", - "privilege": "UntagResource", + "access_level": "List", + "description": "Grants permission to list revisions of an asset", + "privilege": "ListAssetRevisions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to modify the settings for a DAX cluster", - "privilege": "UpdateCluster", + "access_level": "List", + "description": "Grants permission to list connections", + "privilege": "ListConnections", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to edit an existing item's attributes, or adds a new item to the table if it does not already exist", - "privilege": "UpdateItem", + "access_level": "List", + "description": "Grants permission to list data product revisions", + "privilege": "ListDataProductRevisions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" - }, - { - "condition_keys": [ - "dax:EnclosingOperation" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to modify the parameters of a parameter group", - "privilege": "UpdateParameterGroup", + "access_level": "List", + "description": "Grants permission to list DataSource runs job's activities on Asset", + "privilege": "ListDataSourceRunActivities", "resource_types": [ { "condition_keys": [], @@ -79257,9 +84107,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to modify an existing subnet group", - "privilege": "UpdateSubnetGroup", + "access_level": "List", + "description": "Grants permission to list DataSource runs job", + "privilege": "ListDataSourceRuns", "resource_types": [ { "condition_keys": [], @@ -79267,25 +84117,11 @@ "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:dax:${Region}:${Account}:cache/${ClusterName}", - "condition_keys": [], - "resource": "application" - } - ], - "service_name": "Amazon DynamoDB Accelerator (DAX)" - }, - { - "conditions": [], - "prefix": "dbqms", - "privileges": [ + }, { - "access_level": "Write", - "description": "Grants permission to create a new favorite query", - "privilege": "CreateFavoriteQuery", + "access_level": "List", + "description": "Grants permission to list existing DataSources", + "privilege": "ListDataSources", "resource_types": [ { "condition_keys": [], @@ -79295,9 +84131,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to add a query to the history", - "privilege": "CreateQueryHistory", + "access_level": "List", + "description": "Grants permission to list child domain units for a given parent domain unit", + "privilege": "ListDomainUnitsForParent", "resource_types": [ { "condition_keys": [], @@ -79307,9 +84143,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a new query tab", - "privilege": "CreateTab", + "access_level": "List", + "description": "Grants permission to retrieve all domains", + "privilege": "ListDomains", "resource_types": [ { "condition_keys": [], @@ -79319,9 +84155,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete saved queries", - "privilege": "DeleteFavoriteQueries", + "access_level": "List", + "description": "Grants permission to list owners of an entity like domain unit", + "privilege": "ListEntityOwners", "resource_types": [ { "condition_keys": [], @@ -79331,9 +84167,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete a historical query", - "privilege": "DeleteQueryHistory", + "access_level": "List", + "description": "Grants permission to list environment actions in a default service blueprint environment", + "privilege": "ListEnvironmentActions", "resource_types": [ { "condition_keys": [], @@ -79343,9 +84179,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete query tab", - "privilege": "DeleteTab", + "access_level": "List", + "description": "Grants permission to list environment blueprint configuration summaries", + "privilege": "ListEnvironmentBlueprintConfigurationSummaries", "resource_types": [ { "condition_keys": [], @@ -79356,8 +84192,8 @@ }, { "access_level": "List", - "description": "Grants permission to list saved queries and associated metadata", - "privilege": "DescribeFavoriteQueries", + "description": "Grants permission to list environment blueprint configurations", + "privilege": "ListEnvironmentBlueprintConfigurations", "resource_types": [ { "condition_keys": [], @@ -79368,8 +84204,8 @@ }, { "access_level": "List", - "description": "Grants permission to list history of queries that were run", - "privilege": "DescribeQueryHistory", + "description": "Grants permission to list Domain for Environment Blueprints", + "privilege": "ListEnvironmentBlueprints", "resource_types": [ { "condition_keys": [], @@ -79380,8 +84216,8 @@ }, { "access_level": "List", - "description": "Grants permission to list query tabs and associated metadata", - "privilege": "DescribeTabs", + "description": "Grants permission to list Domain for Environment Profiles", + "privilege": "ListEnvironmentProfiles", "resource_types": [ { "condition_keys": [], @@ -79391,9 +84227,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve favorite or history query string by id", - "privilege": "GetQueryString", + "access_level": "List", + "description": "Grants permission to show Environments in the Domain", + "privilege": "ListEnvironments", "resource_types": [ { "condition_keys": [], @@ -79403,9 +84239,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update saved query and description", - "privilege": "UpdateFavoriteQuery", + "access_level": "List", + "description": "Grants permission to list all the DataZone group profiles that the DataZone user profile is a member of", + "privilege": "ListGroupsForUser", "resource_types": [ { "condition_keys": [], @@ -79415,9 +84251,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update the query history", - "privilege": "UpdateQueryHistory", + "access_level": "List", + "description": "Grants permission to list job runs", + "privilege": "ListJobRuns", "resource_types": [ { "condition_keys": [], @@ -79427,9 +84263,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update query tab", - "privilege": "UpdateTab", + "access_level": "List", + "description": "Grants permission to list lineage events", + "privilege": "ListLineageEvents", "resource_types": [ { "condition_keys": [], @@ -79437,321 +84273,194 @@ "resource_type": "" } ] - } - ], - "resources": [], - "service_name": "Database Query Metadata Service" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", - "type": "ArrayOfString" - }, - { - "condition": "deadline:AssociatedMembershipLevel", - "description": "Filters access by the associated membership level of the principal provided in the request", - "type": "String" - }, - { - "condition": "deadline:FarmMembershipLevels", - "description": "Filters access by membership levels on the farm", - "type": "ArrayOfString" - }, - { - "condition": "deadline:FleetMembershipLevels", - "description": "Filters access by membership levels on the fleet", - "type": "ArrayOfString" - }, - { - "condition": "deadline:JobMembershipLevels", - "description": "Filters access by membership levels on the job", - "type": "ArrayOfString" - }, - { - "condition": "deadline:MembershipLevel", - "description": "Filters access by the membership level passed in the request", - "type": "String" - }, - { - "condition": "deadline:PrincipalId", - "description": "Filters access by the principle ID provided in the request", - "type": "String" - }, - { - "condition": "deadline:QueueMembershipLevels", - "description": "Filters access by membership levels on the queue", - "type": "ArrayOfString" }, { - "condition": "deadline:RequesterPrincipalId", - "description": "Filters access by the user calling the Deadline Cloud API", - "type": "String" - } - ], - "prefix": "deadline", - "privileges": [ - { - "access_level": "Permissions management", - "description": "Grants permission to associate a member to a farm", - "privilege": "AssociateMemberToFarm", + "access_level": "List", + "description": "Grants permission to list historical versions of lineage node", + "privilege": "ListLineageNodeHistory", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:DescribeGroup", - "identitystore:DescribeUser", - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "farm*" - }, - { - "condition_keys": [ - "deadline:AssociatedMembershipLevel", - "deadline:MembershipLevel" - ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to associate a member to a fleet", - "privilege": "AssociateMemberToFleet", + "access_level": "List", + "description": "Grants permission to list linked type items linked to an Amazon DataZone Domain", + "privilege": "ListLinkedTypes", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:DescribeGroup", - "identitystore:DescribeUser", - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "fleet*" - }, + "dependent_actions": [], + "resource_type": "domain*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list metadata generation runs", + "privilege": "ListMetadataGenerationRuns", + "resource_types": [ { - "condition_keys": [ - "deadline:AssociatedMembershipLevel", - "deadline:MembershipLevel" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to associate a member to a job", - "privilege": "AssociateMemberToJob", + "access_level": "List", + "description": "Grants permission to list notifications and events for a datazone user", + "privilege": "ListNotifications", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:DescribeGroup", - "identitystore:DescribeUser", - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "job*" - }, - { - "condition_keys": [ - "deadline:AssociatedMembershipLevel", - "deadline:MembershipLevel" - ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to associate a member to a queue", - "privilege": "AssociateMemberToQueue", + "access_level": "List", + "description": "Grants permission to list policy grants", + "privilege": "ListPolicyGrants", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:DescribeGroup", - "identitystore:DescribeUser", - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "queue*" - }, - { - "condition_keys": [ - "deadline:AssociatedMembershipLevel", - "deadline:MembershipLevel" - ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to assume a fleet role for read-only access", - "privilege": "AssumeFleetRoleForRead", + "access_level": "List", + "description": "Grants permission to list Project Members", + "privilege": "ListProjectMemberships", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "fleet*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to assume a fleet role for a worker", - "privilege": "AssumeFleetRoleForWorker", + "access_level": "List", + "description": "Grants permission to list project profiles", + "privilege": "ListProjectProfiles", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "worker*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to assume a queue role for read-only access", - "privilege": "AssumeQueueRoleForRead", + "access_level": "List", + "description": "Grants permission to list Projects", + "privilege": "ListProjects", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "queue*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to assume a queue role for a user", - "privilege": "AssumeQueueRoleForUser", + "access_level": "List", + "description": "Grants permission to list rules", + "privilege": "ListRules", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "queue*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to assume a queue role for a worker", - "privilege": "AssumeQueueRoleForWorker", + "access_level": "List", + "description": "Grants permission to List subscription grants for a subscribed principal", + "privilege": "ListSubscriptionGrants", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "queue*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list subscription requests", + "privilege": "ListSubscriptionRequests", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "worker*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a job entity for a worker", - "privilege": "BatchGetJobEntity", + "access_level": "List", + "description": "Grants permission to list subscription targets", + "privilege": "ListSubscriptionTargets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "worker*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to copy a job template to an Amazon S3 bucket", - "privilege": "CopyJobTemplate", + "access_level": "List", + "description": "Grants permission to list subscriptions", + "privilege": "ListSubscriptions", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember", - "s3:PutObject" - ], - "resource_type": "job*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a budget", - "privilege": "CreateBudget", + "access_level": "Read", + "description": "Grants permission to retrieve all tags associated with a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "budget*" + "dependent_actions": [], + "resource_type": "domain" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a farm", - "privilege": "CreateFarm", + "access_level": "List", + "description": "Grants permission to list existing TimeSeriesDataPoints", + "privilege": "ListTimeSeriesDataPoints", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "deadline:TagResource" - ], - "resource_type": "farm*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a fleet", - "privilege": "CreateFleet", + "access_level": "List", + "description": "Grants permission to list available Manager Secrets", + "privilege": "ListWarehouseMetadata", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "deadline:TagResource", - "iam:PassRole", - "identitystore:ListGroupMembershipsForMember", - "logs:CreateLogGroup" - ], - "resource_type": "fleet*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], "resource_type": "" } @@ -79759,39 +84468,23 @@ }, { "access_level": "Write", - "description": "Grants permission to create a job", - "privilege": "CreateJob", + "description": "Grants permission to post lineage events", + "privilege": "PostLineageEvent", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "deadline:GetJobTemplate", - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "job*" + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a license endpoint for licensed software or products", - "privilege": "CreateLicenseEndpoint", + "description": "Grants permission to post a new TimeSeriesDataPoints", + "privilege": "PostTimeSeriesDataPoints", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "deadline:TagResource", - "ec2:CreateTags", - "ec2:CreateVpcEndpoint", - "ec2:DescribeVpcEndpoints" - ], - "resource_type": "license-endpoint*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], "resource_type": "" } @@ -79799,58 +84492,35 @@ }, { "access_level": "Write", - "description": "Grants permission to create a limit for a farm", - "privilege": "CreateLimit", + "description": "Grants permission to provision domain with default project setup", + "privilege": "ProvisionDomain", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "farm*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a monitor", - "privilege": "CreateMonitor", + "access_level": "Permissions management", + "description": "Grants permission to add a resource policy for a DataZone Domain", + "privilege": "PutDomainSharingPolicy", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:PassRole", - "sso:CreateApplication", - "sso:DeleteApplication", - "sso:PutApplicationAssignmentConfiguration", - "sso:PutApplicationAuthenticationMethod", - "sso:PutApplicationGrant" - ], - "resource_type": "monitor*" + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a queue", - "privilege": "CreateQueue", + "description": "Grants permission to put environment blueprint configuration", + "privilege": "PutEnvironmentBlueprintConfiguration", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "deadline:TagResource", - "iam:PassRole", - "identitystore:ListGroupMembershipsForMember", - "logs:CreateLogGroup", - "s3:ListBucket" - ], - "resource_type": "queue*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], "resource_type": "" } @@ -79858,286 +84528,234 @@ }, { "access_level": "Write", - "description": "Grants permission to create a queue environment", - "privilege": "CreateQueueEnvironment", + "description": "Grants permission to refresh token", + "privilege": "RefreshToken", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "queue*" + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a queue-fleet association", - "privilege": "CreateQueueFleetAssociation", + "description": "Grants permission to reject prediction", + "privilege": "RejectPredictions", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "fleet*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "queue*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a queue-limit association", - "privilege": "CreateQueueLimitAssociation", + "description": "Grants permission to reject a subscription request for a Data Asset", + "privilege": "RejectSubscriptionRequest", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "farm*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "queue*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a storage profile for a farm", - "privilege": "CreateStorageProfile", + "description": "Grants permission to remove an existing owner of an entity like domain unit", + "privilege": "RemoveEntityOwner", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "farm*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a worker", - "privilege": "CreateWorker", + "access_level": "Permissions management", + "description": "Grants permission to remove a policy grant", + "privilege": "RemovePolicyGrant", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "worker*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a budget", - "privilege": "DeleteBudget", + "access_level": "Permissions management", + "description": "Grants permission to revoke a subscription", + "privilege": "RevokeSubscription", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "budget*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a farm", - "privilege": "DeleteFarm", + "access_level": "List", + "description": "Grants permission to search datazone entities", + "privilege": "Search", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "farm*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a fleet", - "privilege": "DeleteFleet", + "access_level": "List", + "description": "Grants permission to search DataZone group profiles and IAM Identity Center groups", + "privilege": "SearchGroupProfiles", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "fleet*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a license endpoint", - "privilege": "DeleteLicenseEndpoint", + "access_level": "List", + "description": "Grants permission to search listings", + "privilege": "SearchListings", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:DeleteVpcEndpoints", - "ec2:DescribeVpcEndpoints" - ], - "resource_type": "license-endpoint*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a limit", - "privilege": "DeleteLimit", + "access_level": "List", + "description": "Grants permission to search rules", + "privilege": "SearchRules", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "farm*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a metered product", - "privilege": "DeleteMeteredProduct", + "access_level": "List", + "description": "Grants permission to search types such asset types and form types in a domain", + "privilege": "SearchTypes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "metered-product*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a monitor", - "privilege": "DeleteMonitor", + "access_level": "List", + "description": "Grants permission to search DataZone user profiles, IAM Identity Center users, and DataZone IAM principal profiles", + "privilege": "SearchUserProfiles", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "sso:DeleteApplication" - ], - "resource_type": "monitor*" + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a queue", - "privilege": "DeleteQueue", + "description": "Grants permission to login using SSO", + "privilege": "SsoLogin", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "queue*" + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a queue environment", - "privilege": "DeleteQueueEnvironment", + "description": "Grants permission to logout as SSO user", + "privilege": "SsoLogout", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "queue*" + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a queue-fleet association", - "privilege": "DeleteQueueFleetAssociation", + "description": "Grants permission to start account bootstrap action for a domain", + "privilege": "StartAccountBootstrapAction", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "fleet*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "queue*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a queue-limit association", - "privilege": "DeleteQueueLimitAssociation", + "description": "Grants permission to start a DataSource run job", + "privilege": "StartDataSourceRun", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "farm*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "queue*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a storage profile", - "privilege": "DeleteStorageProfile", + "description": "Grants permission to start metadata generation run", + "privilege": "StartMetadataGenerationRun", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "farm*" + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a worker", - "privilege": "DeleteWorker", + "description": "Grants permission to stop metadata generation run", + "privilege": "StopMetadataGenerationRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "worker*" + "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to disassociate a member from a farm", - "privilege": "DisassociateMemberFromFarm", + "access_level": "Tagging", + "description": "Grants permission to add or update tags to a resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "farm*" + "dependent_actions": [], + "resource_type": "domain*" }, { "condition_keys": [ - "deadline:AssociatedMembershipLevel" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -80145,20 +84763,18 @@ ] }, { - "access_level": "Permissions management", - "description": "Grants permission to disassociate a member from a fleet", - "privilege": "DisassociateMemberFromFleet", + "access_level": "Tagging", + "description": "Grants permission to remove tags associated with a resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "fleet*" + "dependent_actions": [], + "resource_type": "domain*" }, { "condition_keys": [ - "deadline:AssociatedMembershipLevel" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -80166,449 +84782,435 @@ ] }, { - "access_level": "Permissions management", - "description": "Grants permission to disassociate a member from a job", - "privilege": "DisassociateMemberFromJob", + "access_level": "Write", + "description": "Grants permission to update an account pool", + "privilege": "UpdateAccountPool", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "job*" - }, - { - "condition_keys": [ - "deadline:AssociatedMembershipLevel" - ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to disassociate a member from a queue", - "privilege": "DisassociateMemberFromQueue", + "access_level": "Write", + "description": "Grants permission to update asset filter", + "privilege": "UpdateAssetFilter", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "queue*" - }, - { - "condition_keys": [ - "deadline:AssociatedMembershipLevel" - ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the latest version of an application", - "privilege": "GetApplicationVersion", + "access_level": "Write", + "description": "Grants permission to update connections", + "privilege": "UpdateConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "monitor*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a budget", - "privilege": "GetBudget", + "access_level": "Write", + "description": "Grants permission to update existing DataSource", + "privilege": "UpdateDataSource", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "budget*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a farm", - "privilege": "GetFarm", + "access_level": "Write", + "description": "Grants permission to update data source run activities", + "privilege": "UpdateDataSourceRunActivities", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "farm*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a fleet", - "privilege": "GetFleet", + "access_level": "Write", + "description": "Grants permission to update information for a domain", + "privilege": "UpdateDomain", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "fleet*" + "dependent_actions": [], + "resource_type": "domain*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a job", - "privilege": "GetJob", + "access_level": "Write", + "description": "Grants permission to update an existing domain unit", + "privilege": "UpdateDomainUnit", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "job*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to read job template", - "privilege": "GetJobTemplate", + "access_level": "Write", + "description": "Grants permission to update Environment settings", + "privilege": "UpdateEnvironment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a license endpoint", - "privilege": "GetLicenseEndpoint", + "access_level": "Write", + "description": "Grants permission to update an environment action in a default service blueprint environment", + "privilege": "UpdateEnvironmentAction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "license-endpoint*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a limit", - "privilege": "GetLimit", + "access_level": "Write", + "description": "Grants permission to update Environment Blueprint settings", + "privilege": "UpdateEnvironmentBlueprint", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "farm*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a monitor", - "privilege": "GetMonitor", + "access_level": "Write", + "description": "Grants permission to update environment configuration", + "privilege": "UpdateEnvironmentConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "monitor*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a queue", - "privilege": "GetQueue", + "access_level": "Write", + "description": "Grants permission to update status of the Environment deployment", + "privilege": "UpdateEnvironmentDeploymentStatus", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "queue*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a queue environment", - "privilege": "GetQueueEnvironment", + "access_level": "Write", + "description": "Grants permission to update EnvironmentProfile configuration", + "privilege": "UpdateEnvironmentProfile", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "queue*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a queue-fleet association", - "privilege": "GetQueueFleetAssociation", + "access_level": "Write", + "description": "Grants permission to update a business glossary", + "privilege": "UpdateGlossary", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "fleet*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "queue*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a queue-limit association", - "privilege": "GetQueueLimitAssociation", + "access_level": "Write", + "description": "Grants permission to update a glossary term", + "privilege": "UpdateGlossaryTerm", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "farm*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "queue*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a session for a job", - "privilege": "GetSession", + "access_level": "Write", + "description": "Grants permission to update a DataZone group profile", + "privilege": "UpdateGroupProfile", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "job*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a session action for a job", - "privilege": "GetSessionAction", + "access_level": "Write", + "description": "Grants permission to update a Project that enables your team to publish and subscribe to data", + "privilege": "UpdateProject", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "job*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get all collected statistics for sessions", - "privilege": "GetSessionsStatisticsAggregation", + "access_level": "Write", + "description": "Grants permission to update a project profile", + "privilege": "UpdateProjectProfile", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "farm" - }, + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update rule", + "privilege": "UpdateRule", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a subscription grant status for custom grants", + "privilege": "UpdateSubscriptionGrantStatus", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "queue" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a step in a job", - "privilege": "GetStep", + "access_level": "Write", + "description": "Grants permission to update business reason for subscription request for a Data Asset", + "privilege": "UpdateSubscriptionRequest", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "job*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a storage profile", - "privilege": "GetStorageProfile", + "access_level": "Write", + "description": "Grants permission to update a subscription target", + "privilege": "UpdateSubscriptionTarget", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "farm*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a storage profile for a queue", - "privilege": "GetStorageProfileForQueue", + "access_level": "Write", + "description": "Grants permission to update a DataZone user profile", + "privilege": "UpdateUserProfile", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "queue*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a job task", - "privilege": "GetTask", + "access_level": "Write", + "description": "Grants permission to validate pass role", + "privilege": "ValidatePassRole", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "job*" + "dependent_actions": [], + "resource_type": "" } ] - }, + } + ], + "resources": [ + { + "arn": "arn:${Partition}:datazone:${Region}:${Account}:domain/${DomainId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "domain" + } + ], + "service_name": "Amazon DataZone" + }, + { + "conditions": [ + { + "condition": "dax:EnclosingOperation", + "description": "Used to block Transactions APIs calls and allow the non-Transaction APIs calls and vice-versa", + "type": "String" + } + ], + "prefix": "dax", + "privileges": [ { "access_level": "Read", - "description": "Grants permission to get a worker", - "privilege": "GetWorker", + "description": "Grants permission to return the attributes of one or more items from one or more tables", + "privilege": "BatchGetItem", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "worker*" + "dependent_actions": [], + "resource_type": "application*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all available metered products within a license endpoint", - "privilege": "ListAvailableMeteredProducts", + "access_level": "Write", + "description": "Grants permission to put or delete multiple items in one or more tables", + "privilege": "BatchWriteItem", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "application*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all budgets for a farm", - "privilege": "ListBudgets", + "access_level": "Read", + "description": "Grants permission to the ConditionCheckItem operation that checks the existence of a set of attributes for the item with the given primary key", + "privilege": "ConditionCheckItem", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "budget*" + "dependent_actions": [], + "resource_type": "application*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all members of a farm", - "privilege": "ListFarmMembers", + "access_level": "Write", + "description": "Grants permission to create a DAX cluster", + "privilege": "CreateCluster", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" + "dax:CreateParameterGroup", + "dax:CreateSubnetGroup", + "ec2:CreateNetworkInterface", + "ec2:DeleteNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "iam:GetRole", + "iam:PassRole" ], - "resource_type": "farm*" + "resource_type": "application*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all farms", - "privilege": "ListFarms", + "access_level": "Write", + "description": "Grants permission to create a parameter group", + "privilege": "CreateParameterGroup", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:DescribeGroup", - "identitystore:DescribeUser", - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "farm*" - }, + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a subnet group", + "privilege": "CreateSubnetGroup", + "resource_types": [ { - "condition_keys": [ - "deadline:PrincipalId", - "deadline:RequesterPrincipalId" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all members of a fleet", - "privilege": "ListFleetMembers", + "access_level": "Write", + "description": "Grants permission to remove one or more nodes from a DAX cluster", + "privilege": "DecreaseReplicationFactor", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "fleet*" + "dependent_actions": [], + "resource_type": "application*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all fleets", - "privilege": "ListFleets", + "access_level": "Write", + "description": "Grants permission to delete a previously provisioned DAX cluster", + "privilege": "DeleteCluster", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:DescribeGroup", - "identitystore:DescribeUser", - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "fleet*" + "dependent_actions": [], + "resource_type": "application*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a single item in a table by primary key", + "privilege": "DeleteItem", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" }, { "condition_keys": [ - "deadline:PrincipalId", - "deadline:RequesterPrincipalId" + "dax:EnclosingOperation" ], "dependent_actions": [], "resource_type": "" @@ -80616,196 +85218,157 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all members of a job", - "privilege": "ListJobMembers", + "access_level": "Write", + "description": "Grants permission to delete the specified parameter group", + "privilege": "DeleteParameterGroup", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "job*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to get a job's parameter definitions in the job template", - "privilege": "ListJobParameterDefinitions", + "access_level": "Write", + "description": "Grants permission to delete a subnet group", + "privilege": "DeleteSubnetGroup", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "job*" + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list all jobs in a queue", - "privilege": "ListJobs", + "description": "Grants permission to return information about all provisioned DAX clusters", + "privilege": "DescribeClusters", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:DescribeGroup", - "identitystore:DescribeUser", - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "job*" - }, - { - "condition_keys": [ - "deadline:PrincipalId", - "deadline:RequesterPrincipalId" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "application" } ] }, { "access_level": "List", - "description": "Grants permission to list all license endpoints", - "privilege": "ListLicenseEndpoints", + "description": "Grants permission to return the default system parameter information for DAX", + "privilege": "DescribeDefaultParameters", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "license-endpoint*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list all limits in a farm", - "privilege": "ListLimits", + "description": "Grants permission to return events related to DAX clusters and parameter groups", + "privilege": "DescribeEvents", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "farm*" + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list all metered products in a license endpoint", - "privilege": "ListMeteredProducts", + "description": "Grants permission to return a list of parameter group descriptions", + "privilege": "DescribeParameterGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "metered-product*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all monitors", - "privilege": "ListMonitors", + "access_level": "Read", + "description": "Grants permission to return the detailed parameter list for a particular parameter group", + "privilege": "DescribeParameters", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "monitor*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list all queue environments to which a queue is associated", - "privilege": "ListQueueEnvironments", + "description": "Grants permission to return a list of subnet group descriptions", + "privilege": "DescribeSubnetGroups", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "queue*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all queue-fleet associations", - "privilege": "ListQueueFleetAssociations", + "access_level": "Read", + "description": "Grants permission to the GetItem operation that returns a set of attributes for the item with the given primary key", + "privilege": "GetItem", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "farm*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet*" + "resource_type": "application*" }, { - "condition_keys": [], + "condition_keys": [ + "dax:EnclosingOperation" + ], "dependent_actions": [], - "resource_type": "queue*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all queue-limit associations", - "privilege": "ListQueueLimitAssociations", + "access_level": "Write", + "description": "Grants permission to add one or more nodes to a DAX cluster", + "privilege": "IncreaseReplicationFactor", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "farm*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "queue*" + "resource_type": "application*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all members in a queue", - "privilege": "ListQueueMembers", + "access_level": "Read", + "description": "Grants permission to return a list all of the tags for a DAX cluster", + "privilege": "ListTags", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "queue*" + "dependent_actions": [], + "resource_type": "application*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all queues on a farm", - "privilege": "ListQueues", + "access_level": "Write", + "description": "Grants permission to create a new item, or replace an old item with a new item", + "privilege": "PutItem", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:DescribeGroup", - "identitystore:DescribeUser", - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "queue*" + "dependent_actions": [], + "resource_type": "application*" }, { "condition_keys": [ - "deadline:PrincipalId", - "deadline:RequesterPrincipalId" + "dax:EnclosingOperation" ], "dependent_actions": [], "resource_type": "" @@ -80813,298 +85376,377 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all session actions for a job", - "privilege": "ListSessionActions", + "access_level": "Read", + "description": "Grants permission to use the primary key of a table or a secondary index to directly access items from that table or index", + "privilege": "Query", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "job*" + "dependent_actions": [], + "resource_type": "application*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all sessions for a job", - "privilege": "ListSessions", + "access_level": "Write", + "description": "Grants permission to reboot a single node of a DAX cluster", + "privilege": "RebootNode", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "job*" + "dependent_actions": [], + "resource_type": "application*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all sessions for a worker", - "privilege": "ListSessionsForWorker", + "access_level": "Read", + "description": "Grants permission to return one or more items and item attributes by accessing every item in a table or a secondary index", + "privilege": "Scan", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "worker*" + "dependent_actions": [], + "resource_type": "application*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the step consumers for a job step", - "privilege": "ListStepConsumers", + "access_level": "Tagging", + "description": "Grants permission to associate a set of tags with a DAX resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "job*" + "dependent_actions": [], + "resource_type": "application*" } ] }, { - "access_level": "List", - "description": "Grants permission to list dependencies for a job step", - "privilege": "ListStepDependencies", + "access_level": "Tagging", + "description": "Grants permission to remove the association of tags from a DAX resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "job*" + "dependent_actions": [], + "resource_type": "application*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all steps for a job", - "privilege": "ListSteps", + "access_level": "Write", + "description": "Grants permission to modify the settings for a DAX cluster", + "privilege": "UpdateCluster", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "job*" + "dependent_actions": [], + "resource_type": "application*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all storage profiles in a farm", - "privilege": "ListStorageProfiles", + "access_level": "Write", + "description": "Grants permission to edit an existing item's attributes, or adds a new item to the table if it does not already exist", + "privilege": "UpdateItem", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" + "dependent_actions": [], + "resource_type": "application*" + }, + { + "condition_keys": [ + "dax:EnclosingOperation" ], - "resource_type": "farm*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all storage profiles in a queue", - "privilege": "ListStorageProfilesForQueue", + "access_level": "Write", + "description": "Grants permission to modify the parameters of a parameter group", + "privilege": "UpdateParameterGroup", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "queue*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all tags on specified Deadline Cloud resources", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to modify an existing subnet group", + "privilege": "UpdateSubnetGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "farm" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "fleet" - }, + "resource_type": "" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:dax:${Region}:${Account}:cache/${ClusterName}", + "condition_keys": [], + "resource": "application" + } + ], + "service_name": "Amazon DynamoDB Accelerator (DAX)" + }, + { + "conditions": [], + "prefix": "dbqms", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create a new favorite query", + "privilege": "CreateFavoriteQuery", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "license-endpoint" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to add a query to the history", + "privilege": "CreateQueryHistory", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "queue" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all tasks for a job", - "privilege": "ListTasks", + "access_level": "Write", + "description": "Grants permission to create a new query tab", + "privilege": "CreateTab", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "job*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all workers in a fleet", - "privilege": "ListWorkers", + "access_level": "Write", + "description": "Grants permission to delete saved queries", + "privilege": "DeleteFavoriteQueries", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "worker*" + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to add a metered product to a license endpoint", - "privilege": "PutMeteredProduct", + "description": "Grants permission to delete a historical query", + "privilege": "DeleteQueryHistory", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "metered-product*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to search for jobs in multiple queues", - "privilege": "SearchJobs", + "access_level": "Write", + "description": "Grants permission to delete query tab", + "privilege": "DeleteTab", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "queue*" + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to search the steps within a single job or to search the steps for multiple queues", - "privilege": "SearchSteps", + "description": "Grants permission to list saved queries and associated metadata", + "privilege": "DescribeFavoriteQueries", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "job" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "queue" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to search the tasks within a single job or to search the tasks for multiple queues", - "privilege": "SearchTasks", + "description": "Grants permission to list history of queries that were run", + "privilege": "DescribeQueryHistory", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "job" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "queue" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to search for workers in multiple fleets", - "privilege": "SearchWorkers", + "description": "Grants permission to list query tabs and associated metadata", + "privilege": "DescribeTabs", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "fleet*" + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get all collected statistics for sessions", - "privilege": "StartSessionsStatisticsAggregation", + "description": "Grants permission to retrieve favorite or history query string by id", + "privilege": "GetQueryString", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "fleet" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "queue" + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add or overwrite one or more tags for the specified Deadline Cloud resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to update saved query and description", + "privilege": "UpdateFavoriteQuery", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "farm" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the query history", + "privilege": "UpdateQueryHistory", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update query tab", + "privilege": "UpdateTab", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "license-endpoint" - }, + "resource_type": "" + } + ] + } + ], + "resources": [], + "service_name": "Database Query Metadata Service" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + }, + { + "condition": "deadline:AssociatedMembershipLevel", + "description": "Filters access by the associated membership level of the principal provided in the request", + "type": "String" + }, + { + "condition": "deadline:CalledAction", + "description": "Filters access by the allowed action in the request", + "type": "String" + }, + { + "condition": "deadline:FarmMembershipLevels", + "description": "Filters access by membership levels on the farm", + "type": "ArrayOfString" + }, + { + "condition": "deadline:FleetMembershipLevels", + "description": "Filters access by membership levels on the fleet", + "type": "ArrayOfString" + }, + { + "condition": "deadline:JobMembershipLevels", + "description": "Filters access by membership levels on the job", + "type": "ArrayOfString" + }, + { + "condition": "deadline:MembershipLevel", + "description": "Filters access by the membership level passed in the request", + "type": "String" + }, + { + "condition": "deadline:PrincipalId", + "description": "Filters access by the principle ID provided in the request", + "type": "String" + }, + { + "condition": "deadline:QueueMembershipLevels", + "description": "Filters access by membership levels on the queue", + "type": "ArrayOfString" + }, + { + "condition": "deadline:RequesterPrincipalId", + "description": "Filters access by the user calling the Deadline Cloud API", + "type": "String" + } + ], + "prefix": "deadline", + "privileges": [ + { + "access_level": "Permissions management", + "description": "Grants permission to associate a member to a farm", + "privilege": "AssociateMemberToFarm", + "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "queue" + "dependent_actions": [ + "identitystore:DescribeGroup", + "identitystore:DescribeUser", + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "farm*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "deadline:AssociatedMembershipLevel", + "deadline:MembershipLevel" ], "dependent_actions": [], "resource_type": "" @@ -81112,33 +85754,47 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to disassociate one or more tags from the specified Deadline Cloud resource", - "privilege": "UntagResource", + "access_level": "Permissions management", + "description": "Grants permission to associate a member to a fleet", + "privilege": "AssociateMemberToFleet", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "farm" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "fleet" + "dependent_actions": [ + "identitystore:DescribeGroup", + "identitystore:DescribeUser", + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "fleet*" }, { - "condition_keys": [], + "condition_keys": [ + "deadline:AssociatedMembershipLevel", + "deadline:MembershipLevel" + ], "dependent_actions": [], - "resource_type": "license-endpoint" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to associate a member to a job", + "privilege": "AssociateMemberToJob", + "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "queue" + "dependent_actions": [ + "identitystore:DescribeGroup", + "identitystore:DescribeUser", + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "job*" }, { "condition_keys": [ - "aws:TagKeys" + "deadline:AssociatedMembershipLevel", + "deadline:MembershipLevel" ], "dependent_actions": [], "resource_type": "" @@ -81146,167 +85802,200 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update a budget", - "privilege": "UpdateBudget", + "access_level": "Permissions management", + "description": "Grants permission to associate a member to a queue", + "privilege": "AssociateMemberToQueue", "resource_types": [ { "condition_keys": [], "dependent_actions": [ + "identitystore:DescribeGroup", + "identitystore:DescribeUser", "identitystore:ListGroupMembershipsForMember" ], - "resource_type": "budget*" + "resource_type": "queue*" + }, + { + "condition_keys": [ + "deadline:AssociatedMembershipLevel", + "deadline:MembershipLevel" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a farm", - "privilege": "UpdateFarm", + "description": "Grants permission to assume a fleet role for read-only access", + "privilege": "AssumeFleetRoleForRead", "resource_types": [ { "condition_keys": [], "dependent_actions": [ "identitystore:ListGroupMembershipsForMember" ], - "resource_type": "farm*" + "resource_type": "fleet*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a fleet", - "privilege": "UpdateFleet", + "description": "Grants permission to assume a fleet role for a worker", + "privilege": "AssumeFleetRoleForWorker", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:PassRole", - "identitystore:ListGroupMembershipsForMember" - ], - "resource_type": "fleet*" + "dependent_actions": [], + "resource_type": "worker*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a job", - "privilege": "UpdateJob", + "description": "Grants permission to assume a queue role for read-only access", + "privilege": "AssumeQueueRoleForRead", "resource_types": [ { "condition_keys": [], "dependent_actions": [ "identitystore:ListGroupMembershipsForMember" ], - "resource_type": "job*" + "resource_type": "queue*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a limit for a farm", - "privilege": "UpdateLimit", + "description": "Grants permission to assume a queue role for a user", + "privilege": "AssumeQueueRoleForUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [ "identitystore:ListGroupMembershipsForMember" ], - "resource_type": "farm*" + "resource_type": "queue*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a monitor", - "privilege": "UpdateMonitor", + "description": "Grants permission to assume a queue role for a worker", + "privilege": "AssumeQueueRoleForWorker", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:PassRole", - "sso:PutApplicationGrant", - "sso:UpdateApplication" - ], - "resource_type": "monitor*" + "dependent_actions": [], + "resource_type": "queue*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "worker*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a job entity for a worker", + "privilege": "BatchGetJobEntity", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "worker*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a queue", - "privilege": "UpdateQueue", + "description": "Grants permission to copy a job template to an Amazon S3 bucket", + "privilege": "CopyJobTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "iam:PassRole", - "identitystore:ListGroupMembershipsForMember" + "identitystore:ListGroupMembershipsForMember", + "s3:PutObject" ], - "resource_type": "queue*" + "resource_type": "job*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a queue environment", - "privilege": "UpdateQueueEnvironment", + "description": "Grants permission to create a budget", + "privilege": "CreateBudget", "resource_types": [ { "condition_keys": [], "dependent_actions": [ "identitystore:ListGroupMembershipsForMember" ], - "resource_type": "queue*" + "resource_type": "budget*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a queue-fleet association", - "privilege": "UpdateQueueFleetAssociation", + "description": "Grants permission to create a farm", + "privilege": "CreateFarm", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" + "deadline:TagResource" ], - "resource_type": "fleet*" + "resource_type": "farm*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "queue*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a queue-limit association", - "privilege": "UpdateQueueLimitAssociation", + "description": "Grants permission to create a fleet", + "privilege": "CreateFleet", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" + "deadline:TagResource", + "ec2:CreateVpcEndpoint", + "iam:PassRole", + "identitystore:ListGroupMembershipsForMember", + "logs:CreateLogGroup", + "vpc-lattice:GetResourceConfiguration", + "vpc-lattice:GetResourceGateway" ], - "resource_type": "farm*" + "resource_type": "fleet*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "queue*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a session for a job", - "privilege": "UpdateSession", + "description": "Grants permission to create a job", + "privilege": "CreateJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [ + "deadline:GetJobTemplate", "identitystore:ListGroupMembershipsForMember" ], "resource_type": "job*" @@ -81315,22 +86004,33 @@ }, { "access_level": "Write", - "description": "Grants permission to update a step for a job", - "privilege": "UpdateStep", + "description": "Grants permission to create a license endpoint for licensed software or products", + "privilege": "CreateLicenseEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" + "deadline:TagResource", + "ec2:CreateTags", + "ec2:CreateVpcEndpoint", + "ec2:DescribeVpcEndpoints" ], - "resource_type": "job*" + "resource_type": "license-endpoint*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a storage profile for a farm", - "privilege": "UpdateStorageProfile", + "description": "Grants permission to create a limit for a farm", + "privilege": "CreateLimit", "resource_types": [ { "condition_keys": [], @@ -81343,191 +86043,136 @@ }, { "access_level": "Write", - "description": "Grants permission to update a task", - "privilege": "UpdateTask", + "description": "Grants permission to create a monitor", + "privilege": "CreateMonitor", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "identitystore:ListGroupMembershipsForMember" + "deadline:TagResource", + "iam:PassRole", + "sso:CreateApplication", + "sso:DeleteApplication", + "sso:PutApplicationAssignmentConfiguration", + "sso:PutApplicationAuthenticationMethod", + "sso:PutApplicationGrant" ], - "resource_type": "job*" + "resource_type": "monitor*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a worker", - "privilege": "UpdateWorker", + "description": "Grants permission to create a queue", + "privilege": "CreateQueue", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "logs:CreateLogStream" + "deadline:TagResource", + "iam:PassRole", + "identitystore:ListGroupMembershipsForMember", + "logs:CreateLogGroup", + "s3:ListBucket" ], - "resource_type": "worker*" + "resource_type": "queue*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the schedule for a worker", - "privilege": "UpdateWorkerSchedule", + "description": "Grants permission to create a queue environment", + "privilege": "CreateQueueEnvironment", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "logs:CreateLogStream" + "identitystore:ListGroupMembershipsForMember" ], - "resource_type": "worker*" + "resource_type": "queue*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:deadline:${Region}:${Account}:farm/${FarmId}/budget/${BudgetId}", - "condition_keys": [ - "deadline:FarmMembershipLevels" - ], - "resource": "budget" - }, - { - "arn": "arn:${Partition}:deadline:${Region}:${Account}:farm/${FarmId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "deadline:FarmMembershipLevels" - ], - "resource": "farm" }, - { - "arn": "arn:${Partition}:deadline:${Region}:${Account}:farm/${FarmId}/fleet/${FleetId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "deadline:FarmMembershipLevels", - "deadline:FleetMembershipLevels" - ], - "resource": "fleet" - }, - { - "arn": "arn:${Partition}:deadline:${Region}:${Account}:farm/${FarmId}/queue/${QueueId}/job/${JobId}", - "condition_keys": [ - "deadline:FarmMembershipLevels", - "deadline:JobMembershipLevels", - "deadline:QueueMembershipLevels" - ], - "resource": "job" - }, - { - "arn": "arn:${Partition}:deadline:${Region}:${Account}:license-endpoint/${LicenseEndpointId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "license-endpoint" - }, - { - "arn": "arn:${Partition}:deadline:${Region}:${Account}:license-endpoint/${LicenseEndpointId}/metered-product/${ProductId}", - "condition_keys": [], - "resource": "metered-product" - }, - { - "arn": "arn:${Partition}:deadline:${Region}:${Account}:monitor/${MonitorId}", - "condition_keys": [], - "resource": "monitor" - }, - { - "arn": "arn:${Partition}:deadline:${Region}:${Account}:farm/${FarmId}/queue/${QueueId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "deadline:FarmMembershipLevels", - "deadline:QueueMembershipLevels" - ], - "resource": "queue" - }, - { - "arn": "arn:${Partition}:deadline:${Region}:${Account}:farm/${FarmId}/fleet/${FleetId}/worker/${WorkerId}", - "condition_keys": [ - "deadline:FarmMembershipLevels", - "deadline:FleetMembershipLevels" - ], - "resource": "worker" - } - ], - "service_name": "AWS Deadline Cloud" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by actions based on the presence of tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by actions based on tag key-value pairs attached to the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by actions based on the presence of tag keys in the request", - "type": "ArrayOfString" - } - ], - "prefix": "deepcomposer", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to associate a DeepComposer coupon (or DSN) with the account associated with the sender of the request", - "privilege": "AssociateCoupon", + "description": "Grants permission to create a queue-fleet association", + "privilege": "CreateQueueFleetAssociation", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "fleet*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "queue*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an audio file by converting the midi composition into a wav or mp3 file", - "privilege": "CreateAudio", + "description": "Grants permission to create a queue-limit association", + "privilege": "CreateQueueLimitAssociation", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "farm*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "audio*" + "resource_type": "queue*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a multi-track midi composition", - "privilege": "CreateComposition", + "description": "Grants permission to create a storage profile for a farm", + "privilege": "CreateStorageProfile", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "composition*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "farm*" } ] }, { "access_level": "Write", - "description": "Grants permission to start creating/training a generative-model that is able to perform inference against the user-provided piano-melody to create a multi-track midi composition", - "privilege": "CreateModel", + "description": "Grants permission to create a worker", + "privilege": "CreateWorker", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "model*" + "dependent_actions": [ + "deadline:ListTagsForResource", + "deadline:TagResource" + ], + "resource_type": "worker*" }, { "condition_keys": [ @@ -81541,170 +86186,208 @@ }, { "access_level": "Write", - "description": "Grants permission to delete the composition", - "privilege": "DeleteComposition", + "description": "Grants permission to delete a budget", + "privilege": "DeleteBudget", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "composition*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "budget*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the model", - "privilege": "DeleteModel", + "description": "Grants permission to delete a farm", + "privilege": "DeleteFarm", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "model*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "farm*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about the composition", - "privilege": "GetComposition", + "access_level": "Write", + "description": "Grants permission to delete a fleet", + "privilege": "DeleteFleet", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "composition*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "fleet*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about the model", - "privilege": "GetModel", + "access_level": "Write", + "description": "Grants permission to delete a license endpoint", + "privilege": "DeleteLicenseEndpoint", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "model*" - }, + "dependent_actions": [ + "ec2:DeleteVpcEndpoints", + "ec2:DescribeVpcEndpoints" + ], + "resource_type": "license-endpoint*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a limit", + "privilege": "DeleteLimit", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "condition_keys": [], + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "farm*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about the sample/pre-trained DeepComposer model", - "privilege": "GetSampleModel", + "access_level": "Write", + "description": "Grants permission to delete a metered product", + "privilege": "DeleteMeteredProduct", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "model*" + "resource_type": "metered-product*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all the compositions owned by the sender of the request", - "privilege": "ListCompositions", + "access_level": "Write", + "description": "Grants permission to delete a monitor", + "privilege": "DeleteMonitor", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "composition*" + "dependent_actions": [ + "sso:DeleteApplication" + ], + "resource_type": "monitor*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all the models owned by the sender of the request", - "privilege": "ListModels", + "access_level": "Write", + "description": "Grants permission to delete a queue", + "privilege": "DeleteQueue", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "model*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "queue*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all the sample/pre-trained models provided by the DeepComposer service", - "privilege": "ListSampleModels", + "access_level": "Write", + "description": "Grants permission to delete a queue environment", + "privilege": "DeleteQueueEnvironment", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "model*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "queue*" } ] }, { - "access_level": "List", - "description": "Grants permission to list tags for a resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to delete a queue-fleet association", + "privilege": "DeleteQueueFleetAssociation", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "composition" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "fleet*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "model" - }, + "resource_type": "queue*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a queue-limit association", + "privilege": "DeleteQueueLimitAssociation", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "condition_keys": [], + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" ], + "resource_type": "farm*" + }, + { + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "queue*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all the training options or topic for creating/training a model", - "privilege": "ListTrainingTopics", + "access_level": "Write", + "description": "Grants permission to delete a storage profile", + "privilege": "DeleteStorageProfile", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "model*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "farm*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag a resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to delete a worker", + "privilege": "DeleteWorker", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "composition" - }, + "resource_type": "worker*" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to disassociate a member from a farm", + "privilege": "DisassociateMemberFromFarm", + "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "model" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "farm*" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}" + "deadline:AssociatedMembershipLevel" ], "dependent_actions": [], "resource_type": "" @@ -81712,24 +86395,41 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag a resource", - "privilege": "UntagResource", + "access_level": "Permissions management", + "description": "Grants permission to disassociate a member from a fleet", + "privilege": "DisassociateMemberFromFleet", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "composition" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "fleet*" }, { - "condition_keys": [], + "condition_keys": [ + "deadline:AssociatedMembershipLevel" + ], "dependent_actions": [], - "resource_type": "model" + "resource_type": "" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to disassociate a member from a job", + "privilege": "DisassociateMemberFromJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "job*" }, { "condition_keys": [ - "aws:TagKeys", - "aws:ResourceTag/${TagKey}" + "deadline:AssociatedMembershipLevel" ], "dependent_actions": [], "resource_type": "" @@ -81737,294 +86437,336 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to modify the mutable properties associated with a composition", - "privilege": "UpdateComposition", + "access_level": "Permissions management", + "description": "Grants permission to disassociate a member from a queue", + "privilege": "DisassociateMemberFromQueue", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "queue*" + }, + { + "condition_keys": [ + "deadline:AssociatedMembershipLevel" + ], "dependent_actions": [], - "resource_type": "composition*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to to modify the mutable properties associated with a model", - "privilege": "UpdateModel", + "access_level": "Read", + "description": "Grants permission to get the latest version of an application", + "privilege": "GetApplicationVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "model*" + "resource_type": "monitor*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:deepcomposer:${Region}:${Account}:model/${ModelId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "model" }, { - "arn": "arn:${Partition}:deepcomposer:${Region}:${Account}:composition/${CompositionId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "composition" + "access_level": "Read", + "description": "Grants permission to get a budget", + "privilege": "GetBudget", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "budget*" + } + ] }, { - "arn": "arn:${Partition}:deepcomposer:${Region}:${Account}:audio/${AudioId}", - "condition_keys": [], - "resource": "audio" - } - ], - "service_name": "AWS DeepComposer" - }, - { - "conditions": [], - "prefix": "deeplens", - "privileges": [ - { - "access_level": "Permissions management", - "description": "Associates the user's account with IAM roles controlling various permissions needed by AWS DeepLens for proper functionality.", - "privilege": "AssociateServiceRoleToAccount", + "access_level": "Read", + "description": "Grants permission to get a farm", + "privilege": "GetFarm", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "farm*" } ] }, { "access_level": "Read", - "description": "Retrieves a list of AWS DeepLens devices.", - "privilege": "BatchGetDevice", + "description": "Grants permission to get a fleet", + "privilege": "GetFleet", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "device*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "fleet*" } ] }, { "access_level": "Read", - "description": "Retrieves a list of AWS DeepLens Models.", - "privilege": "BatchGetModel", + "description": "Grants permission to get a job", + "privilege": "GetJob", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "model*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "job*" } ] }, { "access_level": "Read", - "description": "Retrieves a list of AWS DeepLens Projects.", - "privilege": "BatchGetProject", + "description": "Grants permission to read job template", + "privilege": "GetJobTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "job*" } ] }, { - "access_level": "Write", - "description": "Creates a certificate package that is used to successfully authenticate and Register an AWS DeepLens device.", - "privilege": "CreateDeviceCertificates", + "access_level": "Read", + "description": "Grants permission to get a license endpoint", + "privilege": "GetLicenseEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "license-endpoint*" } ] }, { - "access_level": "Write", - "description": "Creates a new AWS DeepLens Model.", - "privilege": "CreateModel", + "access_level": "Read", + "description": "Grants permission to get a limit", + "privilege": "GetLimit", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "farm*" } ] }, { - "access_level": "Write", - "description": "Creates a new AWS DeepLens Project.", - "privilege": "CreateProject", + "access_level": "Read", + "description": "Grants permission to get a monitor", + "privilege": "GetMonitor", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "monitor*" } ] }, { - "access_level": "Write", - "description": "Deletes an AWS DeepLens Model.", - "privilege": "DeleteModel", + "access_level": "Read", + "description": "Grants permission to get a queue", + "privilege": "GetQueue", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "model*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "queue*" } ] }, { - "access_level": "Write", - "description": "Deletes an AWS DeepLens Project.", - "privilege": "DeleteProject", + "access_level": "Read", + "description": "Grants permission to get a queue environment", + "privilege": "GetQueueEnvironment", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "project*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "queue*" } ] }, { - "access_level": "Write", - "description": "Deploys an AWS DeepLens project to a registered AWS DeepLens device.", - "privilege": "DeployProject", + "access_level": "Read", + "description": "Grants permission to get a queue-fleet association", + "privilege": "GetQueueFleetAssociation", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "device*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "fleet*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "queue*" } ] }, { - "access_level": "Write", - "description": "Begins a device de-registration workflow for a registered AWS DeepLens device.", - "privilege": "DeregisterDevice", + "access_level": "Read", + "description": "Grants permission to get a queue-limit association", + "privilege": "GetQueueLimitAssociation", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "farm*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "device*" + "resource_type": "queue*" } ] }, { "access_level": "Read", - "description": "Retrieves the account level resources associated with the user's account.", - "privilege": "GetAssociatedResources", + "description": "Grants permission to get a session for a job", + "privilege": "GetSession", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "job*" } ] }, { "access_level": "Read", - "description": "Retrieves the the deployment status of a particular AWS DeepLens device, along with any associated metadata.", - "privilege": "GetDeploymentStatus", + "description": "Grants permission to get a session action for a job", + "privilege": "GetSessionAction", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "job*" } ] }, { "access_level": "Read", - "description": "Retrieves information about an AWS DeepLens device.", - "privilege": "GetDevice", + "description": "Grants permission to get all collected statistics for sessions", + "privilege": "GetSessionsStatisticsAggregation", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "farm" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "device*" + "resource_type": "fleet" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "queue" } ] }, { "access_level": "Read", - "description": "Retrieves an AWS DeepLens Model.", - "privilege": "GetModel", + "description": "Grants permission to get a step in a job", + "privilege": "GetStep", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "model*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "job*" } ] }, { "access_level": "Read", - "description": "Retrieves an AWS DeepLens Project.", - "privilege": "GetProject", + "description": "Grants permission to get a storage profile", + "privilege": "GetStorageProfile", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "project*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "farm*" } ] }, { - "access_level": "Write", - "description": "Creates a new AWS DeepLens project from a sample project template.", - "privilege": "ImportProjectFromTemplate", + "access_level": "Read", + "description": "Grants permission to get a storage profile for a queue", + "privilege": "GetStorageProfileForQueue", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "queue*" } ] }, { - "access_level": "List", - "description": "Retrieves a list of AWS DeepLens Deployment identifiers.", - "privilege": "ListDeployments", + "access_level": "Read", + "description": "Grants permission to get a job task", + "privilege": "GetTask", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "job*" } ] }, { - "access_level": "List", - "description": "Retrieves a list of AWS DeepLens device identifiers.", - "privilege": "ListDevices", + "access_level": "Read", + "description": "Grants permission to get a worker", + "privilege": "GetWorker", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "worker*" } ] }, { "access_level": "List", - "description": "Retrieves a list of AWS DeepLens Model identifiers.", - "privilege": "ListModels", + "description": "Grants permission to list all available metered products within a license endpoint", + "privilege": "ListAvailableMeteredProducts", "resource_types": [ { "condition_keys": [], @@ -82035,116 +86777,88 @@ }, { "access_level": "List", - "description": "Retrieves a list of AWS DeepLens Project identifiers.", - "privilege": "ListProjects", + "description": "Grants permission to list all budgets for a farm", + "privilege": "ListBudgets", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "budget*" } ] }, { - "access_level": "Write", - "description": "Begins a device registration workflow for an AWS DeepLens device.", - "privilege": "RegisterDevice", + "access_level": "List", + "description": "Grants permission to list all members of a farm", + "privilege": "ListFarmMembers", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "farm*" } ] }, { - "access_level": "Write", - "description": "Removes a deployed AWS DeepLens project from an AWS DeepLens device.", - "privilege": "RemoveProject", + "access_level": "List", + "description": "Grants permission to list all farms", + "privilege": "ListFarms", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "identitystore:DescribeGroup", + "identitystore:DescribeUser", + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "farm*" + }, + { + "condition_keys": [ + "deadline:PrincipalId", + "deadline:RequesterPrincipalId" + ], "dependent_actions": [], - "resource_type": "device*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Updates an existing AWS DeepLens Project.", - "privilege": "UpdateProject", + "access_level": "List", + "description": "Grants permission to list all members of a fleet", + "privilege": "ListFleetMembers", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "project*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "fleet*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:deeplens:${Region}:${Account}:device/${DeviceName}", - "condition_keys": [], - "resource": "device" - }, - { - "arn": "arn:${Partition}:deeplens:${Region}:${Account}:project/${ProjectName}", - "condition_keys": [], - "resource": "project" - }, - { - "arn": "arn:${Partition}:deeplens:${Region}:${Account}:model/${ModelName}", - "condition_keys": [], - "resource": "model" - } - ], - "service_name": "AWS DeepLens" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tag key-value pairs attached to the resource", - "type": "String" }, { - "condition": "aws:TagKeys", - "description": "Filters access by tag keys in the request", - "type": "ArrayOfString" - }, - { - "condition": "deepracer:MultiUser", - "description": "Filters access by multiuser flag", - "type": "Bool" - }, - { - "condition": "deepracer:UserToken", - "description": "Filters access by user token in the request", - "type": "String" - } - ], - "prefix": "deepracer", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to add access for a private leaderboard", - "privilege": "AddLeaderboardAccessPermission", + "access_level": "List", + "description": "Grants permission to list all fleets", + "privilege": "ListFleets", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "leaderboard*" + "dependent_actions": [ + "identitystore:DescribeGroup", + "identitystore:DescribeUser", + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "fleet*" }, { "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" + "deadline:PrincipalId", + "deadline:RequesterPrincipalId" ], "dependent_actions": [], "resource_type": "" @@ -82152,170 +86866,196 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information of the KMS key that the user currently has assigned to their account", - "privilege": "AdminDescribeAccountKey", + "access_level": "List", + "description": "Grants permission to list all members of a job", + "privilege": "ListJobMembers", "resource_types": [ { - "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" + "condition_keys": [], + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "job*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get current admin multiuser configuration for this account", - "privilege": "AdminGetAccountConfig", + "access_level": "List", + "description": "Grants permission to get a job's parameter definitions in the job template", + "privilege": "ListJobParameterDefinitions", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "job*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list all deepracer users with their associated resources created under this account", - "privilege": "AdminListAssociatedResources", + "access_level": "List", + "description": "Grants permission to list all jobs in a queue", + "privilege": "ListJobs", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "identitystore:DescribeGroup", + "identitystore:DescribeUser", + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "job*" + }, + { + "condition_keys": [ + "deadline:PrincipalId", + "deadline:RequesterPrincipalId" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list user data for all users associated with this account", - "privilege": "AdminListAssociatedUsers", + "access_level": "List", + "description": "Grants permission to list all license endpoints", + "privilege": "ListLicenseEndpoints", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "license-endpoint*" } ] }, { - "access_level": "Write", - "description": "Grants permission to manage a user associated with this account", - "privilege": "AdminManageUser", + "access_level": "List", + "description": "Grants permission to list all limits in a farm", + "privilege": "ListLimits", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "farm*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all metered products in a license endpoint", + "privilege": "ListMeteredProducts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "metered-product*" } ] }, { - "access_level": "Write", - "description": "Grants permission to set configuration options for this account", - "privilege": "AdminSetAccountConfig", + "access_level": "List", + "description": "Grants permission to list all monitors", + "privilege": "ListMonitors", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "monitor*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the KMS key that is assigned to the user's account", - "privilege": "AdminUpdateAccountKey", + "access_level": "List", + "description": "Grants permission to list all queue environments to which a queue is associated", + "privilege": "ListQueueEnvironments", "resource_types": [ { - "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" + "condition_keys": [], + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "queue*" } ] }, { - "access_level": "Write", - "description": "Grants permission to clone an existing DeepRacer model", - "privilege": "CloneReinforcementLearningModel", + "access_level": "List", + "description": "Grants permission to list all queue-fleet associations", + "privilege": "ListQueueFleetAssociations", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "reinforcement_learning_model*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "farm*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "track*" + "resource_type": "fleet*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "deepracer:UserToken", - "deepracer:MultiUser" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "queue*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a DeepRacer car in your garage", - "privilege": "CreateCar", + "access_level": "List", + "description": "Grants permission to list all queue-limit associations", + "privilege": "ListQueueLimitAssociations", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "deepracer:UserToken", - "deepracer:MultiUser" + "condition_keys": [], + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" ], + "resource_type": "farm*" + }, + { + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "queue*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a leaderboard", - "privilege": "CreateLeaderboard", + "access_level": "List", + "description": "Grants permission to list all members in a queue", + "privilege": "ListQueueMembers", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "deepracer:UserToken", - "deepracer:MultiUser" + "condition_keys": [], + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "queue*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an access token for a private leaderboard", - "privilege": "CreateLeaderboardAccessToken", + "access_level": "List", + "description": "Grants permission to list all queues on a farm", + "privilege": "ListQueues", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "leaderboard*" + "dependent_actions": [ + "identitystore:DescribeGroup", + "identitystore:DescribeUser", + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "queue*" }, { "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" + "deadline:PrincipalId", + "deadline:RequesterPrincipalId" ], "dependent_actions": [], "resource_type": "" @@ -82323,253 +87063,155 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to submit a DeepRacer model to be evaluated for leaderboards", - "privilege": "CreateLeaderboardSubmission", + "access_level": "List", + "description": "Grants permission to list all session actions for a job", + "privilege": "ListSessionActions", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "leaderboard*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "reinforcement_learning_model*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "deepracer:UserToken", - "deepracer:MultiUser" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "job*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create ra einforcement learning model for DeepRacer", - "privilege": "CreateReinforcementLearningModel", + "access_level": "List", + "description": "Grants permission to list all sessions for a job", + "privilege": "ListSessions", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "track*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "deepracer:UserToken", - "deepracer:MultiUser" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "job*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a leaderboard", - "privilege": "DeleteLeaderboard", + "access_level": "List", + "description": "Grants permission to list all sessions for a worker", + "privilege": "ListSessionsForWorker", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "leaderboard*" - }, - { - "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "worker*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a DeepRacer model", - "privilege": "DeleteModel", + "access_level": "List", + "description": "Grants permission to list the step consumers for a job step", + "privilege": "ListStepConsumers", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "reinforcement_learning_model*" - }, - { - "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "job*" } ] }, { - "access_level": "Write", - "description": "Grants permission to edit a leaderboard", - "privilege": "EditLeaderboard", + "access_level": "List", + "description": "Grants permission to list dependencies for a job step", + "privilege": "ListStepDependencies", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "leaderboard*" - }, - { - "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "job*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get current multiuser configuration for this account", - "privilege": "GetAccountConfig", + "access_level": "List", + "description": "Grants permission to list all steps for a job", + "privilege": "ListSteps", "resource_types": [ { - "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" + "condition_keys": [], + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "job*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the user's alias for submitting a DeepRacer model to leaderboards", - "privilege": "GetAlias", + "access_level": "List", + "description": "Grants permission to list all storage profiles in a farm", + "privilege": "ListStorageProfiles", "resource_types": [ { - "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" + "condition_keys": [], + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "farm*" } ] }, { - "access_level": "Read", - "description": "Grants permission to download artifacts for an existing DeepRacer model", - "privilege": "GetAssetUrl", + "access_level": "List", + "description": "Grants permission to list all storage profiles in a queue", + "privilege": "ListStorageProfilesForQueue", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "reinforcement_learning_model*" - }, - { - "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "queue*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a specific DeepRacer car from your garage", - "privilege": "GetCar", + "access_level": "List", + "description": "Grants permission to list all tags on specified Deadline Cloud resources", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "car*" + "resource_type": "farm" }, - { - "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to view all the DeepRacer cars in your garage", - "privilege": "GetCars", - "resource_types": [ - { - "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve information about an existing DeepRacer model's evaluation jobs", - "privilege": "GetEvaluation", - "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "evaluation_job*" + "resource_type": "fleet" }, { - "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve information about how the latest submitted DeepRacer model for a user performed on a leaderboard", - "privilege": "GetLatestUserSubmission", - "resource_types": [ + "resource_type": "license-endpoint" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "leaderboard*" + "resource_type": "monitor" }, { - "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve information about leaderboards", - "privilege": "GetLeaderboard", - "resource_types": [ + "resource_type": "queue" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "leaderboard*" + "resource_type": "worker" }, { "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" + "deadline:CalledAction" ], "dependent_actions": [], "resource_type": "" @@ -82577,246 +87219,170 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about an existing DeepRacer model", - "privilege": "GetModel", + "access_level": "List", + "description": "Grants permission to list all tasks for a job", + "privilege": "ListTasks", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "reinforcement_learning_model*" - }, - { - "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "job*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about private leaderboards", - "privilege": "GetPrivateLeaderboard", + "access_level": "List", + "description": "Grants permission to list all workers in a fleet", + "privilege": "ListWorkers", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "leaderboard*" - }, - { - "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "worker*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about the performance of a user's DeepRacer model that got placed on a leaderboard", - "privilege": "GetRankedUserSubmission", + "access_level": "Write", + "description": "Grants permission to add a metered product to a license endpoint", + "privilege": "PutMeteredProduct", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "leaderboard*" - }, - { - "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "metered-product*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about DeepRacer tracks", - "privilege": "GetTrack", + "access_level": "List", + "description": "Grants permission to search for jobs in multiple queues", + "privilege": "SearchJobs", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "track*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "queue*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about an existing DeepRacer model's training job", - "privilege": "GetTrainingJob", + "access_level": "List", + "description": "Grants permission to search the steps within a single job or to search the steps for multiple queues", + "privilege": "SearchSteps", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "training_job*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "job" }, { - "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "queue" } ] }, { - "access_level": "Write", - "description": "Grants permission to import a reinforcement learning model for DeepRacer", - "privilege": "ImportModel", + "access_level": "List", + "description": "Grants permission to search the tasks within a single job or to search the tasks for multiple queues", + "privilege": "SearchTasks", "resource_types": [ { - "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" + "condition_keys": [], + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" ], + "resource_type": "job" + }, + { + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "queue" } ] }, { - "access_level": "Read", - "description": "Grants permission to list a DeepRacer model's evaluation jobs", - "privilege": "ListEvaluations", + "access_level": "List", + "description": "Grants permission to search for workers in multiple fleets", + "privilege": "SearchWorkers", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "reinforcement_learning_model*" - }, - { - "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "fleet*" } ] }, { "access_level": "Read", - "description": "Grants permission to list all the user's leaderboard evaluation jobs for a leaderboard", - "privilege": "ListLeaderboardEvaluations", + "description": "Grants permission to get all collected statistics for sessions", + "privilege": "StartSessionsStatisticsAggregation", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "leaderboard*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "fleet" }, { - "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "queue" } ] }, { - "access_level": "Read", - "description": "Grants permission to list all the DeepRacer model submissions of a user on a leaderboard", - "privilege": "ListLeaderboardSubmissions", + "access_level": "Tagging", + "description": "Grants permission to add or overwrite one or more tags for the specified Deadline Cloud resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "leaderboard*" + "resource_type": "farm" }, { - "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list all the available leaderboards", - "privilege": "ListLeaderboards", - "resource_types": [ - { - "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list all existing DeepRacer models", - "privilege": "ListModels", - "resource_types": [ + "resource_type": "fleet" + }, { - "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve participant information about private leaderboards", - "privilege": "ListPrivateLeaderboardParticipants", - "resource_types": [ + "resource_type": "license-endpoint" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "leaderboard*" + "resource_type": "monitor" }, { - "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list all the available private leaderboards", - "privilege": "ListPrivateLeaderboards", - "resource_types": [ + "resource_type": "queue" + }, { - "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list all the subscribed private leaderboards", - "privilege": "ListSubscribedPrivateLeaderboards", - "resource_types": [ + "resource_type": "worker" + }, { "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "deadline:CalledAction" ], "dependent_actions": [], "resource_type": "" @@ -82824,45 +87390,43 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to lists tag for a resource", - "privilege": "ListTagsForResource", + "access_level": "Tagging", + "description": "Grants permission to disassociate one or more tags from the specified Deadline Cloud resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "car" + "resource_type": "farm" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "evaluation_job" + "resource_type": "fleet" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "leaderboard" + "resource_type": "license-endpoint" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "leaderboard_evaluation_job" + "resource_type": "monitor" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "reinforcement_learning_model" + "resource_type": "queue" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "training_job" + "resource_type": "worker" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "deepracer:UserToken", - "deepracer:MultiUser" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -82870,664 +87434,755 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list all DeepRacer tracks", - "privilege": "ListTracks", + "access_level": "Write", + "description": "Grants permission to update a budget", + "privilege": "UpdateBudget", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "budget*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list a DeepRacer model's training jobs", - "privilege": "ListTrainingJobs", + "access_level": "Write", + "description": "Grants permission to update a farm", + "privilege": "UpdateFarm", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "reinforcement_learning_model*" - }, - { - "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "farm*" } ] }, { "access_level": "Write", - "description": "Grants permission to migrate previous reinforcement learning models for DeepRacer", - "privilege": "MigrateModels", + "description": "Grants permission to update a fleet", + "privilege": "UpdateFleet", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "ec2:CreateVpcEndpoint", + "iam:PassRole", + "identitystore:ListGroupMembershipsForMember", + "vpc-lattice:GetResourceConfiguration", + "vpc-lattice:GetResourceGateway" + ], + "resource_type": "fleet*" } ] }, { "access_level": "Write", - "description": "Grants permission to performs the leaderboard operation mentioned in the operation attribute", - "privilege": "PerformLeaderboardOperation", + "description": "Grants permission to update a job", + "privilege": "UpdateJob", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "leaderboard" - }, - { - "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "job*" } ] }, { "access_level": "Write", - "description": "Grants permission to remove access for a private leaderboard", - "privilege": "RemoveLeaderboardAccessPermission", + "description": "Grants permission to update a limit for a farm", + "privilege": "UpdateLimit", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "leaderboard*" - }, - { - "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "farm*" } ] }, { "access_level": "Write", - "description": "Grants permission to set the user's alias for submitting a DeepRacer model to leaderboards", - "privilege": "SetAlias", + "description": "Grants permission to update a monitor", + "privilege": "UpdateMonitor", "resource_types": [ { - "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" + "condition_keys": [], + "dependent_actions": [ + "iam:PassRole", + "sso:PutApplicationGrant", + "sso:UpdateApplication" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "monitor*" } ] }, { "access_level": "Write", - "description": "Grants permission to evaluate a DeepRacer model in a simulated environment", - "privilege": "StartEvaluation", + "description": "Grants permission to update a queue", + "privilege": "UpdateQueue", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "reinforcement_learning_model*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "track*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "deepracer:UserToken", - "deepracer:MultiUser" + "dependent_actions": [ + "iam:PassRole", + "identitystore:ListGroupMembershipsForMember" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "queue*" } ] }, { "access_level": "Write", - "description": "Grants permission to stop DeepRacer model evaluations", - "privilege": "StopEvaluation", + "description": "Grants permission to update a queue environment", + "privilege": "UpdateQueueEnvironment", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "evaluation_job*" - }, - { - "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "queue*" } ] }, { "access_level": "Write", - "description": "Grants permission to stop training a DeepRacer model", - "privilege": "StopTrainingReinforcementLearningModel", + "description": "Grants permission to update a queue-fleet association", + "privilege": "UpdateQueueFleetAssociation", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "reinforcement_learning_model*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "fleet*" }, { - "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "queue*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag a resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to update a queue-limit association", + "privilege": "UpdateQueueLimitAssociation", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "car" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "evaluation_job" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "leaderboard" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "leaderboard_evaluation_job" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "farm*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "reinforcement_learning_model" - }, + "resource_type": "queue*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a session for a job", + "privilege": "UpdateSession", + "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "training_job" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "deepracer:UserToken", - "deepracer:MultiUser" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "job*" } ] }, { "access_level": "Write", - "description": "Grants permission to test reward functions for correctness", - "privilege": "TestRewardFunction", + "description": "Grants permission to update a step for a job", + "privilege": "UpdateStep", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "job*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag a resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to update a storage profile for a farm", + "privilege": "UpdateStorageProfile", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "car" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "evaluation_job" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "leaderboard" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "leaderboard_evaluation_job" - }, + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "farm*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a task", + "privilege": "UpdateTask", + "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "reinforcement_learning_model" - }, + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "job*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a worker", + "privilege": "UpdateWorker", + "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "training_job" - }, - { - "condition_keys": [ - "aws:TagKeys", - "deepracer:UserToken", - "deepracer:MultiUser" + "dependent_actions": [ + "logs:CreateLogStream" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "worker*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a DeepRacer car in your garage", - "privilege": "UpdateCar", + "description": "Grants permission to update the schedule for a worker", + "privilege": "UpdateWorkerSchedule", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "car*" - }, - { - "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" + "dependent_actions": [ + "logs:CreateLogStream" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "worker*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:deepracer:${Region}:${Account}:car/${ResourceId}", + "arn": "arn:${Partition}:deadline:${Region}:${Account}:farm/${FarmId}/budget/${BudgetId}", "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "deadline:FarmMembershipLevels" ], - "resource": "car" + "resource": "budget" }, { - "arn": "arn:${Partition}:deepracer:${Region}:${Account}:evaluation_job/${ResourceId}", + "arn": "arn:${Partition}:deadline:${Region}:${Account}:farm/${FarmId}", "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "deadline:FarmMembershipLevels" ], - "resource": "evaluation_job" + "resource": "farm" }, { - "arn": "arn:${Partition}:deepracer:${Region}::leaderboard/${ResourceId}", + "arn": "arn:${Partition}:deadline:${Region}:${Account}:farm/${FarmId}/fleet/${FleetId}", "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "deadline:FarmMembershipLevels", + "deadline:FleetMembershipLevels" ], - "resource": "leaderboard" + "resource": "fleet" }, { - "arn": "arn:${Partition}:deepracer:${Region}:${Account}:leaderboard_evaluation_job/${ResourceId}", + "arn": "arn:${Partition}:deadline:${Region}:${Account}:farm/${FarmId}/queue/${QueueId}/job/${JobId}", "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "deadline:FarmMembershipLevels", + "deadline:JobMembershipLevels", + "deadline:QueueMembershipLevels" ], - "resource": "leaderboard_evaluation_job" + "resource": "job" }, { - "arn": "arn:${Partition}:deepracer:${Region}:${Account}:model/reinforcement_learning/${ResourceId}", + "arn": "arn:${Partition}:deadline:${Region}:${Account}:license-endpoint/${LicenseEndpointId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "reinforcement_learning_model" + "resource": "license-endpoint" }, { - "arn": "arn:${Partition}:deepracer:${Region}::track/${ResourceId}", + "arn": "arn:${Partition}:deadline:${Region}:${Account}:license-endpoint/${LicenseEndpointId}/metered-product/${ProductId}", "condition_keys": [], - "resource": "track" + "resource": "metered-product" }, { - "arn": "arn:${Partition}:deepracer:${Region}:${Account}:training_job/${ResourceId}", + "arn": "arn:${Partition}:deadline:${Region}:${Account}:monitor/${MonitorId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "training_job" + "resource": "monitor" + }, + { + "arn": "arn:${Partition}:deadline:${Region}:${Account}:farm/${FarmId}/queue/${QueueId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "deadline:FarmMembershipLevels", + "deadline:QueueMembershipLevels" + ], + "resource": "queue" + }, + { + "arn": "arn:${Partition}:deadline:${Region}:${Account}:farm/${FarmId}/fleet/${FleetId}/worker/${WorkerId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "deadline:FarmMembershipLevels", + "deadline:FleetMembershipLevels" + ], + "resource": "worker" } ], - "service_name": "AWS DeepRacer" + "service_name": "AWS Deadline Cloud" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by specifying the tags that are passed in the request", + "description": "Filters access by actions based on the presence of tag key-value pairs in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by specifying the tags associated with the resource", + "description": "Filters access by actions based on tag key-value pairs attached to the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by specifying the tag keys that are passed in the request", + "description": "Filters access by actions based on the presence of tag keys in the request", "type": "ArrayOfString" } ], - "prefix": "detective", + "prefix": "deepcomposer", "privileges": [ { "access_level": "Write", - "description": "Grants permission to accept an invitation to become a member of a behavior graph", - "privilege": "AcceptInvitation", + "description": "Grants permission to associate a DeepComposer coupon (or DSN) with the account associated with the sender of the request", + "privilege": "AssociateCoupon", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Graph*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the datasource package history for the specified member accounts in a behavior graph managed by this account", - "privilege": "BatchGetGraphMemberDatasources", + "access_level": "Write", + "description": "Grants permission to create an audio file by converting the midi composition into a wav or mp3 file", + "privilege": "CreateAudio", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Graph*" + "resource_type": "audio*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the datasource package history of the caller account for the specified graphs", - "privilege": "BatchGetMembershipDatasources", + "access_level": "Write", + "description": "Grants permission to create a multi-track midi composition", + "privilege": "CreateComposition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "composition*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a behavior graph and begin to aggregate security information", - "privilege": "CreateGraph", + "description": "Grants permission to start creating/training a generative-model that is able to perform inference against the user-provided piano-melody to create a multi-track midi composition", + "privilege": "CreateModel", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "model*" + }, { "condition_keys": [ - "aws:TagKeys", "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [ - "detective:TagResource" + "aws:TagKeys" ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to request the membership of one or more accounts in a behavior graph managed by this account", - "privilege": "CreateMembers", + "description": "Grants permission to delete the composition", + "privilege": "DeleteComposition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Graph*" + "resource_type": "composition*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a behavior graph and stop aggregating security information", - "privilege": "DeleteGraph", + "description": "Grants permission to delete the model", + "privilege": "DeleteModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Graph*" + "resource_type": "model*" } ] }, { - "access_level": "Write", - "description": "Grants permission to remove member accounts from a behavior graph managed by this account", - "privilege": "DeleteMembers", + "access_level": "Read", + "description": "Grants permission to get information about the composition", + "privilege": "GetComposition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Graph*" + "resource_type": "composition*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to view the current configuration related to the Amazon Detective integration with AWS Organizations", - "privilege": "DescribeOrganizationConfiguration", + "description": "Grants permission to get information about the model", + "privilege": "GetModel", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "organizations:DescribeOrganization" + "dependent_actions": [], + "resource_type": "model*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" ], - "resource_type": "Graph*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to remove the Amazon Detective delegated administrator account for an organization", - "privilege": "DisableOrganizationAdminAccount", + "access_level": "Read", + "description": "Grants permission to get information about the sample/pre-trained DeepComposer model", + "privilege": "GetSampleModel", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "organizations:DescribeOrganization" - ], - "resource_type": "" + "dependent_actions": [], + "resource_type": "model*" } ] }, { - "access_level": "Write", - "description": "Grants permission to remove the association of this account with a behavior graph", - "privilege": "DisassociateMembership", + "access_level": "List", + "description": "Grants permission to list all the compositions owned by the sender of the request", + "privilege": "ListCompositions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Graph*" + "resource_type": "composition*" } ] }, { - "access_level": "Write", - "description": "Grants permission to designate the Amazon Detective delegated administrator account for an organization", - "privilege": "EnableOrganizationAdminAccount", + "access_level": "List", + "description": "Grants permission to list all the models owned by the sender of the request", + "privilege": "ListModels", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:CreateServiceLinkedRole", - "organizations:DescribeOrganization", - "organizations:EnableAWSServiceAccess", - "organizations:RegisterDelegatedAdministrator" - ], - "resource_type": "" + "dependent_actions": [], + "resource_type": "model*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a behavior graph's eligibility for a free trial period", - "privilege": "GetFreeTrialEligibility", + "access_level": "List", + "description": "Grants permission to list all the sample/pre-trained models provided by the DeepComposer service", + "privilege": "ListSampleModels", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Graph*" + "resource_type": "model*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the data ingestion state of a behavior graph", - "privilege": "GetGraphIngestState", + "access_level": "List", + "description": "Grants permission to list tags for a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Graph*" + "resource_type": "composition" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "model" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get an investigation's status and metadata", - "privilege": "GetInvestigation", + "access_level": "List", + "description": "Grants permission to list all the training options or topic for creating/training a model", + "privilege": "ListTrainingTopics", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Graph*" + "resource_type": "model*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve details on specified members of a behavior graph", - "privilege": "GetMembers", + "access_level": "Tagging", + "description": "Grants permission to tag a resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Graph*" + "resource_type": "composition" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "model" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about Amazon Detective's pricing", - "privilege": "GetPricingInformation", + "access_level": "Tagging", + "description": "Grants permission to untag a resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "composition" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "model" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list usage information of a behavior graph", - "privilege": "GetUsageInformation", + "access_level": "Write", + "description": "Grants permission to modify the mutable properties associated with a composition", + "privilege": "UpdateComposition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Graph*" + "resource_type": "composition*" } ] }, { - "access_level": "Read", - "description": "Grants permission to invoke Detective's Assistant", - "privilege": "InvokeAssistant", + "access_level": "Write", + "description": "Grants permission to to modify the mutable properties associated with a model", + "privilege": "UpdateModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Graph*" + "resource_type": "model*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:deepcomposer:${Region}:${Account}:model/${ModelId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "model" }, { - "access_level": "List", - "description": "Grants permission to list a graph's datasource package ingest states and timestamps for the most recent state changes in a behavior graph managed by this account", - "privilege": "ListDatasourcePackages", + "arn": "arn:${Partition}:deepcomposer:${Region}:${Account}:composition/${CompositionId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "composition" + }, + { + "arn": "arn:${Partition}:deepcomposer:${Region}:${Account}:audio/${AudioId}", + "condition_keys": [], + "resource": "audio" + } + ], + "service_name": "AWS DeepComposer" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by tag keys in the request", + "type": "ArrayOfString" + }, + { + "condition": "deepracer:MultiUser", + "description": "Filters access by multiuser flag", + "type": "Bool" + }, + { + "condition": "deepracer:UserToken", + "description": "Filters access by user token in the request", + "type": "String" + } + ], + "prefix": "deepracer", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to add access for a private leaderboard", + "privilege": "AddLeaderboardAccessPermission", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Graph*" + "resource_type": "leaderboard*" + }, + { + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list behavior graphs managed by this account", - "privilege": "ListGraphs", + "access_level": "Read", + "description": "Grants permission to retrieve information of the KMS key that the user currently has assigned to their account", + "privilege": "AdminDescribeAccountKey", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve high volume entities whose relationships cannot be stored by Detective", - "privilege": "ListHighDegreeEntities", + "access_level": "Read", + "description": "Grants permission to get current admin multiuser configuration for this account", + "privilege": "AdminGetAccountConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Graph*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the indicators of an investigation", - "privilege": "ListIndicators", + "access_level": "Read", + "description": "Grants permission to list all deepracer users with their associated resources created under this account", + "privilege": "AdminListAssociatedResources", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Graph*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the investigations of a behavior graph", - "privilege": "ListInvestigations", + "access_level": "Read", + "description": "Grants permission to list user data for all users associated with this account", + "privilege": "AdminListAssociatedUsers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Graph*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve details on the behavior graphs to which this account has been invited to join", - "privilege": "ListInvitations", + "access_level": "Write", + "description": "Grants permission to manage a user associated with this account", + "privilege": "AdminManageUser", "resource_types": [ { "condition_keys": [], @@ -83537,44 +88192,53 @@ ] }, { - "access_level": "List", - "description": "Grants permission to retrieve details on all members of a behavior graph", - "privilege": "ListMembers", + "access_level": "Write", + "description": "Grants permission to set configuration options for this account", + "privilege": "AdminSetAccountConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Graph*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to view the current Amazon Detective delegated administrator account for an organization", - "privilege": "ListOrganizationAdminAccount", + "access_level": "Write", + "description": "Grants permission to update the KMS key that is assigned to the user's account", + "privilege": "AdminUpdateAccountKey", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [ - "organizations:DescribeOrganization" + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the tag values that are assigned to a behavior graph", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to clone an existing DeepRacer model", + "privilege": "CloneReinforcementLearningModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Graph*" + "resource_type": "reinforcement_learning_model*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "track*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "deepracer:UserToken", + "deepracer:MultiUser" ], "dependent_actions": [], "resource_type": "" @@ -83583,67 +88247,101 @@ }, { "access_level": "Write", - "description": "Grants permission to reject an invitation to become a member of a behavior graph", - "privilege": "RejectInvitation", + "description": "Grants permission to create a DeepRacer car in your garage", + "privilege": "CreateCar", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "deepracer:UserToken", + "deepracer:MultiUser" + ], "dependent_actions": [], - "resource_type": "Graph*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to search the data stored in a behavior graph", - "privilege": "SearchGraph", + "access_level": "Write", + "description": "Grants permission to create a leaderboard", + "privilege": "CreateLeaderboard", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "deepracer:UserToken", + "deepracer:MultiUser" + ], "dependent_actions": [], - "resource_type": "Graph*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start investigations", - "privilege": "StartInvestigation", + "description": "Grants permission to create an access token for a private leaderboard", + "privilege": "CreateLeaderboardAccessToken", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Graph*" + "resource_type": "leaderboard*" + }, + { + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start data ingest for a member account that has a status of ACCEPTED_BUT_DISABLED", - "privilege": "StartMonitoringMember", + "description": "Grants permission to submit a DeepRacer model to be evaluated for leaderboards", + "privilege": "CreateLeaderboardSubmission", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Graph*" + "resource_type": "leaderboard*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "reinforcement_learning_model*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to assign tag values to a behavior graph", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to create ra einforcement learning model for DeepRacer", + "privilege": "CreateReinforcementLearningModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Graph*" + "resource_type": "track*" }, { "condition_keys": [ - "aws:TagKeys", "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}" + "aws:TagKeys", + "deepracer:UserToken", + "deepracer:MultiUser" ], "dependent_actions": [], "resource_type": "" @@ -83651,18 +88349,19 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tag values from a behavior graph", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to delete a leaderboard", + "privilege": "DeleteLeaderboard", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Graph*" + "resource_type": "leaderboard*" }, { "condition_keys": [ - "aws:TagKeys" + "deepracer:UserToken", + "deepracer:MultiUser" ], "dependent_actions": [], "resource_type": "" @@ -83671,324 +88370,381 @@ }, { "access_level": "Write", - "description": "Grants permission to enable or disable datasource package(s) in a behavior graph managed by this account", - "privilege": "UpdateDatasourcePackages", + "description": "Grants permission to delete a DeepRacer model", + "privilege": "DeleteModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Graph*" + "resource_type": "reinforcement_learning_model*" + }, + { + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update an investigation's state and metadata", - "privilege": "UpdateInvestigationState", + "description": "Grants permission to edit a leaderboard", + "privilege": "EditLeaderboard", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Graph*" + "resource_type": "leaderboard*" + }, + { + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the current configuration related to the Amazon Detective integration with AWS Organizations", - "privilege": "UpdateOrganizationConfiguration", + "access_level": "Read", + "description": "Grants permission to get current multiuser configuration for this account", + "privilege": "GetAccountConfig", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [ - "organizations:DescribeOrganization" + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" ], - "resource_type": "Graph*" + "dependent_actions": [], + "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:detective:${Region}:${Account}:graph:${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Graph" - } - ], - "service_name": "Amazon Detective" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the allowed set of values for each of the tags", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on tag-value assoicated with the resource", - "type": "String" }, { - "condition": "aws:TagKeys", - "description": "Filters actions based on the presence of mandatory tags in the request", - "type": "ArrayOfString" - } - ], - "prefix": "devicefarm", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to create a device pool within a project", - "privilege": "CreateDevicePool", + "access_level": "Read", + "description": "Grants permission to retrieve the user's alias for submitting a DeepRacer model to leaderboards", + "privilege": "GetAlias", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a device instance profile", - "privilege": "CreateInstanceProfile", + "access_level": "Read", + "description": "Grants permission to download artifacts for an existing DeepRacer model", + "privilege": "GetAssetUrl", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "reinforcement_learning_model*" + }, + { + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a network profile within a project", - "privilege": "CreateNetworkProfile", + "access_level": "Read", + "description": "Grants permission to retrieve a specific DeepRacer car from your garage", + "privilege": "GetCar", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "car*" + }, + { + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a project for mobile testing", - "privilege": "CreateProject", + "access_level": "Read", + "description": "Grants permission to view all the DeepRacer cars in your garage", + "privilege": "GetCars", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [ - "ec2:CreateNetworkInterface", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "iam:CreateServiceLinkedRole" + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to start a remote access session to a device instance", - "privilege": "CreateRemoteAccessSession", + "access_level": "Read", + "description": "Grants permission to retrieve information about an existing DeepRacer model's evaluation jobs", + "privilege": "GetEvaluation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "device*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "project*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "deviceinstance" + "resource_type": "evaluation_job*" }, { - "condition_keys": [], + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], "dependent_actions": [], - "resource_type": "upload" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a project for desktop testing", - "privilege": "CreateTestGridProject", + "access_level": "Read", + "description": "Grants permission to retrieve information about how the latest submitted DeepRacer model for a user performed on a leaderboard", + "privilege": "GetLatestUserSubmission", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateNetworkInterface", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "iam:CreateServiceLinkedRole" + "dependent_actions": [], + "resource_type": "leaderboard*" + }, + { + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to generate a new pre-signed url used to access our test grid service", - "privilege": "CreateTestGridUrl", + "access_level": "Read", + "description": "Grants permission to retrieve information about leaderboards", + "privilege": "GetLeaderboard", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "testgrid-project*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to upload a new file or app within a project", - "privilege": "CreateUpload", - "resource_types": [ + "resource_type": "leaderboard*" + }, { - "condition_keys": [], + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an Amazon Virtual Private Cloud (VPC) endpoint configuration", - "privilege": "CreateVPCEConfiguration", + "access_level": "Read", + "description": "Grants permission to retrieve information about an existing DeepRacer model", + "privilege": "GetModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "reinforcement_learning_model*" + }, + { + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a user-generated device pool", - "privilege": "DeleteDevicePool", + "access_level": "Read", + "description": "Grants permission to retrieve information about private leaderboards", + "privilege": "GetPrivateLeaderboard", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "devicepool*" + "resource_type": "leaderboard*" + }, + { + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a user-generated instance profile", - "privilege": "DeleteInstanceProfile", + "access_level": "Read", + "description": "Grants permission to retrieve information about the performance of a user's DeepRacer model that got placed on a leaderboard", + "privilege": "GetRankedUserSubmission", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instanceprofile*" + "resource_type": "leaderboard*" + }, + { + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a user-generated network profile", - "privilege": "DeleteNetworkProfile", + "access_level": "Read", + "description": "Grants permission to retrieve information about DeepRacer tracks", + "privilege": "GetTrack", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "networkprofile*" + "resource_type": "track*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a mobile testing project", - "privilege": "DeleteProject", + "access_level": "Read", + "description": "Grants permission to retrieve information about an existing DeepRacer model's training job", + "privilege": "GetTrainingJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "training_job*" + }, + { + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a completed remote access session and its results", - "privilege": "DeleteRemoteAccessSession", + "description": "Grants permission to import a reinforcement learning model for DeepRacer", + "privilege": "ImportModel", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], "dependent_actions": [], - "resource_type": "session*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a run", - "privilege": "DeleteRun", + "access_level": "Read", + "description": "Grants permission to list a DeepRacer model's evaluation jobs", + "privilege": "ListEvaluations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "run*" + "resource_type": "reinforcement_learning_model*" + }, + { + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a desktop testing project", - "privilege": "DeleteTestGridProject", + "access_level": "Read", + "description": "Grants permission to list all the user's leaderboard evaluation jobs for a leaderboard", + "privilege": "ListLeaderboardEvaluations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "testgrid-project*" + "resource_type": "leaderboard*" + }, + { + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a user-uploaded file", - "privilege": "DeleteUpload", + "access_level": "Read", + "description": "Grants permission to list all the DeepRacer model submissions of a user on a leaderboard", + "privilege": "ListLeaderboardSubmissions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "upload*" + "resource_type": "leaderboard*" + }, + { + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an Amazon Virtual Private Cloud (VPC) endpoint configuration", - "privilege": "DeleteVPCEConfiguration", + "access_level": "Read", + "description": "Grants permission to list all the available leaderboards", + "privilege": "ListLeaderboards", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], "dependent_actions": [], - "resource_type": "vpceconfiguration*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the number of unmetered iOS and/or unmetered Android devices purchased by the account", - "privilege": "GetAccountSettings", + "description": "Grants permission to list all existing DeepRacer models", + "privilege": "ListModels", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], "dependent_actions": [], "resource_type": "" } @@ -83996,97 +88752,136 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve the information of a unique device type", - "privilege": "GetDevice", + "description": "Grants permission to retrieve participant information about private leaderboards", + "privilege": "ListPrivateLeaderboardParticipants", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "device*" + "resource_type": "leaderboard*" + }, + { + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retireve the information of a device instance", - "privilege": "GetDeviceInstance", + "description": "Grants permission to list all the available private leaderboards", + "privilege": "ListPrivateLeaderboards", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], "dependent_actions": [], - "resource_type": "deviceinstance*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retireve the information of a device pool", - "privilege": "GetDevicePool", + "description": "Grants permission to list all the subscribed private leaderboards", + "privilege": "ListSubscribedPrivateLeaderboards", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], "dependent_actions": [], - "resource_type": "devicepool*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve information about the compatibility of a test and/or app with a device pool", - "privilege": "GetDevicePoolCompatibility", + "description": "Grants permission to lists tag for a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "devicepool*" + "resource_type": "car" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "upload" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retireve the information of an instance profile", - "privilege": "GetInstanceProfile", - "resource_types": [ + "resource_type": "evaluation_job" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "instanceprofile*" + "resource_type": "leaderboard" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "leaderboard_evaluation_job" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "reinforcement_learning_model" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "training_job" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retireve the information of a job", - "privilege": "GetJob", + "description": "Grants permission to list all DeepRacer tracks", + "privilege": "ListTracks", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retireve the information of a network profile", - "privilege": "GetNetworkProfile", + "description": "Grants permission to list a DeepRacer model's training jobs", + "privilege": "ListTrainingJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "networkprofile*" + "resource_type": "reinforcement_learning_model*" + }, + { + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the current status and future status of all offerings purchased by an AWS account", - "privilege": "GetOfferingStatus", + "access_level": "Write", + "description": "Grants permission to migrate previous reinforcement learning models for DeepRacer", + "privilege": "MigrateModels", "resource_types": [ { "condition_keys": [], @@ -84096,202 +88891,353 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about a mobile testing project", - "privilege": "GetProject", + "access_level": "Write", + "description": "Grants permission to performs the leaderboard operation mentioned in the operation attribute", + "privilege": "PerformLeaderboardOperation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "leaderboard" + }, + { + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retireve the link to a currently running remote access session", - "privilege": "GetRemoteAccessSession", + "access_level": "Write", + "description": "Grants permission to remove access for a private leaderboard", + "privilege": "RemoveLeaderboardAccessPermission", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "session*" + "resource_type": "leaderboard*" + }, + { + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retireve the information of a run", - "privilege": "GetRun", + "access_level": "Write", + "description": "Grants permission to set the user's alias for submitting a DeepRacer model to leaderboards", + "privilege": "SetAlias", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], "dependent_actions": [], - "resource_type": "run*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retireve the information of a testing suite", - "privilege": "GetSuite", + "access_level": "Write", + "description": "Grants permission to evaluate a DeepRacer model in a simulated environment", + "privilege": "StartEvaluation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "suite*" + "resource_type": "reinforcement_learning_model*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "track*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retireve the information of a test case", - "privilege": "GetTest", + "access_level": "Write", + "description": "Grants permission to stop DeepRacer model evaluations", + "privilege": "StopEvaluation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "test*" + "resource_type": "evaluation_job*" + }, + { + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about a desktop testing project", - "privilege": "GetTestGridProject", + "access_level": "Write", + "description": "Grants permission to stop training a DeepRacer model", + "privilege": "StopTrainingReinforcementLearningModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "testgrid-project*" + "resource_type": "reinforcement_learning_model*" + }, + { + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retireve the information of a test grid session", - "privilege": "GetTestGridSession", + "access_level": "Tagging", + "description": "Grants permission to tag a resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "testgrid-project" + "resource_type": "car" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "testgrid-session" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retireve the information of an uploaded file", - "privilege": "GetUpload", - "resource_types": [ + "resource_type": "evaluation_job" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "upload*" + "resource_type": "leaderboard" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "leaderboard_evaluation_job" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "reinforcement_learning_model" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "training_job" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retireve the information of an Amazon Virtual Private Cloud (VPC) endpoint configuration", - "privilege": "GetVPCEConfiguration", + "access_level": "Write", + "description": "Grants permission to test reward functions for correctness", + "privilege": "TestRewardFunction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vpceconfiguration*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to install an application to a device in a remote access session", - "privilege": "InstallToRemoteAccessSession", + "access_level": "Tagging", + "description": "Grants permission to untag a resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "session*" + "resource_type": "car" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "upload*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list the artifacts in a project", - "privilege": "ListArtifacts", - "resource_types": [ + "resource_type": "evaluation_job" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "job" + "resource_type": "leaderboard" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "run" + "resource_type": "leaderboard_evaluation_job" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "suite" + "resource_type": "reinforcement_learning_model" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "test" + "resource_type": "training_job" + }, + { + "condition_keys": [ + "aws:TagKeys", + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the information of device instances", - "privilege": "ListDeviceInstances", + "access_level": "Write", + "description": "Grants permission to update a DeepRacer car in your garage", + "privilege": "UpdateCar", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "car*" + }, + { + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:deepracer:${Region}:${Account}:car/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "car" }, { - "access_level": "List", - "description": "Grants permission to list the information of device pools", - "privilege": "ListDevicePools", + "arn": "arn:${Partition}:deepracer:${Region}:${Account}:evaluation_job/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "evaluation_job" + }, + { + "arn": "arn:${Partition}:deepracer:${Region}::leaderboard/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "leaderboard" + }, + { + "arn": "arn:${Partition}:deepracer:${Region}:${Account}:leaderboard_evaluation_job/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "leaderboard_evaluation_job" + }, + { + "arn": "arn:${Partition}:deepracer:${Region}:${Account}:model/reinforcement_learning/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "reinforcement_learning_model" + }, + { + "arn": "arn:${Partition}:deepracer:${Region}::track/${ResourceId}", + "condition_keys": [], + "resource": "track" + }, + { + "arn": "arn:${Partition}:deepracer:${Region}:${Account}:training_job/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "training_job" + } + ], + "service_name": "AWS DeepRacer" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by specifying the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by specifying the tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by specifying the tag keys that are passed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "detective", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to accept an invitation to become a member of a behavior graph", + "privilege": "AcceptInvitation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "Graph*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the information of unique device types", - "privilege": "ListDevices", + "access_level": "Read", + "description": "Grants permission to retrieve the datasource package history for the specified member accounts in a behavior graph managed by this account", + "privilege": "BatchGetGraphMemberDatasources", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Graph*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the information of device instance profiles", - "privilege": "ListInstanceProfiles", + "access_level": "Read", + "description": "Grants permission to retrieve the datasource package history of the caller account for the specified graphs", + "privilege": "BatchGetMembershipDatasources", "resource_types": [ { "condition_keys": [], @@ -84301,140 +89247,1171 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the information of jobs within a run", - "privilege": "ListJobs", + "access_level": "Write", + "description": "Grants permission to create a behavior graph and begin to aggregate security information", + "privilege": "CreateGraph", + "resource_types": [ + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [ + "detective:TagResource" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to request the membership of one or more accounts in a behavior graph managed by this account", + "privilege": "CreateMembers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "run*" + "resource_type": "Graph*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the information of network profiles within a project", - "privilege": "ListNetworkProfiles", + "access_level": "Write", + "description": "Grants permission to delete a behavior graph and stop aggregating security information", + "privilege": "DeleteGraph", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "Graph*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the offering promotions", - "privilege": "ListOfferingPromotions", + "access_level": "Write", + "description": "Grants permission to remove member accounts from a behavior graph managed by this account", + "privilege": "DeleteMembers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Graph*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all of the historical purchases, renewals, and system renewal transactions for an AWS account", - "privilege": "ListOfferingTransactions", + "access_level": "Read", + "description": "Grants permission to view the current configuration related to the Amazon Detective integration with AWS Organizations", + "privilege": "DescribeOrganizationConfiguration", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "organizations:DescribeOrganization" + ], + "resource_type": "Graph*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the products or offerings that the user can manage through the API", - "privilege": "ListOfferings", + "access_level": "Write", + "description": "Grants permission to remove the Amazon Detective delegated administrator account for an organization", + "privilege": "DisableOrganizationAdminAccount", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "organizations:DescribeOrganization" + ], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the information of mobile testing projects for an AWS account", - "privilege": "ListProjects", + "access_level": "Write", + "description": "Grants permission to remove the association of this account with a behavior graph", + "privilege": "DisassociateMembership", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "Graph*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to designate the Amazon Detective delegated administrator account for an organization", + "privilege": "EnableOrganizationAdminAccount", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iam:CreateServiceLinkedRole", + "organizations:DescribeOrganization", + "organizations:EnableAWSServiceAccess", + "organizations:RegisterDelegatedAdministrator" + ], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the information of currently running remote access sessions", - "privilege": "ListRemoteAccessSessions", + "access_level": "Read", + "description": "Grants permission to retrieve a behavior graph's eligibility for a free trial period", + "privilege": "GetFreeTrialEligibility", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "Graph*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the information of runs within a project", - "privilege": "ListRuns", + "access_level": "Read", + "description": "Grants permission to retrieve the data ingestion state of a behavior graph", + "privilege": "GetGraphIngestState", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "Graph*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the information of samples within a project", - "privilege": "ListSamples", + "access_level": "Read", + "description": "Grants permission to get an investigation's status and metadata", + "privilege": "GetInvestigation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job*" + "resource_type": "Graph*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the information of testing suites within a job", - "privilege": "ListSuites", + "access_level": "Read", + "description": "Grants permission to retrieve details on specified members of a behavior graph", + "privilege": "GetMembers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job*" + "resource_type": "Graph*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the tags of a resource", - "privilege": "ListTagsForResource", + "access_level": "Read", + "description": "Grants permission to retrieve information about Amazon Detective's pricing", + "privilege": "GetPricingInformation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "device" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list usage information of a behavior graph", + "privilege": "GetUsageInformation", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deviceinstance" - }, + "resource_type": "Graph*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to invoke Detective's Assistant", + "privilege": "InvokeAssistant", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Graph*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list a graph's datasource package ingest states and timestamps for the most recent state changes in a behavior graph managed by this account", + "privilege": "ListDatasourcePackages", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Graph*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list behavior graphs managed by this account", + "privilege": "ListGraphs", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve high volume entities whose relationships cannot be stored by Detective", + "privilege": "ListHighDegreeEntities", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Graph*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the indicators of an investigation", + "privilege": "ListIndicators", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Graph*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the investigations of a behavior graph", + "privilege": "ListInvestigations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Graph*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve details on the behavior graphs to which this account has been invited to join", + "privilege": "ListInvitations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve details on all members of a behavior graph", + "privilege": "ListMembers", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Graph*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to view the current Amazon Detective delegated administrator account for an organization", + "privilege": "ListOrganizationAdminAccount", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "organizations:DescribeOrganization" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the tag values that are assigned to a behavior graph", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Graph*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to reject an invitation to become a member of a behavior graph", + "privilege": "RejectInvitation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Graph*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to search the data stored in a behavior graph", + "privilege": "SearchGraph", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Graph*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start investigations", + "privilege": "StartInvestigation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Graph*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start data ingest for a member account that has a status of ACCEPTED_BUT_DISABLED", + "privilege": "StartMonitoringMember", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Graph*" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to assign tag values to a behavior graph", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Graph*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to remove tag values from a behavior graph", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Graph*" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to enable or disable datasource package(s) in a behavior graph managed by this account", + "privilege": "UpdateDatasourcePackages", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Graph*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update an investigation's state and metadata", + "privilege": "UpdateInvestigationState", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Graph*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the current configuration related to the Amazon Detective integration with AWS Organizations", + "privilege": "UpdateOrganizationConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "organizations:DescribeOrganization" + ], + "resource_type": "Graph*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:detective:${Region}:${Account}:graph:${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Graph" + } + ], + "service_name": "Amazon Detective" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters actions based on the allowed set of values for each of the tags", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters actions based on tag-value assoicated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters actions based on the presence of mandatory tags in the request", + "type": "ArrayOfString" + } + ], + "prefix": "devicefarm", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create a device pool within a project", + "privilege": "CreateDevicePool", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "project*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a device instance profile", + "privilege": "CreateInstanceProfile", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a network profile within a project", + "privilege": "CreateNetworkProfile", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "project*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a project for mobile testing", + "privilege": "CreateProject", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "ec2:CreateNetworkInterface", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "iam:CreateServiceLinkedRole" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start a remote access session to a device instance", + "privilege": "CreateRemoteAccessSession", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "device*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "project*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "deviceinstance" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "upload" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a project for desktop testing", + "privilege": "CreateTestGridProject", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "ec2:CreateNetworkInterface", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "iam:CreateServiceLinkedRole" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to generate a new pre-signed url used to access our test grid service", + "privilege": "CreateTestGridUrl", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "testgrid-project*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to upload a new file or app within a project", + "privilege": "CreateUpload", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "project*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an Amazon Virtual Private Cloud (VPC) endpoint configuration", + "privilege": "CreateVPCEConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a user-generated device pool", + "privilege": "DeleteDevicePool", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "devicepool*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a user-generated instance profile", + "privilege": "DeleteInstanceProfile", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "instanceprofile*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a user-generated network profile", + "privilege": "DeleteNetworkProfile", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "networkprofile*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a mobile testing project", + "privilege": "DeleteProject", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "project*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a completed remote access session and its results", + "privilege": "DeleteRemoteAccessSession", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "session*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a run", + "privilege": "DeleteRun", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "run*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a desktop testing project", + "privilege": "DeleteTestGridProject", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "testgrid-project*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a user-uploaded file", + "privilege": "DeleteUpload", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "upload*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an Amazon Virtual Private Cloud (VPC) endpoint configuration", + "privilege": "DeleteVPCEConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "vpceconfiguration*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the number of unmetered iOS and/or unmetered Android devices purchased by the account", + "privilege": "GetAccountSettings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the information of a unique device type", + "privilege": "GetDevice", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "device*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retireve the information of a device instance", + "privilege": "GetDeviceInstance", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "deviceinstance*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retireve the information of a device pool", + "privilege": "GetDevicePool", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "devicepool*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about the compatibility of a test and/or app with a device pool", + "privilege": "GetDevicePoolCompatibility", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "devicepool*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "upload" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retireve the information of an instance profile", + "privilege": "GetInstanceProfile", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "instanceprofile*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retireve the information of a job", + "privilege": "GetJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "job*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retireve the information of a network profile", + "privilege": "GetNetworkProfile", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "networkprofile*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the current status and future status of all offerings purchased by an AWS account", + "privilege": "GetOfferingStatus", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about a mobile testing project", + "privilege": "GetProject", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "project*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retireve the link to a currently running remote access session", + "privilege": "GetRemoteAccessSession", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "session*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retireve the information of a run", + "privilege": "GetRun", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "run*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retireve the information of a testing suite", + "privilege": "GetSuite", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "suite*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retireve the information of a test case", + "privilege": "GetTest", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "test*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about a desktop testing project", + "privilege": "GetTestGridProject", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "testgrid-project*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retireve the information of a test grid session", + "privilege": "GetTestGridSession", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "testgrid-project" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "testgrid-session" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retireve the information of an uploaded file", + "privilege": "GetUpload", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "upload*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retireve the information of an Amazon Virtual Private Cloud (VPC) endpoint configuration", + "privilege": "GetVPCEConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "vpceconfiguration*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to install an application to a device in a remote access session", + "privilege": "InstallToRemoteAccessSession", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "session*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "upload*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the artifacts in a project", + "privilege": "ListArtifacts", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "job" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "run" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "suite" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "test" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the information of device instances", + "privilege": "ListDeviceInstances", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the information of device pools", + "privilege": "ListDevicePools", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "project*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the information of unique device types", + "privilege": "ListDevices", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the information of device instance profiles", + "privilege": "ListInstanceProfiles", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the information of jobs within a run", + "privilege": "ListJobs", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "run*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the information of network profiles within a project", + "privilege": "ListNetworkProfiles", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "project*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the offering promotions", + "privilege": "ListOfferingPromotions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all of the historical purchases, renewals, and system renewal transactions for an AWS account", + "privilege": "ListOfferingTransactions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the products or offerings that the user can manage through the API", + "privilege": "ListOfferings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the information of mobile testing projects for an AWS account", + "privilege": "ListProjects", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the information of currently running remote access sessions", + "privilege": "ListRemoteAccessSessions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "project*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the information of runs within a project", + "privilege": "ListRuns", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "project*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the information of samples within a project", + "privilege": "ListSamples", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "job*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the information of testing suites within a job", + "privilege": "ListSuites", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "job*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the tags of a resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "device" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "deviceinstance" + }, { "condition_keys": [], "dependent_actions": [], @@ -85746,7 +91723,10 @@ "privilege": "CreateDirectConnectGateway", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -86182,6 +92162,11 @@ "description": "Grants permission to describe the tags associated with the specified AWS Direct Connect resources", "privilege": "DescribeTags", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dx-gateway" + }, { "condition_keys": [], "dependent_actions": [], @@ -86308,6 +92293,11 @@ "description": "Grants permission to add the specified tags to the specified AWS Direct Connect resource. Each resource can have a maximum of 50 tags", "privilege": "TagResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dx-gateway" + }, { "condition_keys": [], "dependent_actions": [], @@ -86338,6 +92328,11 @@ "description": "Grants permission to remove one or more tags from the specified AWS Direct Connect resource", "privilege": "UntagResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dx-gateway" + }, { "condition_keys": [], "dependent_actions": [], @@ -86447,7 +92442,9 @@ }, { "arn": "arn:${Partition}:directconnect::${Account}:dx-gateway/${DirectConnectGatewayId}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "dx-gateway" } ], @@ -87166,9 +93163,7 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "dms:StartExtensionPackAssociation" - ], + "dependent_actions": [], "resource_type": "MigrationProject*" } ] @@ -87185,42 +93180,6 @@ } ] }, - { - "access_level": "Write", - "description": "Grants permission to cancel a single metadata model assessment run", - "privilege": "CancelMetadataModelAssessment", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "MigrationProject*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to cancel a single metadata model conversion run", - "privilege": "CancelMetadataModelConversion", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "MigrationProject*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to cancel a single metadata model export run", - "privilege": "CancelMetadataModelExport", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "MigrationProject*" - } - ] - }, { "access_level": "Write", "description": "Grants permission to cancel a single premigration assessment run", @@ -87721,20 +93680,6 @@ } ] }, - { - "access_level": "Read", - "description": "Grants permission to list the AWS DMS attributes for a data providers. Note. This action should be added along with ListDataProviders, but does not currently authorize the described Schema Conversion operation", - "privilege": "DescribeDataProviders", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "dms:ListDataProviders" - ], - "resource_type": "DataProvider" - } - ] - }, { "access_level": "Read", "description": "Grants permission to return the possible endpoint settings available when you create an endpoint for a specific database engine", @@ -87819,20 +93764,6 @@ } ] }, - { - "access_level": "Read", - "description": "Grants permission to list the AWS DMS attributes for extension packs. Note. This action should be added along with ListExtensionPacks, but does not currently authorize the described Schema Conversion operation", - "privilege": "DescribeExtensionPackAssociations", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "dms:ListExtensionPacks" - ], - "resource_type": "MigrationProject*" - } - ] - }, { "access_level": "Read", "description": "Grants permission to return a paginated list of Fleet Advisor collectors in your account based on filter settings", @@ -87893,76 +93824,6 @@ } ] }, - { - "access_level": "Read", - "description": "Grants permission to list the AWS DMS attributes for a instance profiles. Note. This action should be added along with ListInstanceProfiles, but does not currently authorize the described Schema Conversion operation", - "privilege": "DescribeInstanceProfiles", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "dms:ListInstanceProfiles" - ], - "resource_type": "InstanceProfile" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list the AWS DMS attributes for metadata model assessments. Note. This action should be added along with ListMetadataModelAssessments, but does not currently authorize the described Schema Conversion operation", - "privilege": "DescribeMetadataModelAssessments", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "dms:ListMetadataModelAssessments" - ], - "resource_type": "MigrationProject*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list the AWS DMS attributes for a metadata model conversions. Note. This action should be added along with ListMetadataModelConversions, but does not currently authorize the described Schema Conversion operation", - "privilege": "DescribeMetadataModelConversions", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "dms:ListMetadataModelConversions" - ], - "resource_type": "MigrationProject*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list the AWS DMS attributes for a metadata model exports. Note. This action should be added along with ListMetadataModelExports, but does not currently authorize the described Schema Conversion operation", - "privilege": "DescribeMetadataModelExportsAsScript", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "dms:ListMetadataModelExports" - ], - "resource_type": "MigrationProject*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list the AWS DMS attributes for a metadata model exports. Note. This action should be added along with ListMetadataModelExports, but does not currently authorize the described Schema Conversion operation", - "privilege": "DescribeMetadataModelExportsToTarget", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "dms:ListMetadataModelExports" - ], - "resource_type": "MigrationProject*" - } - ] - }, { "access_level": "Read", "description": "Grants permission to return information about start metadata model import operations for a migration project", @@ -87975,30 +93836,6 @@ } ] }, - { - "access_level": "Read", - "description": "Grants permission to list the AWS DMS attributes for a migration projects. Note. This action should be added along with ListMigrationProjects, but does not currently authorize the described Schema Conversion operation", - "privilege": "DescribeMigrationProjects", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "dms:ListMigrationProjects" - ], - "resource_type": "DataProvider" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "InstanceProfile" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "MigrationProject" - } - ] - }, { "access_level": "Read", "description": "Grants permission to return information about the replication instance types that can be created in the specified region", @@ -88226,18 +94063,6 @@ } ] }, - { - "access_level": "Write", - "description": "Grants permission to disassociate a extension pack", - "privilege": "DisassociateExtensionPack", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "MigrationProject*" - } - ] - }, { "access_level": "Write", "description": "Grants permission to export the specified metadata model assessment", @@ -88250,20 +94075,6 @@ } ] }, - { - "access_level": "Read", - "description": "Grants permission to list all of the AWS DMS attributes for a metadata model. Note. Despite this action requires StartMetadataModelImport, the latter does not currently authorize the described Schema Conversion operation", - "privilege": "GetMetadataModel", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "dms:StartMetadataModelImport" - ], - "resource_type": "MigrationProject" - } - ] - }, { "access_level": "Write", "description": "Grants permission to upload the specified certificate", @@ -88287,10 +94098,8 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "dms:DescribeDataProviders" - ], - "resource_type": "DataProvider" + "dependent_actions": [], + "resource_type": "" } ] }, @@ -88301,9 +94110,7 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "dms:DescribeExtensionPackAssociations" - ], + "dependent_actions": [], "resource_type": "MigrationProject" } ] @@ -88315,9 +94122,7 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "dms:DescribeInstanceProfiles" - ], + "dependent_actions": [], "resource_type": "InstanceProfile" } ] @@ -88343,9 +94148,7 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "dms:DescribeMetadataModelAssessments" - ], + "dependent_actions": [], "resource_type": "MigrationProject" } ] @@ -88357,9 +94160,7 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "dms:DescribeMetadataModelConversions" - ], + "dependent_actions": [], "resource_type": "MigrationProject" } ] @@ -88371,10 +94172,7 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "dms:DescribeMetadataModelExportsAsScript", - "dms:DescribeMetadataModelExportsToTarget" - ], + "dependent_actions": [], "resource_type": "MigrationProject" } ] @@ -88387,8 +94185,7 @@ { "condition_keys": [], "dependent_actions": [ - "dms:DescribeConversionConfiguration", - "dms:DescribeMigrationProjects" + "dms:DescribeConversionConfiguration" ], "resource_type": "DataProvider" }, @@ -88476,20 +94273,6 @@ } ] }, - { - "access_level": "Write", - "description": "Grants permission to update a conversion configuration. Note. This action should be added along with UpdateConversionConfiguration, but does not currently authorize the described Schema Conversion operation", - "privilege": "ModifyConversionConfiguration", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "dms:UpdateConversionConfiguration" - ], - "resource_type": "MigrationProject*" - } - ] - }, { "access_level": "Write", "description": "Grants permission to modify the specified database migration", @@ -88504,21 +94287,6 @@ } ] }, - { - "access_level": "Write", - "description": "Grants permission to modify the specified data provider. Note. This action should be added along with UpdateDataProvider, but does not currently authorize the described Schema Conversion operation", - "privilege": "ModifyDataProvider", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "dms:UpdateDataProvider", - "iam:PassRole" - ], - "resource_type": "DataProvider*" - } - ] - }, { "access_level": "Write", "description": "Grants permission to modify the specified endpoint", @@ -88574,36 +94342,6 @@ } ] }, - { - "access_level": "Write", - "description": "Grants permission to modify the specified instance profile. Note. This action should be added along with UpdateInstanceProfile, but does not currently authorize the described Schema Conversion operation", - "privilege": "ModifyInstanceProfile", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "dms:UpdateInstanceProfile", - "iam:PassRole" - ], - "resource_type": "InstanceProfile*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to modify the specified migration project. Note. This action should be added along with UpdateMigrationProject, but does not currently authorize the described Schema Conversion operation", - "privilege": "ModifyMigrationProject", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "dms:UpdateMigrationProject", - "iam:PassRole" - ], - "resource_type": "MigrationProject*" - } - ] - }, { "access_level": "Write", "description": "Grants permission to modify the specified replication config", @@ -88827,20 +94565,6 @@ } ] }, - { - "access_level": "Write", - "description": "Grants permission to associate an extension pack. Note. This action should be added along with AssociateExtensionPack, but does not currently authorize the described Schema Conversion operation", - "privilege": "StartExtensionPackAssociation", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "dms:AssociateExtensionPack" - ], - "resource_type": "MigrationProject*" - } - ] - }, { "access_level": "Write", "description": "Grants permission to start a new assessment of metadata model", @@ -88865,20 +94589,6 @@ } ] }, - { - "access_level": "Write", - "description": "Grants permission to start a new export of metadata model as script. Note. This action should be added along with StartMetadataModelExportAsScripts, but does not currently authorize the described Schema Conversion operation", - "privilege": "StartMetadataModelExportAsScript", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "dms:StartMetadataModelExportAsScripts" - ], - "resource_type": "MigrationProject*" - } - ] - }, { "access_level": "Write", "description": "Grants permission to start a new export of metadata model as script", @@ -88886,9 +94596,7 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "dms:StartMetadataModelExportAsScript" - ], + "dependent_actions": [], "resource_type": "MigrationProject*" } ] @@ -89039,9 +94747,7 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "dms:ModifyConversionConfiguration" - ], + "dependent_actions": [], "resource_type": "MigrationProject*" } ] @@ -89053,9 +94759,7 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "dms:ModifyDataProvider" - ], + "dependent_actions": [], "resource_type": "DataProvider*" } ] @@ -89067,9 +94771,7 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "dms:ModifyInstanceProfile" - ], + "dependent_actions": [], "resource_type": "InstanceProfile*" } ] @@ -89081,9 +94783,7 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "dms:ModifyMigrationProject" - ], + "dependent_actions": [], "resource_type": "MigrationProject*" } ] @@ -91494,6 +97194,39 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a Hybrid Managed AD directory", + "privilege": "CreateHybridAD", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateNetworkInterface", + "ec2:CreateNetworkInterfacePermission", + "ec2:CreateSecurityGroup", + "ec2:CreateTags", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "iam:CreateServiceLinkedRole", + "iam:GetRole", + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue", + "ssm:GetCommandInvocation", + "ssm:GetConnectionStatus", + "ssm:ListCommands", + "ssm:SendCommand" + ], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create an IdentityPool Directory in the AWS cloud", @@ -91569,6 +97302,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a directory assessment", + "privilege": "DeleteADAssessment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a conditional forwarder that has been set up for your AWS directory", @@ -91659,6 +97404,30 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to describe a directory assessment", + "privilege": "DescribeADAssessment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe the ca enrollment status of a specified directory", + "privilege": "DescribeCAEnrollmentPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to display information about the certificate registered for a secured LDAP connection", @@ -91743,6 +97512,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to describe the updates of a specified hybrid directory", + "privilege": "DescribeHybridADUpdate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe the status of LDAP security for the specified directory", @@ -91827,6 +97608,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to disable the ca enrollment of a specified directory", + "privilege": "DisableCAEnrollmentPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to disable alternative client authentication methods for the specified directory", @@ -91899,6 +97692,21 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to enable the ca enrollment of a specified directory", + "privilege": "EnableCAEnrollmentPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "acm-pca:DescribeCertificateAuthority", + "pca-connector-ad:GetConnector" + ], + "resource_type": "directory*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to enable alternative client authentication methods for the specified directory", @@ -92009,6 +97817,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list directory assessments", + "privilege": "ListADAssessments", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to obtain the AWS applications authorized for a directory", @@ -92201,6 +98021,33 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to start a directory assessment", + "privilege": "StartADAssessment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateNetworkInterface", + "ec2:CreateNetworkInterfacePermission", + "ec2:CreateSecurityGroup", + "ec2:DeleteNetworkInterface", + "ec2:DeleteSecurityGroup", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ssm:GetCommandInvocation", + "ssm:GetConnectionStatus", + "ssm:ListCommands", + "ssm:SendCommand" + ], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to apply a schema extension to a Microsoft AD directory", @@ -92285,6 +98132,34 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update configurations for a specified hybrid directory", + "privilege": "UpdateHybridAD", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateNetworkInterface", + "ec2:CreateNetworkInterfacePermission", + "ec2:CreateSecurityGroup", + "ec2:CreateTags", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue", + "ssm:GetCommandInvocation", + "ssm:GetConnectionStatus", + "ssm:ListCommands", + "ssm:SendCommand" + ], + "resource_type": "directory*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to add or remove domain controllers to or from the directory. Based on the difference between current value and new value (provided through this API call), domain controllers will be added or removed. It may take up to 45 minutes for any new domain controllers to become fully active once the requested number of domain controllers is updated. During this time, you cannot make another update request", @@ -92812,50 +98687,54 @@ "description": "Filters access by a list of tag keys that are allowed in the request", "type": "ArrayOfString" }, + { + "condition": "dsql:FisActionId", + "description": "Filters access by the ID of an AWS FIS action", + "type": "String" + }, + { + "condition": "dsql:FisTargetArns", + "description": "Filters access by the ARN of an AWS FIS target", + "type": "ArrayOfARN" + }, { "condition": "dsql:WitnessRegion", - "description": "Filters access by the witness region of linked clusters", - "type": "ArrayOfString" + "description": "Filters access by the witness region of multi-Region clusters", + "type": "String" } ], "prefix": "dsql", "privileges": [ { "access_level": "Write", - "description": "Grants permission to create new clusters", - "privilege": "CreateCluster", + "description": "Grants permission to add a peer cluster to a multi-Region cluster", + "privilege": "AddPeerCluster", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "iam:CreateServiceLinkedRole" + "dsql:PutMultiRegionProperties" ], "resource_type": "Cluster*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create multi-Region clusters. Creating multi-Region clusters also requires CreateCluster permission in each specified Region", - "privilege": "CreateMultiRegionClusters", + "description": "Grants permission to create new clusters", + "privilege": "CreateCluster", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "dsql:CreateCluster" + "iam:CreateServiceLinkedRole" ], "resource_type": "Cluster*" }, { "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", "dsql:WitnessRegion" ], "dependent_actions": [], @@ -92901,14 +98780,24 @@ }, { "access_level": "Write", - "description": "Grants permission to delete multi-Region clusters. Deleting multi-Region clusters also requires DeleteCluster permission in each specified Region", - "privilege": "DeleteMultiRegionClusters", + "description": "Grants permission to remove the inline resource-based policy attached to a cluster", + "privilege": "DeleteClusterPolicy", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "dsql:DeleteCluster" - ], + "dependent_actions": [], + "resource_type": "Cluster*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the status of an Aurora DSQL cluster backup job", + "privilege": "GetBackupJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], "resource_type": "Cluster*" } ] @@ -92925,6 +98814,57 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the inline resource-based policy attached to a cluster", + "privilege": "GetClusterPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Cluster*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the status of an Aurora DSQL cluster restore job", + "privilege": "GetRestoreJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Cluster*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the VPC endpoint service name for a cluster", + "privilege": "GetVpcEndpointServiceName", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Cluster*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to inject errors in targeted clusters", + "privilege": "InjectError", + "resource_types": [ + { + "condition_keys": [ + "dsql:FisActionId", + "dsql:FisTargetArns" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to retrieve a list of clusters", @@ -92949,6 +98889,116 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to attach or update the inline resource-based policy attached to a cluster", + "privilege": "PutClusterPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Cluster*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update multi-Region properties of a cluster", + "privilege": "PutMultiRegionProperties", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Cluster*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to configure and update the witness Region of a multi-Region cluster", + "privilege": "PutWitnessRegion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "dsql:PutMultiRegionProperties" + ], + "resource_type": "Cluster*" + }, + { + "condition_keys": [ + "dsql:WitnessRegion" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to remove a peer cluster from a multi-Region cluster", + "privilege": "RemovePeerCluster", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "dsql:PutMultiRegionProperties" + ], + "resource_type": "Cluster*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start a backup job for an Aurora DSQL cluster", + "privilege": "StartBackupJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Cluster*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start a restore job for an Aurora DSQL cluster", + "privilege": "StartRestoreJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "dsql:CreateCluster", + "iam:CreateServiceLinkedRole" + ], + "resource_type": "Cluster*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to stop a backup job for an Aurora DSQL cluster", + "privilege": "StopBackupJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Cluster*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to stop a restore job for an Aurora DSQL Cluster", + "privilege": "StopRestoreJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Cluster*" + } + ] + }, { "access_level": "Tagging", "description": "Grants permission to add tags to Aurora DSQL resources", @@ -92997,6 +99047,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "Cluster*" + }, + { + "condition_keys": [ + "dsql:WitnessRegion" + ], + "dependent_actions": [], + "resource_type": "" } ] } @@ -93161,6 +99218,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to add a Witness to a Global Table", + "privilege": "CreateGlobalTableWitness", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to the CreateTable operation adds a new table to your account", @@ -93205,6 +99274,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to remove a Witness from a Global Table", + "privilege": "DeleteGlobalTableWitness", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to deletes a single item in a table by primary key", @@ -94225,8 +100306,8 @@ }, { "condition": "ebs:ParentSnapshot", - "description": "Filters access by the ID of the parent snapshot", - "type": "String" + "description": "Filters access by the ARN of the parent snapshot", + "type": "ARN" }, { "condition": "ebs:VolumeSize", @@ -94449,6 +100530,11 @@ "description": "Filters access by the name of an Availability Zone in an AWS Region", "type": "String" }, + { + "condition": "ec2:AvailabilityZoneId", + "description": "Filters access by the ID of an Availability Zone in an AWS Region", + "type": "String" + }, { "condition": "ec2:CapacityReservationFleet", "description": "Filters access by the ARN of the Capacity Reservation Fleet", @@ -94534,6 +100620,11 @@ "description": "Filters access by the way in which the Capacity Reservation ends", "type": "String" }, + { + "condition": "ec2:EphemeralStorage", + "description": "Filters access by whether the instance is enabled for ephemeral storage", + "type": "Bool" + }, { "condition": "ec2:FisActionId", "description": "Filters access by the ID of an AWS FIS action", @@ -94949,6 +101040,11 @@ "description": "Filters access by the ID of a volume", "type": "String" }, + { + "condition": "ec2:VolumeInitializationRate", + "description": "Filters access by the initialization rate of the volume, in MiBps", + "type": "Numeric" + }, { "condition": "ec2:VolumeIops", "description": "Filters access by the the number of input/output operations per second (IOPS) provisioned for the volume", @@ -94984,6 +101080,11 @@ "description": "Filters access by the ID of a VPC peering connection", "type": "String" }, + { + "condition": "ec2:VpceMultiRegion", + "description": "Filters access by multi region of the VPC endpoint service", + "type": "String" + }, { "condition": "ec2:VpceServiceName", "description": "Filters access by the name of the VPC endpoint service", @@ -94999,6 +101100,16 @@ "description": "Filters access by the private DNS name of the VPC endpoint service", "type": "String" }, + { + "condition": "ec2:VpceServiceRegion", + "description": "Filters access by the region of the VPC endpoint service", + "type": "String" + }, + { + "condition": "ec2:VpceSupportedRegion", + "description": "Filters access by the supported region of the VPC endpoint service", + "type": "String" + }, { "condition": "ec2:transitGatewayAttachmentId", "description": "Filters access by the ID of a transit gateway attachment", @@ -95033,21 +101144,6 @@ "condition": "ec2:transitGatewayRouteTableId", "description": "Filters access by the ID of a transit gateway route table", "type": "String" - }, - { - "condition": "ec2:vpceMultiRegion", - "description": "Filters access by multi region of the VPC endpoint service", - "type": "String" - }, - { - "condition": "ec2:vpceServiceRegion", - "description": "Filters access by the region of the VPC endpoint service", - "type": "String" - }, - { - "condition": "ec2:vpceSupportedRegion", - "description": "Filters access by the supported region of the VPC endpoint service", - "type": "String" } ], "prefix": "ec2", @@ -95121,6 +101217,18 @@ "description": "Grants permission to accept a Convertible Reserved Instance exchange quote", "privilege": "AcceptReservedInstancesExchangeQuote", "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:InstanceType", + "ec2:ReservedInstancesOfferingType", + "ec2:ResourceTag/${TagKey}", + "ec2:Tenancy" + ], + "dependent_actions": [], + "resource_type": "reserved-instances*" + }, { "condition_keys": [ "ec2:Region" @@ -95217,8 +101325,8 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:ResourceTag/${TagKey}", - "ec2:vpceMultiRegion", - "ec2:vpceSupportedRegion" + "ec2:VpceMultiRegion", + "ec2:VpceSupportedRegion" ], "dependent_actions": [], "resource_type": "vpc-endpoint-service*" @@ -95516,6 +101624,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:CpuOptionsAmdSevSnp", "ec2:EbsOptimized", "ec2:InstanceAutoRecovery", @@ -95619,6 +101728,7 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZoneId", "ec2:ResourceTag/${TagKey}", "ec2:SubnetID" ], @@ -95700,6 +101810,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:CpuOptionsAmdSevSnp", "ec2:EbsOptimized", "ec2:InstanceAutoRecovery", @@ -95843,6 +101954,40 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to associate a route server with a VPC", + "privilege": "AssociateRouteServer", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "route-server*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Ipv4IpamPoolId", + "ec2:Ipv6IpamPoolId", + "ec2:ResourceTag/${TagKey}", + "ec2:Tenancy", + "ec2:VpcID" + ], + "dependent_actions": [], + "resource_type": "vpc*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to associate a subnet or gateway with a route table", @@ -95867,10 +102012,19 @@ "dependent_actions": [], "resource_type": "internet-gateway" }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipv4pool-ec2" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:ResourceTag/${TagKey}", "ec2:SubnetID", "ec2:Vpc" @@ -95940,6 +102094,8 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", + "ec2:Ipv6IpamPoolId", "ec2:ResourceTag/${TagKey}", "ec2:SubnetID", "ec2:Vpc" @@ -95973,6 +102129,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:ResourceTag/${TagKey}", "ec2:SubnetID", "ec2:Vpc" @@ -96158,6 +102315,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:CpuOptionsAmdSevSnp", "ec2:EbsOptimized", "ec2:InstanceAutoRecovery", @@ -96250,6 +102408,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:CpuOptionsAmdSevSnp", "ec2:EbsOptimized", "ec2:InstanceAutoRecovery", @@ -96333,6 +102492,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:CpuOptionsAmdSevSnp", "ec2:EbsOptimized", "ec2:InstanceAutoRecovery", @@ -96359,11 +102519,14 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:Encrypted", "ec2:ManagedResourceOperator", "ec2:ParentSnapshot", + "ec2:ParentVolume", "ec2:ResourceTag/${TagKey}", "ec2:VolumeID", + "ec2:VolumeInitializationRate", "ec2:VolumeIops", "ec2:VolumeSize", "ec2:VolumeThroughput", @@ -96650,7 +102813,7 @@ ] }, { - "access_level": "Write", + "access_level": "Permissions management", "description": "Grants permission to remove your AWS account from the launch permissions for the specified AMI", "privilege": "CancelImageLaunchPermission", "resource_types": [ @@ -96835,15 +102998,22 @@ }, { "access_level": "Write", - "description": "Grants permission to copy a point-in-time snapshot of an EBS volume and store it in Amazon S3. Resource-level permissions specified for this action apply to the new snapshot only. They do not apply to the source snapshot", + "description": "Grants permission to copy a point-in-time snapshot of an EBS volume and store it in Amazon S3. Resource-level permissions specified for this action apply to both the snapshot copy and the source snapshot", "privilege": "CopySnapshot", "resource_types": [ { "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", + "ec2:Encrypted", "ec2:OutpostArn", - "ec2:SnapshotID" + "ec2:Owner", + "ec2:ParentSnapshot", + "ec2:ParentVolume", + "ec2:ProductCode", + "ec2:SnapshotID", + "ec2:SnapshotTime", + "ec2:VolumeSize" ], "dependent_actions": [ "ec2:CreateTags" @@ -96859,6 +103029,65 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a copy of an EBS volume. Resource-level permissions specified for this action apply to the source and copied volume. Condition keys for the copied volume correspond to parameters specified in the CopyVolumes API request", + "privilege": "CopyVolumes", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", + "ec2:Encrypted", + "ec2:ManagedResourceOperator", + "ec2:ParentSnapshot", + "ec2:ParentVolume", + "ec2:VolumeInitializationRate", + "ec2:VolumeIops", + "ec2:VolumeSize", + "ec2:VolumeThroughput", + "ec2:VolumeType" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "volume*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a new S3 Data Export for Capacity Manager", + "privilege": "CreateCapacityManagerDataExport", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "capacity-manager-data-export*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a Capacity Reservation", @@ -96868,7 +103097,20 @@ "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", - "ec2:CapacityReservationFleet" + "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", + "ec2:CapacityReservationFleet", + "ec2:EbsOptimized", + "ec2:EndDate", + "ec2:EndDateType", + "ec2:EphemeralStorage", + "ec2:InstanceCount", + "ec2:InstanceMatchCriteria", + "ec2:InstancePlatform", + "ec2:InstanceType", + "ec2:OutpostArn", + "ec2:PlacementGroup", + "ec2:Tenancy" ], "dependent_actions": [ "ec2:CreateTags" @@ -97054,6 +103296,7 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZoneId", "ec2:ResourceTag/${TagKey}", "ec2:SubnetID" ], @@ -97124,7 +103367,7 @@ ] }, { - "access_level": "Write", + "access_level": "Permissions management", "description": "Grants permission to allow a service to access a customer-owned IP (CoIP) pool", "privilege": "CreateCoipPoolPermission", "resource_types": [ @@ -97197,6 +103440,52 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a volume ownership delegation task for an Apple silicon Mac instance", + "privilege": "CreateDelegateMacVolumeOwnershipTask", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", + "ec2:EbsOptimized", + "ec2:InstanceAutoRecovery", + "ec2:InstanceBandwidthWeighting", + "ec2:InstanceMarketType", + "ec2:InstanceMetadataTags", + "ec2:InstanceProfile", + "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType", + "ec2:Tenancy" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "mac-modification-task*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a set of DHCP options for a VPC", @@ -97276,6 +103565,7 @@ "aws:RequestTag/${TagKey}", "aws:TagKeys", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:CpuOptionsAmdSevSnp", "ec2:EbsOptimized", "ec2:InstanceBandwidthWeighting", @@ -97324,6 +103614,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:ResourceTag/${TagKey}", "ec2:SubnetID", "ec2:Vpc" @@ -97336,6 +103627,7 @@ "aws:RequestTag/${TagKey}", "aws:TagKeys", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:Encrypted", "ec2:KmsKeyId", "ec2:ParentSnapshot", @@ -97466,7 +103758,7 @@ }, { "access_level": "Write", - "description": "Grants permission to create an Amazon EBS-backed AMI from a stopped or running Amazon EBS-backed instance", + "description": "Grants permission to create an Amazon EBS-backed AMI from a stopped or running Amazon EBS-backed instance. This action can reboot instances as part of the image creation process, even without RebootInstances permissions. To prevent instance reboots during image creation, use the NoReboot parameter", "privilege": "CreateImage", "resource_types": [ { @@ -97485,6 +103777,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:CpuOptionsAmdSevSnp", "ec2:EbsOptimized", "ec2:InstanceAutoRecovery", @@ -97494,6 +103787,7 @@ "ec2:InstanceMetadataTags", "ec2:InstanceProfile", "ec2:InstanceType", + "ec2:ManagedResourceOperator", "ec2:MetadataHttpEndpoint", "ec2:MetadataHttpPutResponseHopLimit", "ec2:MetadataHttpTokens", @@ -97529,6 +103823,43 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create an AMI usage report", + "privilege": "CreateImageUsageReport", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ImageID", + "ec2:ImageType", + "ec2:Owner", + "ec2:Public", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "image*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "image-usage-report*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create an EC2 Instance Connect Endpoint that allows you to connect to an instance without a public IPv4 address", @@ -97549,6 +103880,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:ResourceTag/${TagKey}", "ec2:SubnetID", "ec2:Vpc" @@ -97618,6 +103950,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:CpuOptionsAmdSevSnp", "ec2:EbsOptimized", "ec2:InstanceAutoRecovery", @@ -97627,6 +103960,7 @@ "ec2:InstanceMetadataTags", "ec2:InstanceProfile", "ec2:InstanceType", + "ec2:ManagedResourceOperator", "ec2:MetadataHttpEndpoint", "ec2:MetadataHttpPutResponseHopLimit", "ec2:MetadataHttpTokens", @@ -97876,6 +104210,7 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", + "ec2:ManagedResourceOperator", "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [ @@ -97975,7 +104310,7 @@ ] }, { - "access_level": "Write", + "access_level": "Permissions management", "description": "Grants permission to allow a service to access a local gateway route table", "privilege": "CreateLocalGatewayRouteTablePermission", "resource_types": [ @@ -98078,6 +104413,124 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a local gateway virtual interface", + "privilege": "CreateLocalGatewayVirtualInterface", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "local-gateway-virtual-interface*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "local-gateway-virtual-interface-group*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "outpost-lag*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a local gateway virtual interface group", + "privilege": "CreateLocalGatewayVirtualInterfaceGroup", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "local-gateway*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "local-gateway-virtual-interface-group*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a System Integrity Protection (SIP) modification task for an Amazon EC2 Mac instance", + "privilege": "CreateMacSystemIntegrityProtectionModificationTask", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", + "ec2:EbsOptimized", + "ec2:InstanceAutoRecovery", + "ec2:InstanceBandwidthWeighting", + "ec2:InstanceMarketType", + "ec2:InstanceMetadataTags", + "ec2:InstanceProfile", + "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType", + "ec2:Tenancy" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "mac-modification-task*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a managed prefix list", @@ -98121,6 +104574,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:ResourceTag/${TagKey}", "ec2:SubnetID", "ec2:Vpc" @@ -98250,6 +104704,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:CpuOptionsAmdSevSnp", "ec2:EbsOptimized", "ec2:InstanceAutoRecovery", @@ -98365,6 +104820,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:ResourceTag/${TagKey}", "ec2:SubnetID", "ec2:Vpc" @@ -98402,6 +104858,7 @@ "ec2:AuthorizedService", "ec2:AuthorizedUser", "ec2:AvailabilityZone", + "ec2:ManagedResourceOperator", "ec2:NetworkInterfaceID", "ec2:Permission", "ec2:ResourceTag/${TagKey}", @@ -98479,6 +104936,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:CpuOptionsAmdSevSnp", "ec2:EbsOptimized", "ec2:InstanceAutoRecovery", @@ -98488,6 +104946,7 @@ "ec2:InstanceMetadataTags", "ec2:InstanceProfile", "ec2:InstanceType", + "ec2:ManagedResourceOperator", "ec2:MetadataHttpEndpoint", "ec2:MetadataHttpPutResponseHopLimit", "ec2:MetadataHttpTokens", @@ -98514,7 +104973,8 @@ "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", - "ec2:VolumeID" + "ec2:VolumeID", + "ec2:VolumeInitializationRate" ], "dependent_actions": [], "resource_type": "volume*" @@ -98618,6 +105078,116 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a route server", + "privilege": "CreateRouteServer", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "ec2:CreateTags", + "sns:CreateTopic" + ], + "resource_type": "route-server*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a route server endpoint", + "privilege": "CreateRouteServerEndpoint", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateNetworkInterface", + "ec2:CreateNetworkInterfacePermission", + "ec2:CreateSecurityGroup", + "ec2:CreateTags", + "ec2:DescribeSecurityGroups" + ], + "resource_type": "route-server*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:AvailabilityZone" + ], + "dependent_actions": [], + "resource_type": "route-server-endpoint*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", + "ec2:ResourceTag/${TagKey}", + "ec2:SubnetID", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "subnet*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a route server peer", + "privilege": "CreateRouteServerPeer", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateTags" + ], + "resource_type": "route-server-endpoint*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:AvailabilityZone" + ], + "dependent_actions": [], + "resource_type": "route-server-peer*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a route table for a VPC", @@ -98713,9 +105283,13 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZoneId", "ec2:Encrypted", + "ec2:ManagedResourceOperator", + "ec2:ParentVolume", "ec2:ResourceTag/${TagKey}", "ec2:VolumeID", + "ec2:VolumeInitializationRate", "ec2:VolumeIops", "ec2:VolumeSize", "ec2:VolumeThroughput", @@ -98779,6 +105353,7 @@ "ec2:Encrypted", "ec2:ResourceTag/${TagKey}", "ec2:VolumeID", + "ec2:VolumeInitializationRate", "ec2:VolumeIops", "ec2:VolumeSize", "ec2:VolumeThroughput", @@ -98846,6 +105421,8 @@ "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", + "ec2:Ipv4IpamPoolId", + "ec2:Ipv6IpamPoolId", "ec2:SubnetID" ], "dependent_actions": [ @@ -98885,6 +105462,20 @@ "description": "Grants permission to create a subnet CIDR reservation", "privilege": "CreateSubnetCidrReservation", "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", + "ec2:ResourceTag/${TagKey}", + "ec2:SubnetID", + "ec2:Vpc" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "subnet*" + }, { "condition_keys": [ "ec2:Region" @@ -98899,6 +105490,26 @@ "description": "Grants permission to add or overwrite one or more tags for Amazon EC2 resources", "privilege": "CreateTags", "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "capacity-block" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "capacity-manager-data-export" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -99103,6 +105714,16 @@ "dependent_actions": [], "resource_type": "image" }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "image-usage-report" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -99129,6 +105750,7 @@ "aws:ResourceTag/${TagKey}", "aws:TagKeys", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:CpuOptionsAmdSevSnp", "ec2:EbsOptimized", "ec2:InstanceAutoRecovery", @@ -99138,6 +105760,7 @@ "ec2:InstanceMetadataTags", "ec2:InstanceProfile", "ec2:InstanceType", + "ec2:ManagedResourceOperator", "ec2:MetadataHttpEndpoint", "ec2:MetadataHttpPutResponseHopLimit", "ec2:MetadataHttpTokens", @@ -99279,6 +105902,7 @@ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", + "ec2:ManagedResourceOperator", "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], @@ -99413,6 +106037,7 @@ "aws:TagKeys", "ec2:AuthorizedUser", "ec2:AvailabilityZone", + "ec2:ManagedResourceOperator", "ec2:NetworkInterfaceID", "ec2:Permission", "ec2:ResourceTag/${TagKey}", @@ -99468,6 +106093,36 @@ "dependent_actions": [], "resource_type": "reserved-instances" }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "route-server" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "route-server-endpoint" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "route-server-peer" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -99544,6 +106199,7 @@ "aws:ResourceTag/${TagKey}", "aws:TagKeys", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:ResourceTag/${TagKey}", "ec2:SubnetID", "ec2:Vpc" @@ -99744,10 +106400,14 @@ "aws:ResourceTag/${TagKey}", "aws:TagKeys", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:Encrypted", + "ec2:ManagedResourceOperator", "ec2:ParentSnapshot", + "ec2:ParentVolume", "ec2:ResourceTag/${TagKey}", "ec2:VolumeID", + "ec2:VolumeInitializationRate", "ec2:VolumeIops", "ec2:VolumeSize", "ec2:VolumeThroughput", @@ -99804,9 +106464,9 @@ "aws:ResourceTag/${TagKey}", "aws:TagKeys", "ec2:ResourceTag/${TagKey}", - "ec2:vpceMultiRegion", - "ec2:vpceServiceRegion", - "ec2:vpceSupportedRegion" + "ec2:VpceMultiRegion", + "ec2:VpceServiceRegion", + "ec2:VpceSupportedRegion" ], "dependent_actions": [], "resource_type": "vpc-endpoint-service" @@ -99957,6 +106617,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:ManagedResourceOperator", "ec2:NetworkInterfaceID", "ec2:ResourceTag/${TagKey}", "ec2:Subnet", @@ -100484,6 +107145,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:ResourceTag/${TagKey}", "ec2:SubnetID", "ec2:Vpc" @@ -100590,10 +107252,12 @@ "aws:RequestTag/${TagKey}", "aws:TagKeys", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:Encrypted", "ec2:KmsKeyId", "ec2:ParentSnapshot", "ec2:VolumeID", + "ec2:VolumeInitializationRate", "ec2:VolumeIops", "ec2:VolumeSize", "ec2:VolumeThroughput", @@ -100688,6 +107352,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:ResourceTag/${TagKey}", "ec2:SubnetID", "ec2:Vpc" @@ -100729,6 +107394,9 @@ ], "dependent_actions": [ "ec2:CreateTags", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", "route53:AssociateVPCWithHostedZone" ], "resource_type": "vpc*" @@ -100737,8 +107405,10 @@ "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", + "ec2:VpceMultiRegion", "ec2:VpceServiceName", - "ec2:VpceServiceOwner" + "ec2:VpceServiceOwner", + "ec2:VpceServiceRegion" ], "dependent_actions": [], "resource_type": "vpc-endpoint*" @@ -100796,8 +107466,8 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:ResourceTag/${TagKey}", - "ec2:vpceMultiRegion", - "ec2:vpceServiceRegion" + "ec2:VpceMultiRegion", + "ec2:VpceServiceRegion" ], "dependent_actions": [], "resource_type": "vpc-endpoint-service" @@ -100820,9 +107490,9 @@ "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", + "ec2:VpceMultiRegion", "ec2:VpceServicePrivateDnsName", - "ec2:vpceMultiRegion", - "ec2:vpceServiceRegion" + "ec2:VpceServiceRegion" ], "dependent_actions": [ "ec2:CreateTags" @@ -100997,6 +107667,28 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete an existing Capacity Manager data export configuration", + "privilege": "DeleteCapacityManagerDataExport", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "capacity-manager-data-export*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a carrier gateway", @@ -101070,6 +107762,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:ResourceTag/${TagKey}", "ec2:SubnetID", "ec2:Vpc" @@ -101131,7 +107824,7 @@ ] }, { - "access_level": "Write", + "access_level": "Permissions management", "description": "Grants permission to deny a service from accessing a customer-owned IP (CoIP) pool", "privilege": "DeleteCoipPoolPermission", "resource_types": [ @@ -101287,6 +107980,28 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete an AMI usage report", + "privilege": "DeleteImageUsageReport", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "image-usage-report*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete an EC2 Instance Connect Endpoint", @@ -101588,7 +108303,7 @@ ] }, { - "access_level": "Write", + "access_level": "Permissions management", "description": "Grants permission to deny a service from accessing a local gateway route table", "privilege": "DeleteLocalGatewayRouteTablePermission", "resource_types": [ @@ -101653,6 +108368,50 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a local gateway virtual interface", + "privilege": "DeleteLocalGatewayVirtualInterface", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "local-gateway-virtual-interface*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a local gateway virtual interface group", + "privilege": "DeleteLocalGatewayVirtualInterfaceGroup", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "local-gateway-virtual-interface-group*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a managed prefix list", @@ -101938,6 +108697,17 @@ "description": "Grants permission to delete the queued purchases for the specified Reserved Instances", "privilege": "DeleteQueuedReservedInstances", "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:InstanceType", + "ec2:ReservedInstancesOfferingType", + "ec2:ResourceTag/${TagKey}", + "ec2:Tenancy" + ], + "dependent_actions": [], + "resource_type": "reserved-instances*" + }, { "condition_keys": [ "ec2:Region" @@ -101948,7 +108718,7 @@ ] }, { - "access_level": "Write", + "access_level": "Permissions management", "description": "Grants permission to remove an IAM policy that enables cross-account sharing from a resource", "privilege": "DeleteResourcePolicy", "resource_types": [ @@ -102011,6 +108781,82 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a route server", + "privilege": "DeleteRouteServer", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [ + "sns:DeleteTopic" + ], + "resource_type": "route-server*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a route server endpoint", + "privilege": "DeleteRouteServerEndpoint", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [ + "ec2:DeleteNetworkInterface", + "ec2:DeleteSecurityGroup", + "ec2:RevokeSecurityGroupIngress" + ], + "resource_type": "route-server-endpoint*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a route server peer", + "privilege": "DeleteRouteServerPeer", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [ + "ec2:RevokeSecurityGroupIngress" + ], + "resource_type": "route-server-peer*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a route table", @@ -102111,6 +108957,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:ResourceTag/${TagKey}", "ec2:SubnetID", "ec2:Vpc" @@ -102146,6 +108993,26 @@ "description": "Grants permission to delete one or more tags from Amazon EC2 resources", "privilege": "DeleteTags", "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "capacity-block" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "capacity-manager-data-export" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -102326,6 +109193,16 @@ "dependent_actions": [], "resource_type": "image" }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "image-usage-report" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -102656,6 +109533,36 @@ "dependent_actions": [], "resource_type": "reserved-instances" }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "route-server" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "route-server-endpoint" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "route-server-peer" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -103480,11 +110387,14 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:Encrypted", "ec2:ManagedResourceOperator", "ec2:ParentSnapshot", + "ec2:ParentVolume", "ec2:ResourceTag/${TagKey}", "ec2:VolumeID", + "ec2:VolumeInitializationRate", "ec2:VolumeIops", "ec2:VolumeSize", "ec2:VolumeThroughput", @@ -103565,8 +110475,8 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:ResourceTag/${TagKey}", - "ec2:vpceMultiRegion", - "ec2:vpceSupportedRegion" + "ec2:VpceMultiRegion", + "ec2:VpceSupportedRegion" ], "dependent_actions": [], "resource_type": "vpc-endpoint-service" @@ -103589,8 +110499,8 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:ResourceTag/${TagKey}", - "ec2:vpceMultiRegion", - "ec2:vpceSupportedRegion" + "ec2:VpceMultiRegion", + "ec2:VpceSupportedRegion" ], "dependent_actions": [], "resource_type": "vpc-endpoint-service*" @@ -103613,7 +110523,9 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:ResourceTag/${TagKey}", - "ec2:VpceServiceName" + "ec2:VpceMultiRegion", + "ec2:VpceServiceName", + "ec2:VpceServiceRegion" ], "dependent_actions": [], "resource_type": "vpc-endpoint*" @@ -104042,29 +110954,6 @@ "description": "Grants permission to describe Capacity Block extensions history", "privilege": "DescribeCapacityBlockExtensionHistory", "resource_types": [ - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:CapacityReservationFleet", - "ec2:CreateDate", - "ec2:DestinationCapacityReservationId", - "ec2:EbsOptimized", - "ec2:EndDate", - "ec2:EndDateType", - "ec2:InstanceCount", - "ec2:InstanceMatchCriteria", - "ec2:InstancePlatform", - "ec2:InstanceType", - "ec2:OutpostArn", - "ec2:PlacementGroup", - "ec2:ResourceTag/${TagKey}", - "ec2:SourceCapacityReservationId", - "ec2:Tenancy" - ], - "dependent_actions": [], - "resource_type": "capacity-reservation" - }, { "condition_keys": [ "ec2:Region" @@ -104125,6 +111014,48 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to describe the availability of capacity for the specified Capacity blocks, or all of your Capacity Blocks", + "privilege": "DescribeCapacityBlockStatus", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe details about Capacity Blocks in the AWS Region that you're currently using", + "privilege": "DescribeCapacityBlocks", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more Capacity Manager data export configurations", + "privilege": "DescribeCapacityManagerDataExports", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to describe one or more requests to assign the billing of the unused capacity of a Capacity Reservation", @@ -104250,20 +111181,6 @@ "description": "Grants permission to describe one or more Client VPN endpoints", "privilege": "DescribeClientVpnEndpoints", "resource_types": [ - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ClientRootCertificateChainArn", - "ec2:CloudwatchLogGroupArn", - "ec2:CloudwatchLogStreamArn", - "ec2:DirectoryArn", - "ec2:ResourceTag/${TagKey}", - "ec2:SamlProviderArn", - "ec2:ServerCertificateArn" - ], - "dependent_actions": [], - "resource_type": "client-vpn-endpoint" - }, { "condition_keys": [ "ec2:Region" @@ -104703,6 +111620,48 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to describe your AWS resources that are referencing specified images", + "privilege": "DescribeImageReferences", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the entries of an AMI usage report", + "privilege": "DescribeImageUsageReportEntries", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the configuration and status of an AMI usage report", + "privilege": "DescribeImageUsageReports", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to describe one or more images (AMIs, AKIs, and ARIs)", @@ -104754,6 +111713,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:CpuOptionsAmdSevSnp", "ec2:EbsOptimized", "ec2:InstanceAutoRecovery", @@ -105221,6 +112181,20 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to describe a System Integrity Protection (SIP) modification task or volume ownership delegation task for an Amazon EC2 Mac instance", + "privilege": "DescribeMacModificationTasks", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to describe your managed prefix lists and any AWS-managed prefix lists", @@ -105375,6 +112349,20 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to describe Outpost LAGs", + "privilege": "DescribeOutpostLags", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to describe one or more placement groups", @@ -105515,6 +112503,48 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to describe one or more route server endpoints", + "privilege": "DescribeRouteServerEndpoints", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more route server peers", + "privilege": "DescribeRouteServerPeers", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more route servers", + "privilege": "DescribeRouteServers", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to describe one or more route tables", @@ -105623,6 +112653,20 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to describe service link virtual interfaces", + "privilege": "DescribeServiceLinkVirtualInterfaces", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to describe an attribute of a snapshot", @@ -106140,11 +113184,14 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:Encrypted", "ec2:ManagedResourceOperator", "ec2:ParentSnapshot", + "ec2:ParentVolume", "ec2:ResourceTag/${TagKey}", "ec2:VolumeID", + "ec2:VolumeInitializationRate", "ec2:VolumeIops", "ec2:VolumeSize", "ec2:VolumeThroughput", @@ -106289,16 +113336,6 @@ "description": "Grants permission to describe the VPC endpoint associations", "privilege": "DescribeVpcEndpointAssociations", "resource_types": [ - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:VpceServiceName", - "ec2:VpceServiceOwner" - ], - "dependent_actions": [], - "resource_type": "vpc-endpoint" - }, { "condition_keys": [ "ec2:Region" @@ -106359,8 +113396,8 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:ResourceTag/${TagKey}", - "ec2:vpceMultiRegion", - "ec2:vpceSupportedRegion" + "ec2:VpceMultiRegion", + "ec2:VpceSupportedRegion" ], "dependent_actions": [], "resource_type": "vpc-endpoint-service*" @@ -106547,6 +113584,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:CpuOptionsAmdSevSnp", "ec2:EbsOptimized", "ec2:InstanceAutoRecovery", @@ -106630,11 +113668,14 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:Encrypted", "ec2:ManagedResourceOperator", "ec2:ParentSnapshot", + "ec2:ParentVolume", "ec2:ResourceTag/${TagKey}", "ec2:VolumeID", + "ec2:VolumeInitializationRate", "ec2:VolumeIops", "ec2:VolumeSize", "ec2:VolumeThroughput", @@ -106647,6 +113688,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:CpuOptionsAmdSevSnp", "ec2:EbsOptimized", "ec2:InstanceAutoRecovery", @@ -106763,6 +113805,20 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to disable EC2 Capacity Manager for your account", + "privilege": "DisableCapacityManager", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to disable EBS encryption by default for your account", @@ -106861,7 +113917,7 @@ ] }, { - "access_level": "Write", + "access_level": "Permissions management", "description": "Grants permission to disable block public access for AMIs at the account level in the specified AWS Region", "privilege": "DisableImageBlockPublicAccess", "resource_types": [ @@ -106944,6 +114000,38 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to disable route server propagation", + "privilege": "DisableRouteServerPropagation", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "route-server*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:RouteTableID", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "route-table*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to disable access to the EC2 serial console of all instances for your account", @@ -106959,7 +114047,7 @@ ] }, { - "access_level": "Write", + "access_level": "Permissions management", "description": "Grants permission to disable the block public access for snapshots setting for a Region", "privilege": "DisableSnapshotBlockPublicAccess", "resource_types": [ @@ -107229,6 +114317,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:CpuOptionsAmdSevSnp", "ec2:EbsOptimized", "ec2:InstanceAutoRecovery", @@ -107355,7 +114444,41 @@ "ec2:Vpc" ], "dependent_actions": [], - "resource_type": "network-interface*" + "resource_type": "network-interface" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disassociate a route server from a VPC", + "privilege": "DisassociateRouteServer", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "route-server*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Ipv4IpamPoolId", + "ec2:Ipv6IpamPoolId", + "ec2:ResourceTag/${TagKey}", + "ec2:Tenancy", + "ec2:VpcID" + ], + "dependent_actions": [], + "resource_type": "vpc*" }, { "condition_keys": [ @@ -107410,6 +114533,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:ResourceTag/${TagKey}", "ec2:SubnetID", "ec2:Vpc" @@ -107479,6 +114603,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:ResourceTag/${TagKey}", "ec2:SubnetID", "ec2:Vpc" @@ -107504,6 +114629,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:ResourceTag/${TagKey}", "ec2:SubnetID", "ec2:Vpc" @@ -107715,6 +114841,20 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to enable EC2 Capacity Manager for your account", + "privilege": "EnableCapacityManager", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to enable EBS encryption by default for your account", @@ -107840,7 +114980,7 @@ ] }, { - "access_level": "Write", + "access_level": "Permissions management", "description": "Grants permission to enable block public access for AMIs at the account level in the specified AWS Region", "privilege": "EnableImageBlockPublicAccess", "resource_types": [ @@ -107942,6 +115082,38 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to enable route server propagation", + "privilege": "EnableRouteServerPropagation", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "route-server*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:RouteTableID", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "route-table*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to enable access to the EC2 serial console of all instances for your account", @@ -107957,7 +115129,7 @@ ] }, { - "access_level": "Write", + "access_level": "Permissions management", "description": "Grants permission to enable or modify the block public access for snapshots setting for a Region", "privilege": "EnableSnapshotBlockPublicAccess", "resource_types": [ @@ -108052,6 +115224,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:Encrypted", "ec2:ManagedResourceOperator", "ec2:ParentSnapshot", @@ -108251,6 +115424,27 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the current security parameters for an active VPN tunnel", + "privilege": "GetActiveVpnTunnelStatus", + "resource_types": [ + { + "condition_keys": [ + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "vpn-connection*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get the allowed settings for images", @@ -108289,6 +115483,14 @@ "description": "Grants permission to get information about the IPv6 CIDR block associations for a specified IPv6 address pool", "privilege": "GetAssociatedIpv6PoolCidrs", "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipv6pool-ec2*" + }, { "condition_keys": [ "ec2:Region" @@ -108312,6 +115514,48 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the current configuration and status of EC2 Capacity Manager", + "privilege": "GetCapacityManagerAttributes", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve capacity usage metrics for your EC2 resources", + "privilege": "GetCapacityManagerMetricData", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the available dimension values for capacity metrics within a specified time range", + "privilege": "GetCapacityManagerMetricDimensions", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get usage information about a Capacity Reservation", @@ -108365,6 +115609,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:CpuOptionsAmdSevSnp", "ec2:EbsOptimized", "ec2:InstanceAutoRecovery", @@ -108405,6 +115650,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:CpuOptionsAmdSevSnp", "ec2:EbsOptimized", "ec2:InstanceAutoRecovery", @@ -108596,6 +115842,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:CpuOptionsAmdSevSnp", "ec2:EbsOptimized", "ec2:InstanceAutoRecovery", @@ -108648,6 +115895,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:CpuOptionsAmdSevSnp", "ec2:EbsOptimized", "ec2:InstanceAutoRecovery", @@ -108851,6 +116099,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:CpuOptionsAmdSevSnp", "ec2:EbsOptimized", "ec2:InstanceAutoRecovery", @@ -108979,6 +116228,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:CpuOptionsAmdSevSnp", "ec2:EbsOptimized", "ec2:InstanceAutoRecovery", @@ -109015,6 +116265,18 @@ "description": "Grants permission to return a quote and exchange information for exchanging one or more Convertible Reserved Instances for a new Convertible Reserved Instance", "privilege": "GetReservedInstancesExchangeQuote", "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:InstanceType", + "ec2:ReservedInstancesOfferingType", + "ec2:ResourceTag/${TagKey}", + "ec2:Tenancy" + ], + "dependent_actions": [], + "resource_type": "reserved-instances*" + }, { "condition_keys": [ "ec2:Region" @@ -109064,6 +116326,82 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get associations for a route server", + "privilege": "GetRouteServerAssociations", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "route-server*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get propagations for a route server", + "privilege": "GetRouteServerPropagations", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "route-server*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:RouteTableID", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "route-table" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the routing database for a route server", + "privilege": "GetRouteServerRoutingDatabase", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "route-server*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve a list of security groups for a specified VPC", @@ -109655,6 +116993,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:Encrypted", "ec2:ManagedResourceOperator", "ec2:ParentSnapshot", @@ -109961,6 +117300,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:ResourceTag/${TagKey}", "ec2:SubnetID", "ec2:Vpc" @@ -110095,6 +117435,7 @@ "ec2:Attribute", "ec2:Attribute/${AttributeName}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:CpuOptionsAmdSevSnp", "ec2:EbsOptimized", "ec2:InstanceAutoRecovery", @@ -110131,11 +117472,13 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:Encrypted", "ec2:ManagedResourceOperator", "ec2:ParentSnapshot", "ec2:ResourceTag/${TagKey}", "ec2:VolumeID", + "ec2:VolumeInitializationRate", "ec2:VolumeIops", "ec2:VolumeSize", "ec2:VolumeThroughput", @@ -110164,6 +117507,7 @@ "ec2:Attribute", "ec2:Attribute/${AttributeName}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:CpuOptionsAmdSevSnp", "ec2:EbsOptimized", "ec2:InstanceAutoRecovery", @@ -110204,36 +117548,28 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the CPU options on an instance", - "privilege": "ModifyInstanceCpuOptions", + "description": "Grants permission to modify an existing EC2 Instance Connect Endpoint", + "privilege": "ModifyInstanceConnectEndpoint", "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:Attribute", "ec2:Attribute/${AttributeName}", - "ec2:AvailabilityZone", - "ec2:CpuOptionsAmdSevSnp", - "ec2:EbsOptimized", - "ec2:InstanceAutoRecovery", - "ec2:InstanceBandwidthWeighting", - "ec2:InstanceID", - "ec2:InstanceMarketType", - "ec2:InstanceMetadataTags", - "ec2:InstanceProfile", - "ec2:InstanceType", - "ec2:ManagedResourceOperator", - "ec2:MetadataHttpEndpoint", - "ec2:MetadataHttpPutResponseHopLimit", - "ec2:MetadataHttpTokens", - "ec2:PlacementGroup", - "ec2:ProductCode", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "instance-connect-endpoint*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType", - "ec2:Tenancy" + "ec2:SecurityGroupID", + "ec2:Vpc" ], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "security-group" }, { "condition_keys": [ @@ -110246,8 +117582,8 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the credit option for CPU usage on an instance", - "privilege": "ModifyInstanceCreditSpecification", + "description": "Grants permission to modify the CPU options on an instance", + "privilege": "ModifyInstanceCpuOptions", "resource_types": [ { "condition_keys": [ @@ -110255,6 +117591,7 @@ "ec2:Attribute", "ec2:Attribute/${AttributeName}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:CpuOptionsAmdSevSnp", "ec2:EbsOptimized", "ec2:InstanceAutoRecovery", @@ -110288,14 +117625,16 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the start time for a scheduled EC2 instance event", - "privilege": "ModifyInstanceEventStartTime", + "description": "Grants permission to modify the credit option for CPU usage on an instance", + "privilege": "ModifyInstanceCreditSpecification", "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", + "ec2:Attribute", "ec2:Attribute/${AttributeName}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:CpuOptionsAmdSevSnp", "ec2:EbsOptimized", "ec2:InstanceAutoRecovery", @@ -110329,37 +117668,15 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the specified event window", - "privilege": "ModifyInstanceEventWindow", - "resource_types": [ - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "instance-event-window*" - }, - { - "condition_keys": [ - "ec2:Region" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to modify the recovery behaviour for an instance", - "privilege": "ModifyInstanceMaintenanceOptions", + "description": "Grants permission to modify the start time for a scheduled EC2 instance event", + "privilege": "ModifyInstanceEventStartTime", "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:Attribute", "ec2:Attribute/${AttributeName}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:CpuOptionsAmdSevSnp", "ec2:EbsOptimized", "ec2:InstanceAutoRecovery", @@ -110393,12 +117710,21 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the default instance metadata service (IMDS) settings for your account in the specified Region", - "privilege": "ModifyInstanceMetadataDefaults", + "description": "Grants permission to modify the specified event window", + "privilege": "ModifyInstanceEventWindow", "resource_types": [ { "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", "ec2:Attribute/${AttributeName}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "instance-event-window*" + }, + { + "condition_keys": [ "ec2:Region" ], "dependent_actions": [], @@ -110408,8 +117734,8 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the metadata options for an instance", - "privilege": "ModifyInstanceMetadataOptions", + "description": "Grants permission to modify the recovery behaviour for an instance", + "privilege": "ModifyInstanceMaintenanceOptions", "resource_types": [ { "condition_keys": [ @@ -110417,6 +117743,65 @@ "ec2:Attribute", "ec2:Attribute/${AttributeName}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", + "ec2:CpuOptionsAmdSevSnp", + "ec2:EbsOptimized", + "ec2:InstanceAutoRecovery", + "ec2:InstanceBandwidthWeighting", + "ec2:InstanceID", + "ec2:InstanceMarketType", + "ec2:InstanceMetadataTags", + "ec2:InstanceProfile", + "ec2:InstanceType", + "ec2:ManagedResourceOperator", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", + "ec2:PlacementGroup", + "ec2:ProductCode", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType", + "ec2:Tenancy" + ], + "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the default instance metadata service (IMDS) settings for your account in the specified Region", + "privilege": "ModifyInstanceMetadataDefaults", + "resource_types": [ + { + "condition_keys": [ + "ec2:Attribute/${AttributeName}", + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the metadata options for an instance", + "privilege": "ModifyInstanceMetadataOptions", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:CpuOptionsAmdSevSnp", "ec2:EbsOptimized", "ec2:InstanceAutoRecovery", @@ -110459,6 +117844,7 @@ "ec2:Attribute", "ec2:Attribute/${AttributeName}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:CpuOptionsAmdSevSnp", "ec2:EbsOptimized", "ec2:InstanceAutoRecovery", @@ -110501,6 +117887,7 @@ "ec2:Attribute", "ec2:Attribute/${AttributeName}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:CpuOptionsAmdSevSnp", "ec2:EbsOptimized", "ec2:InstanceAutoRecovery", @@ -110630,6 +118017,8 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], @@ -110701,6 +118090,7 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", + "ec2:Attribute/${AttributeName}", "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], @@ -110794,6 +118184,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:CpuOptionsAmdSevSnp", "ec2:EbsOptimized", "ec2:InstanceAutoRecovery", @@ -110826,6 +118217,17 @@ "dependent_actions": [], "resource_type": "security-group" }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", + "ec2:ResourceTag/${TagKey}", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "subnet" + }, { "condition_keys": [ "ec2:Region" @@ -110846,6 +118248,7 @@ "ec2:Attribute", "ec2:Attribute/${AttributeName}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:CpuOptionsAmdSevSnp", "ec2:EbsOptimized", "ec2:InstanceAutoRecovery", @@ -110878,6 +118281,33 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to modify public hostname options for a network interface", + "privilege": "ModifyPublicIpDnsNameOptions", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:AvailabilityZone", + "ec2:ResourceTag/${TagKey}", + "ec2:Subnet", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "network-interface*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to modify attributes of one or more Reserved Instances", @@ -110906,6 +118336,28 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to modify a route server", + "privilege": "ModifyRouteServer", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "route-server*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to modify the rules of a security group", @@ -111038,6 +118490,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:ResourceTag/${TagKey}", "ec2:SubnetID", "ec2:Vpc" @@ -111065,6 +118518,7 @@ "ec2:Attribute", "ec2:Attribute/${AttributeName}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:ResourceTag/${TagKey}", "ec2:SubnetID", "ec2:Vpc" @@ -111277,6 +118731,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:ResourceTag/${TagKey}", "ec2:SubnetID", "ec2:Vpc" @@ -111301,6 +118756,7 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", + "ec2:Attribute/${AttributeName}", "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], @@ -111310,6 +118766,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:ResourceTag/${TagKey}", "ec2:SubnetID", "ec2:Vpc" @@ -111342,6 +118799,7 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", + "ec2:Attribute/${AttributeName}", "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], @@ -111364,6 +118822,8 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], @@ -111394,6 +118854,7 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", + "ec2:Attribute/${AttributeName}", "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], @@ -111416,6 +118877,8 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], @@ -111438,6 +118901,7 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", + "ec2:Attribute/${AttributeName}", "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], @@ -111460,6 +118924,8 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], @@ -111485,11 +118951,14 @@ "ec2:Attribute", "ec2:Attribute/${AttributeName}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:Encrypted", "ec2:ManagedResourceOperator", "ec2:ParentSnapshot", + "ec2:ParentVolume", "ec2:ResourceTag/${TagKey}", "ec2:VolumeID", + "ec2:VolumeInitializationRate", "ec2:VolumeIops", "ec2:VolumeSize", "ec2:VolumeThroughput", @@ -111518,11 +118987,14 @@ "ec2:Attribute", "ec2:Attribute/${AttributeName}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:Encrypted", "ec2:ManagedResourceOperator", "ec2:ParentSnapshot", + "ec2:ParentVolume", "ec2:ResourceTag/${TagKey}", "ec2:VolumeID", + "ec2:VolumeInitializationRate", "ec2:VolumeIops", "ec2:VolumeSize", "ec2:VolumeThroughput", @@ -111574,6 +119046,8 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], @@ -111612,7 +119086,9 @@ "aws:ResourceTag/${TagKey}", "ec2:Attribute", "ec2:Attribute/${AttributeName}", - "ec2:ResourceTag/${TagKey}" + "ec2:ResourceTag/${TagKey}", + "ec2:VpceMultiRegion", + "ec2:VpceServiceRegion" ], "dependent_actions": [], "resource_type": "vpc-endpoint*" @@ -111640,6 +119116,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:ResourceTag/${TagKey}", "ec2:SubnetID", "ec2:Vpc" @@ -111673,8 +119150,8 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:ResourceTag/${TagKey}", - "ec2:vpceMultiRegion", - "ec2:vpceSupportedRegion" + "ec2:VpceMultiRegion", + "ec2:VpceSupportedRegion" ], "dependent_actions": [], "resource_type": "vpc-endpoint-service" @@ -111699,9 +119176,9 @@ "ec2:Attribute", "ec2:Attribute/${AttributeName}", "ec2:ResourceTag/${TagKey}", + "ec2:VpceMultiRegion", "ec2:VpceServicePrivateDnsName", - "ec2:vpceMultiRegion", - "ec2:vpceSupportedRegion" + "ec2:VpceSupportedRegion" ], "dependent_actions": [], "resource_type": "vpc-endpoint-service*" @@ -111726,8 +119203,8 @@ "ec2:Attribute", "ec2:Attribute/${AttributeName}", "ec2:ResourceTag/${TagKey}", - "ec2:vpceMultiRegion", - "ec2:vpceSupportedRegion" + "ec2:VpceMultiRegion", + "ec2:VpceSupportedRegion" ], "dependent_actions": [], "resource_type": "vpc-endpoint-service*" @@ -111752,8 +119229,8 @@ "ec2:Attribute", "ec2:Attribute/${AttributeName}", "ec2:ResourceTag/${TagKey}", - "ec2:vpceMultiRegion", - "ec2:vpceSupportedRegion" + "ec2:VpceMultiRegion", + "ec2:VpceSupportedRegion" ], "dependent_actions": [], "resource_type": "vpc-endpoint-service*" @@ -111961,6 +119438,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:CpuOptionsAmdSevSnp", "ec2:EbsOptimized", "ec2:InstanceAutoRecovery", @@ -112074,6 +119552,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:Encrypted", "ec2:ManagedResourceOperator", "ec2:ParentSnapshot", @@ -112316,7 +119795,7 @@ ] }, { - "access_level": "Write", + "access_level": "Permissions management", "description": "Grants permission to attach an IAM policy that enables cross-account sharing to a resource", "privilege": "PutResourcePolicy", "resource_types": [ @@ -112364,6 +119843,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:CpuOptionsAmdSevSnp", "ec2:EbsOptimized", "ec2:InstanceAutoRecovery", @@ -112646,8 +120126,8 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:ResourceTag/${TagKey}", - "ec2:vpceMultiRegion", - "ec2:vpceSupportedRegion" + "ec2:VpceMultiRegion", + "ec2:VpceSupportedRegion" ], "dependent_actions": [], "resource_type": "vpc-endpoint-service*" @@ -112764,6 +120244,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:CpuOptionsAmdSevSnp", "ec2:EbsOptimized", "ec2:InstanceAutoRecovery", @@ -112831,6 +120312,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:ResourceTag/${TagKey}", "ec2:SubnetID", "ec2:Vpc" @@ -112939,6 +120421,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:ResourceTag/${TagKey}", "ec2:SubnetID", "ec2:Vpc" @@ -113024,6 +120507,7 @@ "resource_types": [ { "condition_keys": [ + "ec2:AvailabilityZoneId", "ec2:InstanceBandwidthWeighting", "ec2:InstanceID" ], @@ -113125,6 +120609,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:ResourceTag/${TagKey}", "ec2:SubnetID", "ec2:Vpc" @@ -113234,6 +120719,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:ResourceTag/${TagKey}", "ec2:SubnetID", "ec2:Vpc" @@ -113355,6 +120841,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:CpuOptionsAmdSevSnp", "ec2:EbsOptimized", "ec2:InstanceAutoRecovery", @@ -113665,6 +121152,7 @@ "aws:RequestTag/${TagKey}", "aws:TagKeys", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:CpuOptionsAmdSevSnp", "ec2:EbsOptimized", "ec2:InstanceAutoRecovery", @@ -113721,6 +121209,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:IsLaunchTemplateResource", "ec2:LaunchTemplate", "ec2:ResourceTag/${TagKey}", @@ -113820,12 +121309,14 @@ "aws:RequestTag/${TagKey}", "aws:TagKeys", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:Encrypted", "ec2:IsLaunchTemplateResource", "ec2:LaunchTemplate", "ec2:ManagedResourceOperator", "ec2:ParentSnapshot", "ec2:VolumeID", + "ec2:VolumeInitializationRate", "ec2:VolumeIops", "ec2:VolumeSize", "ec2:VolumeThroughput", @@ -113934,6 +121425,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:CpuOptionsAmdSevSnp", "ec2:EbsOptimized", "ec2:InstanceAutoRecovery", @@ -113972,6 +121464,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:CpuOptionsAmdSevSnp", "ec2:EbsOptimized", "ec2:InstanceAutoRecovery", @@ -114024,6 +121517,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:CpuOptionsAmdSevSnp", "ec2:EbsOptimized", "ec2:InstanceBandwidthWeighting", @@ -114130,8 +121624,8 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:ResourceTag/${TagKey}", - "ec2:vpceMultiRegion", - "ec2:vpceSupportedRegion" + "ec2:VpceMultiRegion", + "ec2:VpceSupportedRegion" ], "dependent_actions": [], "resource_type": "vpc-endpoint-service*" @@ -114154,6 +121648,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:CpuOptionsAmdSevSnp", "ec2:EbsOptimized", "ec2:InstanceAutoRecovery", @@ -114221,6 +121716,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:CpuOptionsAmdSevSnp", "ec2:EbsOptimized", "ec2:InstanceAutoRecovery", @@ -114367,6 +121863,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:CpuOptionsAmdSevSnp", "ec2:EbsOptimized", "ec2:InstanceAutoRecovery", @@ -114398,6 +121895,20 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update the Organizations access setting for EC2 Capacity Manager", + "privilege": "UpdateCapacityManagerOrganizationsAccess", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update descriptions for one or more outbound rules in a VPC security group", @@ -114478,6 +121989,32 @@ ], "resource": "elastic-ip" }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:capacity-block/${CapacityBlockId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "capacity-block" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:capacity-manager-data-export/${CapacityManagerDataExportId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "capacity-manager-data-export" + }, { "arn": "arn:${Partition}:ec2:${Region}:${Account}:capacity-reservation-fleet/${CapacityReservationFleetId}", "condition_keys": [ @@ -114500,12 +122037,14 @@ "ec2:Attribute", "ec2:Attribute/${AttributeName}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:CapacityReservationFleet", "ec2:CreateDate", "ec2:DestinationCapacityReservationId", "ec2:EbsOptimized", "ec2:EndDate", "ec2:EndDateType", + "ec2:EphemeralStorage", "ec2:InstanceCount", "ec2:InstanceMatchCriteria", "ec2:InstancePlatform", @@ -114723,6 +122262,17 @@ ], "resource": "image" }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:image-usage-report/${ImageUsageReportId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "image-usage-report" + }, { "arn": "arn:${Partition}:ec2:${Region}:${Account}:import-image-task/${ImportImageTaskId}", "condition_keys": [ @@ -114765,6 +122315,8 @@ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", "ec2:Region", "ec2:ResourceTag/${TagKey}" ], @@ -114779,6 +122331,7 @@ "ec2:Attribute", "ec2:Attribute/${AttributeName}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:CpuOptionsAmdSevSnp", "ec2:EbsOptimized", "ec2:InstanceAutoRecovery", @@ -114872,6 +122425,8 @@ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", "ec2:Region", "ec2:ResourceTag/${TagKey}" ], @@ -114998,6 +122553,7 @@ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", + "ec2:Attribute/${AttributeName}", "ec2:Region", "ec2:ResourceTag/${TagKey}" ], @@ -115025,6 +122581,17 @@ ], "resource": "local-gateway-virtual-interface" }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:mac-modification-task/${MacModificationTaskId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "mac-modification-task" + }, { "arn": "arn:${Partition}:ec2:${Region}:${Account}:natgateway/${NatGatewayId}", "condition_keys": [ @@ -115117,6 +122684,17 @@ ], "resource": "network-interface" }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:outpost-lag/${OutpostLagId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "outpost-lag" + }, { "arn": "arn:${Partition}:ec2:${Region}:${Account}:placement-group/${PlacementGroupName}", "condition_keys": [ @@ -115183,6 +122761,41 @@ "condition_keys": [], "resource": "role" }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:route-server-endpoint/${RouteServerEndpointId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:AvailabilityZone", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "route-server-endpoint" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:route-server/${RouteServerId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "route-server" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:route-server-peer/${RouteServerPeerId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:AvailabilityZone", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "route-server-peer" + }, { "arn": "arn:${Partition}:ec2:${Region}:${Account}:route-table/${RouteTableId}", "condition_keys": [ @@ -115202,8 +122815,6 @@ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", "ec2:IsLaunchTemplateResource", "ec2:LaunchTemplate", "ec2:Region", @@ -115241,7 +122852,9 @@ "ec2:Location", "ec2:OutpostArn", "ec2:Owner", + "ec2:ParentSnapshot", "ec2:ParentVolume", + "ec2:ProductCode", "ec2:Region", "ec2:Remove/group", "ec2:Remove/userId", @@ -115300,6 +122913,9 @@ "ec2:Attribute", "ec2:Attribute/${AttributeName}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", + "ec2:Ipv4IpamPoolId", + "ec2:Ipv6IpamPoolId", "ec2:IsLaunchTemplateResource", "ec2:LaunchTemplate", "ec2:Region", @@ -115455,6 +123071,7 @@ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", + "ec2:Attribute/${AttributeName}", "ec2:Region", "ec2:ResourceTag/${TagKey}" ], @@ -115477,6 +123094,8 @@ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", "ec2:Region", "ec2:ResourceTag/${TagKey}" ], @@ -115488,6 +123107,8 @@ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", "ec2:Region", "ec2:ResourceTag/${TagKey}" ], @@ -115510,6 +123131,8 @@ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", "ec2:Region", "ec2:ResourceTag/${TagKey}" ], @@ -115524,15 +123147,18 @@ "ec2:Attribute", "ec2:Attribute/${AttributeName}", "ec2:AvailabilityZone", + "ec2:AvailabilityZoneId", "ec2:Encrypted", "ec2:IsLaunchTemplateResource", "ec2:KmsKeyId", "ec2:LaunchTemplate", "ec2:ManagedResourceOperator", "ec2:ParentSnapshot", + "ec2:ParentVolume", "ec2:Region", "ec2:ResourceTag/${TagKey}", "ec2:VolumeID", + "ec2:VolumeInitializationRate", "ec2:VolumeIops", "ec2:VolumeSize", "ec2:VolumeThroughput", @@ -115546,6 +123172,8 @@ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", "ec2:Region", "ec2:ResourceTag/${TagKey}" ], @@ -115572,8 +123200,10 @@ "ec2:Attribute/${AttributeName}", "ec2:Region", "ec2:ResourceTag/${TagKey}", + "ec2:VpceMultiRegion", "ec2:VpceServiceName", - "ec2:VpceServiceOwner" + "ec2:VpceServiceOwner", + "ec2:VpceServiceRegion" ], "resource": "vpc-endpoint" }, @@ -115587,10 +123217,10 @@ "ec2:Attribute/${AttributeName}", "ec2:Region", "ec2:ResourceTag/${TagKey}", + "ec2:VpceMultiRegion", "ec2:VpceServicePrivateDnsName", - "ec2:vpceMultiRegion", - "ec2:vpceServiceRegion", - "ec2:vpceSupportedRegion" + "ec2:VpceServiceRegion", + "ec2:VpceSupportedRegion" ], "resource": "vpc-endpoint-service" }, @@ -115994,7 +123624,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, @@ -116258,6 +123888,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the status about an image copy", + "privilege": "GetImageCopyStatus", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve the specified lifecycle policy", @@ -117107,6 +124749,14 @@ "resource_types": [ { "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "capacity-provider*" + }, + { + "condition_keys": [ + "ecs:propagate-tags", "aws:RequestTag/${TagKey}", "aws:TagKeys" ], @@ -117121,7 +124771,9 @@ "privilege": "CreateCluster", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "cluster*" }, @@ -117178,6 +124830,11 @@ "description": "Grants permission to create a new Amazon ECS task set", "privilege": "CreateTaskSet", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "task-set*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -117250,17 +124907,12 @@ "description": "Grants permission to delete the specified cluster", "privilege": "DeleteCluster", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "cluster*" - }, { "condition_keys": [ "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "" + "resource_type": "cluster*" } ] }, @@ -117329,17 +124981,12 @@ "description": "Grants permission to deregister an Amazon ECS container instance from the specified cluster", "privilege": "DeregisterContainerInstance", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "cluster*" - }, { "condition_keys": [ "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "" + "resource_type": "cluster*" } ] }, @@ -117379,17 +125026,12 @@ "description": "Grants permission to describes one or more of your clusters", "privilege": "DescribeClusters", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "cluster*" - }, { "condition_keys": [ "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "" + "resource_type": "cluster*" } ] }, @@ -117610,17 +125252,12 @@ "description": "Grants permission to lists the attributes for Amazon ECS resources within a specified target type and cluster", "privilege": "ListAttributes", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "cluster*" - }, { "condition_keys": [ "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "" + "resource_type": "cluster*" } ] }, @@ -117641,17 +125278,12 @@ "description": "Grants permission to get a list of container instances in a specified cluster", "privilege": "ListContainerInstances", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "cluster*" - }, { "condition_keys": [ "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "" + "resource_type": "cluster*" } ] }, @@ -117864,13 +125496,14 @@ "privilege": "PutClusterCapacityProviders", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "cluster*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", "ecs:capacity-provider" ], "dependent_actions": [], @@ -117878,20 +125511,44 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to collect system logs from the container instances", + "privilege": "PutSystemLogEvents", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "cluster*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ecs:cluster", + "ecs:capacity-provider" + ], + "dependent_actions": [], + "resource_type": "container-instance*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to register an EC2 instance into the specified cluster", "privilege": "RegisterContainerInstance", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "cluster*" }, { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -117998,6 +125655,30 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to stop an ongoing service deployment", + "privilege": "StopServiceDeployment", + "resource_types": [ + { + "condition_keys": [ + "ecs:cluster", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "service*" + }, + { + "condition_keys": [ + "ecs:cluster", + "ecs:service", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "service-deployment*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to stop a running task", @@ -118023,17 +125704,12 @@ "description": "Grants permission to send an acknowledgement that attachments changed states", "privilege": "SubmitAttachmentStateChanges", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "cluster*" - }, { "condition_keys": [ "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "" + "resource_type": "cluster*" } ] }, @@ -118042,17 +125718,12 @@ "description": "Grants permission to send an acknowledgement that a container changed states", "privilege": "SubmitContainerStateChange", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "cluster*" - }, { "condition_keys": [ "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "" + "resource_type": "cluster*" } ] }, @@ -118061,17 +125732,12 @@ "description": "Grants permission to send an acknowledgement that a task changed states", "privilege": "SubmitTaskStateChange", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "cluster*" - }, { "condition_keys": [ "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "" + "resource_type": "cluster*" } ] }, @@ -118189,6 +125855,7 @@ }, { "condition_keys": [ + "ecs:propagate-tags", "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], @@ -118202,13 +125869,14 @@ "privilege": "UpdateCluster", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "cluster*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", "ecs:fargate-ephemeral-storage-kms-key" ], "dependent_actions": [], @@ -118221,17 +125889,12 @@ "description": "Grants permission to modify the settings to use for a cluster", "privilege": "UpdateClusterSettings", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "cluster*" - }, { "condition_keys": [ "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "" + "resource_type": "cluster*" } ] }, @@ -118988,6 +126651,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the status of the latest on-demand cluster insights refresh operation", + "privilege": "DescribeInsightsRefresh", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve descriptive information about an Amazon EKS nodegroup", @@ -119127,6 +126802,30 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to list dashboard data. The Amazon EKS Dashboard aggregates information about cluster resources across multiple accounts and regions. The dashboard includes information about EC2 Instances and EKS Cluster versions", + "privilege": "ListDashboardData", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dashboard*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list dashboard resources. The Amazon EKS Dashboard aggregates information about cluster resources across multiple accounts and regions. The dashboard includes information about EC2 Instances and EKS Cluster versions", + "privilege": "ListDashboardResources", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dashboard*" + } + ] + }, { "access_level": "List", "description": "Grants permission to list EKS Anywhere subscriptions", @@ -119214,6 +126913,11 @@ "dependent_actions": [], "resource_type": "cluster" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dashboard" + }, { "condition_keys": [], "dependent_actions": [], @@ -119258,6 +126962,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to modify Kubernetes objects via AWS console", + "privilege": "MutateViaKubernetesApi", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to register an External cluster", @@ -119273,6 +126989,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to initiate an on-demand refresh operation for cluster insights, getting the latest analysis outside of the standard refresh schedule", + "privilege": "StartInsightsRefresh", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, { "access_level": "Tagging", "description": "Grants permission to tag the specified resource", @@ -119293,6 +127021,11 @@ "dependent_actions": [], "resource_type": "cluster" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dashboard" + }, { "condition_keys": [], "dependent_actions": [], @@ -119348,6 +127081,11 @@ "dependent_actions": [], "resource_type": "cluster" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dashboard" + }, { "condition_keys": [], "dependent_actions": [], @@ -119561,6 +127299,13 @@ "arn": "arn:${Partition}:eks::aws:cluster-access-policy/${AccessPolicyName}", "condition_keys": [], "resource": "access-policy" + }, + { + "arn": "arn:${Partition}:eks:${Region}:${Account}:dashboard/${DashboardName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "dashboard" } ], "service_name": "Amazon Elastic Kubernetes Service" @@ -119599,104 +127344,6 @@ ], "service_name": "Amazon EKS Auth" }, - { - "conditions": [], - "prefix": "elastic-inference", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to customer for connecting to Elastic Inference accelerator", - "privilege": "Connect", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "accelerator*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to describe the locations in which a given accelerator type or set of types is present in a given region", - "privilege": "DescribeAcceleratorOfferings", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to describe the accelerator types available in a given region, as well as their characteristics, such as memory and throughput", - "privilege": "DescribeAcceleratorTypes", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to describe information over a provided set of accelerators belonging to an account", - "privilege": "DescribeAccelerators", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list all tags on an Amazon RDS resource", - "privilege": "ListTagsForResource", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to assign one or more tags (key-value pairs) to the specified QuickSight resource", - "privilege": "TagResource", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to remove a tag or tags from a resource", - "privilege": "UntagResource", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:elastic-inference:${Region}:${Account}:elastic-inference-accelerator/${AcceleratorId}", - "condition_keys": [], - "resource": "accelerator" - } - ], - "service_name": "Amazon Elastic Inference" - }, { "conditions": [ { @@ -121984,4729 +129631,88 @@ "privileges": [ { "access_level": "Write", - "description": "Grants permission to cancel in-progress environment configuration update or application version deployment", - "privilege": "AbortEnvironmentUpdate", - "resource_types": [ - { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], - "dependent_actions": [], - "resource_type": "environment*" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to add tags to an Elastic Beanstalk resource and to update tag values", - "privilege": "AddTags", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "applicationversion" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "configurationtemplate" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "environment" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "platform" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to apply a scheduled managed action immediately", - "privilege": "ApplyEnvironmentManagedAction", - "resource_types": [ - { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], - "dependent_actions": [], - "resource_type": "environment*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to associate an operations role with an environment", - "privilege": "AssociateEnvironmentOperationsRole", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "environment*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to check CNAME availability", - "privilege": "CheckDNSAvailability", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create or update a group of environments, each running a separate component of a single application", - "privilege": "ComposeEnvironments", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - }, - { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], - "dependent_actions": [], - "resource_type": "applicationversion*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a new application", - "privilege": "CreateApplication", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create an application version for an application", - "privilege": "CreateApplicationVersion", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - }, - { - "condition_keys": [ - "elasticbeanstalk:InApplication", - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "applicationversion*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a configuration template", - "privilege": "CreateConfigurationTemplate", - "resource_types": [ - { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], - "dependent_actions": [], - "resource_type": "configurationtemplate*" - }, - { - "condition_keys": [ - "elasticbeanstalk:FromApplication", - "elasticbeanstalk:FromApplicationVersion", - "elasticbeanstalk:FromConfigurationTemplate", - "elasticbeanstalk:FromEnvironment", - "elasticbeanstalk:FromSolutionStack", - "elasticbeanstalk:FromPlatform", - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to launch an environment for an application", - "privilege": "CreateEnvironment", - "resource_types": [ - { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], - "dependent_actions": [], - "resource_type": "environment*" - }, - { - "condition_keys": [ - "elasticbeanstalk:FromApplicationVersion", - "elasticbeanstalk:FromConfigurationTemplate", - "elasticbeanstalk:FromSolutionStack", - "elasticbeanstalk:FromPlatform", - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a new version of a custom platform", - "privilege": "CreatePlatformVersion", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "platform*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create the Amazon S3 storage location for the account", - "privilege": "CreateStorageLocation", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete an application along with all associated versions and configurations", - "privilege": "DeleteApplication", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete an application version from an application", - "privilege": "DeleteApplicationVersion", - "resource_types": [ - { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], - "dependent_actions": [], - "resource_type": "applicationversion*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a configuration template", - "privilege": "DeleteConfigurationTemplate", - "resource_types": [ - { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], - "dependent_actions": [], - "resource_type": "configurationtemplate*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete the draft configuration associated with the running environment", - "privilege": "DeleteEnvironmentConfiguration", - "resource_types": [ - { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], - "dependent_actions": [], - "resource_type": "environment*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a version of a custom platform", - "privilege": "DeletePlatformVersion", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "platform*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve a list of account attributes, including resource quotas", - "privilege": "DescribeAccountAttributes", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to retrieve a list of application versions stored in an AWS Elastic Beanstalk storage bucket", - "privilege": "DescribeApplicationVersions", - "resource_types": [ - { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], - "dependent_actions": [], - "resource_type": "applicationversion" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to retrieve the descriptions of existing applications", - "privilege": "DescribeApplications", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve descriptions of environment configuration options", - "privilege": "DescribeConfigurationOptions", - "resource_types": [ - { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], - "dependent_actions": [], - "resource_type": "configurationtemplate" - }, - { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], - "dependent_actions": [], - "resource_type": "environment" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "solutionstack" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve a description of the settings for a configuration set", - "privilege": "DescribeConfigurationSettings", - "resource_types": [ - { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], - "dependent_actions": [], - "resource_type": "configurationtemplate" - }, - { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], - "dependent_actions": [], - "resource_type": "environment" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve information about the overall health of an environment", - "privilege": "DescribeEnvironmentHealth", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "environment" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve a list of an environment's completed and failed managed actions", - "privilege": "DescribeEnvironmentManagedActionHistory", - "resource_types": [ - { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], - "dependent_actions": [], - "resource_type": "environment" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve a list of an environment's upcoming and in-progress managed actions", - "privilege": "DescribeEnvironmentManagedActions", - "resource_types": [ - { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], - "dependent_actions": [], - "resource_type": "environment" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve a list of AWS resources for an environment", - "privilege": "DescribeEnvironmentResources", - "resource_types": [ - { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], - "dependent_actions": [], - "resource_type": "environment" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to retrieve descriptions for existing environments", - "privilege": "DescribeEnvironments", - "resource_types": [ - { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], - "dependent_actions": [], - "resource_type": "environment" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve a list of event descriptions matching a set of criteria", - "privilege": "DescribeEvents", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application" - }, - { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], - "dependent_actions": [], - "resource_type": "applicationversion" - }, - { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], - "dependent_actions": [], - "resource_type": "configurationtemplate" - }, - { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], - "dependent_actions": [], - "resource_type": "environment" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve more detailed information about the health of environment instances", - "privilege": "DescribeInstancesHealth", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "environment" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve a description of a managed platform version", - "privilege": "DescribePlatformVersion", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "platform" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to disassociate an operations role with an environment", - "privilege": "DisassociateEnvironmentOperationsRole", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "environment*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to retrieve a list of the available solution stack names", - "privilege": "ListAvailableSolutionStacks", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "solutionstack" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to retrieve a list of the available platform branches", - "privilege": "ListPlatformBranches", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to retrieve a list of the available platforms", - "privilege": "ListPlatformVersions", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "platform" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve a list of tags of an Elastic Beanstalk resource", - "privilege": "ListTagsForResource", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "applicationversion" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "configurationtemplate" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "environment" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "platform" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to submit instance statistics for enhanced health", - "privilege": "PutInstanceStatistics", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "environment*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete and recreate all of the AWS resources for an environment and to force a restart", - "privilege": "RebuildEnvironment", - "resource_types": [ - { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], - "dependent_actions": [], - "resource_type": "environment*" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to remove tags from an Elastic Beanstalk resource", - "privilege": "RemoveTags", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "applicationversion" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "configurationtemplate" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "environment" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "platform" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to initiate a request to compile information of the deployed environment", - "privilege": "RequestEnvironmentInfo", - "resource_types": [ - { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], - "dependent_actions": [], - "resource_type": "environment*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to request an environment to restart the application container server running on each Amazon EC2 instance", - "privilege": "RestartAppServer", - "resource_types": [ - { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], - "dependent_actions": [], - "resource_type": "environment*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve the compiled information from a RequestEnvironmentInfo request", - "privilege": "RetrieveEnvironmentInfo", - "resource_types": [ - { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], - "dependent_actions": [], - "resource_type": "environment*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to swap the CNAMEs of two environments", - "privilege": "SwapEnvironmentCNAMEs", - "resource_types": [ - { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], - "dependent_actions": [], - "resource_type": "environment*" - }, - { - "condition_keys": [ - "elasticbeanstalk:FromEnvironment" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to terminate an environment", - "privilege": "TerminateEnvironment", - "resource_types": [ - { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], - "dependent_actions": [], - "resource_type": "environment*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update an application with specified properties", - "privilege": "UpdateApplication", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update the application version lifecycle policy associated with the application", - "privilege": "UpdateApplicationResourceLifecycle", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update an application version with specified properties", - "privilege": "UpdateApplicationVersion", - "resource_types": [ - { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], - "dependent_actions": [], - "resource_type": "applicationversion*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a configuration template with specified properties or configuration option values", - "privilege": "UpdateConfigurationTemplate", - "resource_types": [ - { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], - "dependent_actions": [], - "resource_type": "configurationtemplate*" - }, - { - "condition_keys": [ - "elasticbeanstalk:FromApplication", - "elasticbeanstalk:FromApplicationVersion", - "elasticbeanstalk:FromConfigurationTemplate", - "elasticbeanstalk:FromEnvironment", - "elasticbeanstalk:FromSolutionStack", - "elasticbeanstalk:FromPlatform" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update an environment", - "privilege": "UpdateEnvironment", - "resource_types": [ - { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], - "dependent_actions": [], - "resource_type": "environment*" - }, - { - "condition_keys": [ - "elasticbeanstalk:FromApplicationVersion", - "elasticbeanstalk:FromConfigurationTemplate", - "elasticbeanstalk:FromSolutionStack", - "elasticbeanstalk:FromPlatform" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Tagging", - "description": "Doesn't grant permission to update tags. To grant permission to add tags to an Elastic Beanstalk resource, remove tags, and to update tag values, specify elasticbeanstalk:AddTags and elasticbeanstalk:RemoveTags", - "privilege": "UpdateTagsForResource", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "applicationversion" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "configurationtemplate" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "environment" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "platform" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to check the validity of a set of configuration settings for a configuration template or an environment", - "privilege": "ValidateConfigurationSettings", - "resource_types": [ - { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], - "dependent_actions": [], - "resource_type": "configurationtemplate" - }, - { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], - "dependent_actions": [], - "resource_type": "environment" - } - ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:elasticbeanstalk:${Region}:${Account}:application/${ApplicationName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "application" - }, - { - "arn": "arn:${Partition}:elasticbeanstalk:${Region}:${Account}:applicationversion/${ApplicationName}/${VersionLabel}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticbeanstalk:InApplication" - ], - "resource": "applicationversion" - }, - { - "arn": "arn:${Partition}:elasticbeanstalk:${Region}:${Account}:configurationtemplate/${ApplicationName}/${TemplateName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticbeanstalk:InApplication" - ], - "resource": "configurationtemplate" - }, - { - "arn": "arn:${Partition}:elasticbeanstalk:${Region}:${Account}:environment/${ApplicationName}/${EnvironmentName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticbeanstalk:InApplication" - ], - "resource": "environment" - }, - { - "arn": "arn:${Partition}:elasticbeanstalk:${Region}::solutionstack/${SolutionStackName}", - "condition_keys": [], - "resource": "solutionstack" - }, - { - "arn": "arn:${Partition}:elasticbeanstalk:${Region}::platform/${PlatformNameWithVersion}", - "condition_keys": [], - "resource": "platform" - } - ], - "service_name": "AWS Elastic Beanstalk" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by a tag key and value pair that is allowed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by a tag key and value pair of a resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by a list of tag keys that are allowed in the request", - "type": "ArrayOfString" - }, - { - "condition": "elasticfilesystem:AccessPointArn", - "description": "Filters access by the ARN of the access point used to mount the file system", - "type": "ARN" - }, - { - "condition": "elasticfilesystem:AccessedViaMountTarget", - "description": "Filters access by whether the file system is accessed via mount targets", - "type": "Bool" - }, - { - "condition": "elasticfilesystem:CreateAction", - "description": "Filters access by the name of a resource-creating API action", - "type": "String" - }, - { - "condition": "elasticfilesystem:Encrypted", - "description": "Filters access by whether users can create only encrypted or unencrypted file systems", - "type": "Bool" - } - ], - "prefix": "elasticfilesystem", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to start a backup job for an existing file system", - "privilege": "Backup", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "file-system*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to allow an NFS client read-access to a file system", - "privilege": "ClientMount", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "file-system*" - }, - { - "condition_keys": [ - "elasticfilesystem:AccessPointArn", - "elasticfilesystem:AccessedViaMountTarget" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to allow an NFS client root-access to a file system", - "privilege": "ClientRootAccess", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "file-system*" - }, - { - "condition_keys": [ - "elasticfilesystem:AccessPointArn", - "elasticfilesystem:AccessedViaMountTarget" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to allow an NFS client write-access to a file system", - "privilege": "ClientWrite", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "file-system*" - }, - { - "condition_keys": [ - "elasticfilesystem:AccessPointArn", - "elasticfilesystem:AccessedViaMountTarget" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create an access point for the specified file system", - "privilege": "CreateAccessPoint", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "elasticfilesystem:TagResource" - ], - "resource_type": "file-system*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a new, empty file system", - "privilege": "CreateFileSystem", - "resource_types": [ - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "elasticfilesystem:Encrypted" - ], - "dependent_actions": [ - "elasticfilesystem:TagResource" - ], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a mount target for a file system", - "privilege": "CreateMountTarget", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "file-system*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a new replication configuration", - "privilege": "CreateReplicationConfiguration", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "file-system*" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to create or overwrite tags associated with a file system; deprecated, see TagResource", - "privilege": "CreateTags", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "file-system*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete the specified access point", - "privilege": "DeleteAccessPoint", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "access-point*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a file system, permanently severing access to its contents", - "privilege": "DeleteFileSystem", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "file-system*" - } - ] - }, - { - "access_level": "Permissions management", - "description": "Grants permission to delete the resource-level policy for a file system", - "privilege": "DeleteFileSystemPolicy", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "file-system*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete the specified mount target", - "privilege": "DeleteMountTarget", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "file-system*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a replication configuration", - "privilege": "DeleteReplicationConfiguration", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "file-system*" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to delete the specified tags from a file system; deprecated, see UntagResource", - "privilege": "DeleteTags", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "file-system*" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to view the descriptions of Amazon EFS access points", - "privilege": "DescribeAccessPoints", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "access-point" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "file-system" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to view the account preferences in effect for an account", - "privilege": "DescribeAccountPreferences", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to view the BackupPolicy object for an Amazon EFS file system", - "privilege": "DescribeBackupPolicy", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "file-system*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to view the resource-level policy for an Amazon EFS file system", - "privilege": "DescribeFileSystemPolicy", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "file-system" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to view the description of an Amazon EFS file system specified by file system CreationToken or FileSystemId; or to view the description of all file systems owned by the caller's AWS account in the AWS region of the endpoint that is being called", - "privilege": "DescribeFileSystems", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "file-system" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to view the LifecycleConfiguration object for an Amazon EFS file system", - "privilege": "DescribeLifecycleConfiguration", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "file-system*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to view the security groups in effect for a mount target", - "privilege": "DescribeMountTargetSecurityGroups", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "file-system*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to view the descriptions of all mount targets, or a specific mount target, for a file system", - "privilege": "DescribeMountTargets", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "file-system*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "access-point" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to view the description of an Amazon EFS replication configuration specified by FileSystemId; or to view the description of all replication configurations owned by the caller's AWS account in the AWS region of the endpoint that is being called", - "privilege": "DescribeReplicationConfigurations", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "file-system" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to view the tags associated with a file system", - "privilege": "DescribeTags", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "file-system*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to view the tags associated with the specified Amazon EFS resource", - "privilege": "ListTagsForResource", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "access-point" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "file-system" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to modify the set of security groups in effect for a mount target", - "privilege": "ModifyMountTargetSecurityGroups", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "file-system*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to set the account preferences of an account", - "privilege": "PutAccountPreferences", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to enable or disable automatic backups with AWS Backup by creating a new BackupPolicy object", - "privilege": "PutBackupPolicy", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "file-system*" - } - ] - }, - { - "access_level": "Permissions management", - "description": "Grants permission to apply a resource-level policy that defines the actions allowed or denied from given actors for the specified file system", - "privilege": "PutFileSystemPolicy", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "file-system*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to enable lifecycle management by creating a new LifecycleConfiguration object", - "privilege": "PutLifecycleConfiguration", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "file-system*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to read file system data for replication", - "privilege": "ReplicationRead", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "file-system*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to replicate data to a file system", - "privilege": "ReplicationWrite", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "file-system*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to start a restore job for a backup of a file system", - "privilege": "Restore", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "file-system*" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to create or overwrite tags associated with the specified Amazon EFS resource", - "privilege": "TagResource", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "access-point" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "file-system" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "elasticfilesystem:CreateAction" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to delete the specified tags from an Amazon EFS resource", - "privilege": "UntagResource", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "access-point" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "file-system" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update the throughput mode or the amount of provisioned throughput of an existing file system", - "privilege": "UpdateFileSystem", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "file-system*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update the file system protection of an existing file system", - "privilege": "UpdateFileSystemProtection", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "file-system*" - } - ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:elasticfilesystem:${Region}:${Account}:file-system/${FileSystemId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "file-system" - }, - { - "arn": "arn:${Partition}:elasticfilesystem:${Region}:${Account}:access-point/${AccessPointId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "access-point" - } - ], - "service_name": "Amazon Elastic File System" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "A key that is present in the request the user makes to the ELB service", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Global tag key and value pair", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "The list of all the tag key names associated with the resource in the request", - "type": "ArrayOfString" - }, - { - "condition": "elasticloadbalancing:ResourceTag/${TagKey}", - "description": "A tag key and value pair", - "type": "String" - } - ], - "prefix": "elasticloadbalancing", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to add the specified certificates to the specified secure listener", - "privilege": "AddListenerCertificates", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener/app*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener/net*" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to add the specified tags to the specified load balancer. Each load balancer can have a maximum of 10 tags", - "privilege": "AddTags", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener-rule/app" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener-rule/net" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener/app" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener/net" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer/app/" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer/net/" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "targetgroup" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a listener for the specified Application Load Balancer", - "privilege": "CreateListener", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer/app/" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer/net/" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a load balancer", - "privilege": "CreateLoadBalancer", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer/app/" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer/net/" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a rule for the specified listener", - "privilege": "CreateRule", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener/app*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener/net*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a target group", - "privilege": "CreateTargetGroup", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "targetgroup*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete the specified listener", - "privilege": "DeleteListener", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener/app*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener/net*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete the specified load balancer", - "privilege": "DeleteLoadBalancer", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer/app/" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer/net/" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete the specified rule", - "privilege": "DeleteRule", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener-rule/app*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener-rule/net*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete the specified target group", - "privilege": "DeleteTargetGroup", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "targetgroup*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to deregister the specified targets from the specified target group", - "privilege": "DeregisterTargets", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "targetgroup*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the Elastic Load Balancing resource limits for the AWS account", - "privilege": "DescribeAccountLimits", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the certificates for the specified secure listener", - "privilege": "DescribeListenerCertificates", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the specified listeners or the listeners for the specified Application Load Balancer", - "privilege": "DescribeListeners", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the attributes for the specified load balancer", - "privilege": "DescribeLoadBalancerAttributes", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the specified the load balancers. If no load balancers are specified, the call describes all of your load balancers", - "privilege": "DescribeLoadBalancers", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the specified rules or the rules for the specified listener", - "privilege": "DescribeRules", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the specified policies or all policies used for SSL negotiation", - "privilege": "DescribeSSLPolicies", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the tags associated with the specified resource", - "privilege": "DescribeTags", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the attributes for the specified target group", - "privilege": "DescribeTargetGroupAttributes", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the specified target groups or all of your target groups", - "privilege": "DescribeTargetGroups", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the health of the specified targets or all of your targets", - "privilege": "DescribeTargetHealth", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to modify the specified properties of the specified listener", - "privilege": "ModifyListener", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener/app*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener/net*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to modify the attributes of the specified load balancer", - "privilege": "ModifyLoadBalancerAttributes", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer/app/" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer/net/" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to modify the specified rule", - "privilege": "ModifyRule", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener-rule/app*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener-rule/net*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to modify the health checks used when evaluating the health state of the targets in the specified target group", - "privilege": "ModifyTargetGroup", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "targetgroup*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to modify the specified attributes of the specified target group", - "privilege": "ModifyTargetGroupAttributes", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "targetgroup*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to register the specified targets with the specified target group", - "privilege": "RegisterTargets", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "targetgroup*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to remove the specified certificates of the specified secure listener", - "privilege": "RemoveListenerCertificates", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener/app*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener/net*" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to remove one or more tags from the specified load balancer", - "privilege": "RemoveTags", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener-rule/app" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener-rule/net" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener/app" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener/net" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer/app/" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer/net/" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "targetgroup" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to set the type of IP addresses used by the subnets of the specified load balancer", - "privilege": "SetIpAddressType", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer/app/" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer/net/" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to set the priorities of the specified rules", - "privilege": "SetRulePriorities", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener-rule/app*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener-rule/net*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to associate the specified security groups with the specified load balancer", - "privilege": "SetSecurityGroups", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer/app/" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer/net/" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to enable the Availability Zone for the specified subnets for the specified load balancer", - "privilege": "SetSubnets", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer/app/" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer/net/" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to give WebAcl permission to WAF", - "privilege": "SetWebAcl", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:elasticloadbalancing:${Region}:${Account}:listener/app/${LoadBalancerName}/${LoadBalancerId}/${ListenerId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "resource": "listener/app" - }, - { - "arn": "arn:${Partition}:elasticloadbalancing:${Region}:${Account}:listener-rule/app/${LoadBalancerName}/${LoadBalancerId}/${ListenerId}/${ListenerRuleId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "resource": "listener-rule/app" - }, - { - "arn": "arn:${Partition}:elasticloadbalancing:${Region}:${Account}:listener/net/${LoadBalancerName}/${LoadBalancerId}/${ListenerId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "resource": "listener/net" - }, - { - "arn": "arn:${Partition}:elasticloadbalancing:${Region}:${Account}:listener-rule/net/${LoadBalancerName}/${LoadBalancerId}/${ListenerId}/${ListenerRuleId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "resource": "listener-rule/net" - }, - { - "arn": "arn:${Partition}:elasticloadbalancing:${Region}:${Account}:loadbalancer/app/${LoadBalancerName}/${LoadBalancerId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "resource": "loadbalancer/app/" - }, - { - "arn": "arn:${Partition}:elasticloadbalancing:${Region}:${Account}:loadbalancer/net/${LoadBalancerName}/${LoadBalancerId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "resource": "loadbalancer/net/" - }, - { - "arn": "arn:${Partition}:elasticloadbalancing:${Region}:${Account}:targetgroup/${TargetGroupName}/${TargetGroupId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "resource": "targetgroup" - } - ], - "service_name": "Elastic Load Balancing V2" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by a tag key and value pair that is allowed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by a tag key and value pair of a resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by a list of tag keys that are allowed in the request", - "type": "ArrayOfString" - }, - { - "condition": "elasticloadbalancing:CreateAction", - "description": "Filters access by the name of a resource-creating API action", - "type": "String" - }, - { - "condition": "elasticloadbalancing:ListenerProtocol", - "description": "Filters access by the listener protocols that are allowed in the request", - "type": "ArrayOfString" - }, - { - "condition": "elasticloadbalancing:ResourceTag/", - "description": "Filters access by the preface string for a tag key and value pair that are attached to a resource", - "type": "String" - }, - { - "condition": "elasticloadbalancing:ResourceTag/${TagKey}", - "description": "Filters access by the preface string for a tag key and value pair that are attached to a resource", - "type": "String" - }, - { - "condition": "elasticloadbalancing:Scheme", - "description": "Filters access by the load balancer scheme that are allowed in the request", - "type": "String" - }, - { - "condition": "elasticloadbalancing:SecurityGroup", - "description": "Filters access by the security-group IDs that are allowed in the request", - "type": "ArrayOfString" - }, - { - "condition": "elasticloadbalancing:SecurityPolicy", - "description": "Filters access by the SSL Security Policies that are allowed in the request", - "type": "ArrayOfString" - }, - { - "condition": "elasticloadbalancing:Subnet", - "description": "Filters access by the subnet IDs that are allowed in the request", - "type": "ArrayOfString" - } - ], - "prefix": "elasticloadbalancing", - "privileges": [ - { - "access_level": "Tagging", - "description": "Grants permission to add the specified tags to the specified load balancer. Each load balancer can have a maximum of 10 tags", - "privilege": "AddTags", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}", - "elasticloadbalancing:CreateAction" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to associate one or more security groups with your load balancer in a virtual private cloud (VPC)", - "privilege": "ApplySecurityGroupsToLoadBalancer", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}", - "elasticloadbalancing:SecurityGroup" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to add one or more subnets to the set of configured subnets for the specified load balancer", - "privilege": "AttachLoadBalancerToSubnets", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}", - "elasticloadbalancing:Subnet" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to specify the health check settings to use when evaluating the health state of your back-end instances", - "privilege": "ConfigureHealthCheck", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to generate a stickiness policy with sticky session lifetimes that follow that of an application-generated cookie", - "privilege": "CreateAppCookieStickinessPolicy", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to generate a stickiness policy with sticky session lifetimes controlled by the lifetime of the browser (user-agent) or a specified expiration period", - "privilege": "CreateLBCookieStickinessPolicy", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a load balancer", - "privilege": "CreateLoadBalancer", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "elasticloadbalancing:AddTags" - ], - "resource_type": "loadbalancer" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}", - "elasticloadbalancing:SecurityGroup", - "elasticloadbalancing:Subnet", - "elasticloadbalancing:Scheme", - "elasticloadbalancing:ListenerProtocol" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create one or more listeners for the specified load balancer", - "privilege": "CreateLoadBalancerListeners", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}", - "elasticloadbalancing:ListenerProtocol" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a policy with the specified attributes for the specified load balancer", - "privilege": "CreateLoadBalancerPolicy", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}", - "elasticloadbalancing:SecurityPolicy" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete the specified load balancer", - "privilege": "DeleteLoadBalancer", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete the specified listeners from the specified load balancer", - "privilege": "DeleteLoadBalancerListeners", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete the specified policy from the specified load balancer. This policy must not be enabled for any listeners", - "privilege": "DeleteLoadBalancerPolicy", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to deregister the specified instances from the specified load balancer", - "privilege": "DeregisterInstancesFromLoadBalancer", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the state of the specified instances with respect to the specified load balancer", - "privilege": "DescribeInstanceHealth", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the attributes for the specified load balancer", - "privilege": "DescribeLoadBalancerAttributes", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the specified policies", - "privilege": "DescribeLoadBalancerPolicies", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the specified load balancer policy types", - "privilege": "DescribeLoadBalancerPolicyTypes", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to describe the specified the load balancers. If no load balancers are specified, the call describes all of your load balancers", - "privilege": "DescribeLoadBalancers", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the tags associated with the specified load balancers", - "privilege": "DescribeTags", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to remove the specified subnets from the set of configured subnets for the load balancer", - "privilege": "DetachLoadBalancerFromSubnets", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to remove the specified Availability Zones from the set of Availability Zones for the specified load balancer", - "privilege": "DisableAvailabilityZonesForLoadBalancer", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to add the specified Availability Zones to the set of Availability Zones for the specified load balancer", - "privilege": "EnableAvailabilityZonesForLoadBalancer", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to modify the attributes of the specified load balancer", - "privilege": "ModifyLoadBalancerAttributes", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to add the specified instances to the specified load balancer", - "privilege": "RegisterInstancesWithLoadBalancer", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to remove one or more tags from the specified load balancer", - "privilege": "RemoveTags", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to set the certificate that terminates the specified listener's SSL connections", - "privilege": "SetLoadBalancerListenerSSLCertificate", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to replace the set of policies associated with the specified port on which the back-end server is listening with a new set of policies", - "privilege": "SetLoadBalancerPoliciesForBackendServer", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to replace the current set of policies for the specified load balancer port with the specified set of policies", - "privilege": "SetLoadBalancerPoliciesOfListener", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}", - "elasticloadbalancing:SecurityPolicy" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:elasticloadbalancing:${Region}:${Account}:loadbalancer/${LoadBalancerName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "resource": "loadbalancer" - } - ], - "service_name": "AWS Elastic Load Balancing" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by a tag key and value pair that is allowed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by a tag key and value pair of a resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by a list of tag keys that are allowed in the request", - "type": "ArrayOfString" - }, - { - "condition": "elasticloadbalancing:CreateAction", - "description": "Filters access by the name of a resource-creating API action", - "type": "String" - }, - { - "condition": "elasticloadbalancing:ListenerProtocol", - "description": "Filters access by the listener protocol that is allowed in the request", - "type": "String" - }, - { - "condition": "elasticloadbalancing:ResourceTag/${TagKey}", - "description": "Filters access by the preface string for a tag key and value pair that are attached to a resource", - "type": "String" - }, - { - "condition": "elasticloadbalancing:Scheme", - "description": "Filters access by the load balancer scheme that is allowed in the request", - "type": "String" - }, - { - "condition": "elasticloadbalancing:SecurityGroup", - "description": "Filters access by the security-group IDs that are allowed in the request", - "type": "ArrayOfString" - }, - { - "condition": "elasticloadbalancing:SecurityPolicy", - "description": "Filters access by the SSL Security Policies that are allowed in the request", - "type": "ArrayOfString" - }, - { - "condition": "elasticloadbalancing:Subnet", - "description": "Filters access by the subnet IDs that are allowed in the request", - "type": "ArrayOfString" - } - ], - "prefix": "elasticloadbalancing", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to add the specified certificates to the specified secure listener", - "privilege": "AddListenerCertificates", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener/app*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener/net*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to add the specified tags to the specified load balancer. Each load balancer can have a maximum of 10 tags", - "privilege": "AddTags", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener-rule/app" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener-rule/net" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener/app" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener/net" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer/app/" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer/net/" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "targetgroup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "truststore" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}", - "elasticloadbalancing:CreateAction" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to add revocations to a trust store", - "privilege": "AddTrustStoreRevocations", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "truststore*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a listener for the specified Application Load Balancer", - "privilege": "CreateListener", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "elasticloadbalancing:AddTags" - ], - "resource_type": "loadbalancer/app/" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer/net/" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}", - "elasticloadbalancing:SecurityPolicy", - "elasticloadbalancing:ListenerProtocol" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a load balancer", - "privilege": "CreateLoadBalancer", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "elasticloadbalancing:AddTags" - ], - "resource_type": "loadbalancer/app/" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer/net/" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}", - "elasticloadbalancing:SecurityGroup", - "elasticloadbalancing:Subnet", - "elasticloadbalancing:Scheme" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a rule for the specified listener", - "privilege": "CreateRule", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "elasticloadbalancing:AddTags" - ], - "resource_type": "listener/app*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener/net*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a target group", - "privilege": "CreateTargetGroup", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "elasticloadbalancing:AddTags" - ], - "resource_type": "targetgroup*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a trust store", - "privilege": "CreateTrustStore", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "elasticloadbalancing:AddTags" - ], - "resource_type": "truststore" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete the specified listener", - "privilege": "DeleteListener", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener/app*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener/net*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete the specified load balancer", - "privilege": "DeleteLoadBalancer", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer/app/" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer/net/" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete the specified rule", - "privilege": "DeleteRule", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener-rule/app*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener-rule/net*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete the specified shared trust store association", - "privilege": "DeleteSharedTrustStoreAssociation", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "truststore*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete the specified target group", - "privilege": "DeleteTargetGroup", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "targetgroup*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete the specified trust store", - "privilege": "DeleteTrustStore", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "truststore*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to deregister the specified targets from the specified target group", - "privilege": "DeregisterTargets", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "targetgroup*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the Elastic Load Balancing resource limits for the AWS account", - "privilege": "DescribeAccountLimits", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the capacity reservation for a load balancer", - "privilege": "DescribeCapacityReservation", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the attributes for the specified listener", - "privilege": "DescribeListenerAttributes", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the certificates for the specified secure listener", - "privilege": "DescribeListenerCertificates", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the specified listeners or the listeners for the specified Application Load Balancer", - "privilege": "DescribeListeners", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the attributes for the specified load balancer", - "privilege": "DescribeLoadBalancerAttributes", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the specified the load balancers. If no load balancers are specified, the call describes all of your load balancers", - "privilege": "DescribeLoadBalancers", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the specified rules or the rules for the specified listener", - "privilege": "DescribeRules", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the specified policies or all policies used for SSL negotiation", - "privilege": "DescribeSSLPolicies", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the tags associated with the specified resource", - "privilege": "DescribeTags", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the attributes for the specified target group", - "privilege": "DescribeTargetGroupAttributes", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the specified target groups or all of your target groups", - "privilege": "DescribeTargetGroups", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the health of the specified targets or all of your targets", - "privilege": "DescribeTargetHealth", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the associations with a trust store", - "privilege": "DescribeTrustStoreAssociations", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the specified trust stores revocations or all of your revocations related to a trust store", - "privilege": "DescribeTrustStoreRevocations", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the specified trust stores or all of your trust stores", - "privilege": "DescribeTrustStores", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve the resource policy associated with the resource", - "privilege": "GetResourcePolicy", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "truststore" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve a trust store CA certificates bundle", - "privilege": "GetTrustStoreCaCertificatesBundle", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "truststore*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve a trust store revocation content", - "privilege": "GetTrustStoreRevocationContent", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "truststore*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to modify the capacity reservation for a load balancer", - "privilege": "ModifyCapacityReservation", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer/app/" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer/net/" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to modify the specified properties of the specified listener", - "privilege": "ModifyListener", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener/app*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener/net*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}", - "elasticloadbalancing:SecurityPolicy", - "elasticloadbalancing:ListenerProtocol" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to modify the attributes of the specified listener", - "privilege": "ModifyListenerAttributes", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener/app*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener/net*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to modify the attributes of the specified load balancer", - "privilege": "ModifyLoadBalancerAttributes", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer/app/" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer/net/" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to modify the specified rule", - "privilege": "ModifyRule", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener-rule/app*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener-rule/net*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to modify the health checks used when evaluating the health state of the targets in the specified target group", - "privilege": "ModifyTargetGroup", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "targetgroup*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to modify the specified attributes of the specified target group", - "privilege": "ModifyTargetGroupAttributes", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "targetgroup*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to modify the specified trust store", - "privilege": "ModifyTrustStore", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "truststore*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to register the specified targets with the specified target group", - "privilege": "RegisterTargets", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "targetgroup*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to remove the specified certificates of the specified secure listener", - "privilege": "RemoveListenerCertificates", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener/app*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener/net*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to remove one or more tags from the specified load balancer", - "privilege": "RemoveTags", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener-rule/app" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener-rule/net" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener/app" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener/net" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer/app/" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer/net/" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "targetgroup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "truststore" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to remove revocations from a trust store", - "privilege": "RemoveTrustStoreRevocations", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "truststore*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to set the type of IP addresses used by the subnets of the specified load balancer", - "privilege": "SetIpAddressType", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer/app/" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer/net/" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to set the priorities of the specified rules", - "privilege": "SetRulePriorities", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener-rule/app*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener-rule/net*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to associate the specified security groups with the specified load balancer", - "privilege": "SetSecurityGroups", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer/app/" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer/net/" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}", - "elasticloadbalancing:SecurityGroup" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to enable the Availability Zone for the specified subnets for the specified load balancer", - "privilege": "SetSubnets", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer/app/" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer/net/" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}", - "elasticloadbalancing:Subnet" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to give WebAcl permission to WAF", - "privilege": "SetWebAcl", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:elasticloadbalancing:${Region}:${Account}:listener/app/${LoadBalancerName}/${LoadBalancerId}/${ListenerId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "resource": "listener/app" - }, - { - "arn": "arn:${Partition}:elasticloadbalancing:${Region}:${Account}:listener-rule/app/${LoadBalancerName}/${LoadBalancerId}/${ListenerId}/${ListenerRuleId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "resource": "listener-rule/app" - }, - { - "arn": "arn:${Partition}:elasticloadbalancing:${Region}:${Account}:listener/net/${LoadBalancerName}/${LoadBalancerId}/${ListenerId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "resource": "listener/net" - }, - { - "arn": "arn:${Partition}:elasticloadbalancing:${Region}:${Account}:listener-rule/net/${LoadBalancerName}/${LoadBalancerId}/${ListenerId}/${ListenerRuleId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "resource": "listener-rule/net" - }, - { - "arn": "arn:${Partition}:elasticloadbalancing:${Region}:${Account}:loadbalancer/app/${LoadBalancerName}/${LoadBalancerId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "resource": "loadbalancer/app/" - }, - { - "arn": "arn:${Partition}:elasticloadbalancing:${Region}:${Account}:loadbalancer/net/${LoadBalancerName}/${LoadBalancerId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "resource": "loadbalancer/net/" - }, - { - "arn": "arn:${Partition}:elasticloadbalancing:${Region}:${Account}:targetgroup/${TargetGroupName}/${TargetGroupId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "resource": "targetgroup" - }, - { - "arn": "arn:${Partition}:elasticloadbalancing:${Region}:${Account}:truststore/${TrustStoreName}/${TrustStoreId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "resource": "truststore" - } - ], - "service_name": "AWS Elastic Load Balancing V2" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by whether the tag and value pair is provided with the action", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tag and value pair associated with an Amazon EMR resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by whether the tag keys are provided with the action regardless of tag value", - "type": "ArrayOfString" - }, - { - "condition": "elasticmapreduce:ExecutionRoleArn", - "description": "Filters access by whether the execution role ARN is provided with the action", - "type": "ARN" - }, - { - "condition": "elasticmapreduce:RequestTag/${TagKey}", - "description": "Filters access by whether the tag and value pair is provided with the action", - "type": "String" - }, - { - "condition": "elasticmapreduce:ResourceTag/${TagKey}", - "description": "Filters access by the tag and value pair associated with an Amazon EMR resource", - "type": "String" - } - ], - "prefix": "elasticmapreduce", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to add an instance fleet to a running cluster", - "privilege": "AddInstanceFleet", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "cluster*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to add instance groups to a running cluster", - "privilege": "AddInstanceGroups", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "cluster*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to add new steps to a running cluster", - "privilege": "AddJobFlowSteps", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "cluster*" - }, - { - "condition_keys": [ - "elasticmapreduce:ExecutionRoleArn" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to add tags to an Amazon EMR resource", - "privilege": "AddTags", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "cluster" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "editor" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "notebook-execution" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "studio" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "elasticmapreduce:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to attach an EMR notebook to a compute engine", - "privilege": "AttachEditor", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "editor*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to cancel a pending step or steps in a running cluster", - "privilege": "CancelSteps", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "cluster*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create an EMR notebook", - "privilege": "CreateEditor", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "cluster" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "elasticmapreduce:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a persistent application history server", - "privilege": "CreatePersistentAppUI", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "cluster*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create an EMR notebook repository", - "privilege": "CreateRepository", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a security configuration", - "privilege": "CreateSecurityConfiguration", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create an EMR Studio", - "privilege": "CreateStudio", - "resource_types": [ - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "elasticmapreduce:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to launch an EMR Studio using IAM authentication mode", - "privilege": "CreateStudioPresignedUrl", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "studio*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create an EMR Studio session mapping", - "privilege": "CreateStudioSessionMapping", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "studio*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete an EMR notebook", - "privilege": "DeleteEditor", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "editor*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete an EMR notebook repository", - "privilege": "DeleteRepository", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a security configuration", - "privilege": "DeleteSecurityConfiguration", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete an EMR Studio", - "privilege": "DeleteStudio", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "studio*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete an EMR Studio session mapping", - "privilege": "DeleteStudioSessionMapping", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "studio*" - } - ] - }, - { - "access_level": "Permissions management", - "description": "Grants permission to block an identity from opening a collaborative workspace", - "privilege": "DeleteWorkspaceAccess", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "editor*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get details about a cluster, including status, hardware and software configuration, VPC settings, and so on", - "privilege": "DescribeCluster", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "cluster*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to view information about a notebook, including status, user, role, tags, location, and more", - "privilege": "DescribeEditor", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "editor*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe details of clusters (job flows). This API is deprecated and will eventually be removed. We recommend you use ListClusters, DescribeCluster, ListSteps, ListInstanceGroups and ListBootstrapActions instead", - "privilege": "DescribeJobFlows", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "cluster*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to view information about a notebook execution", - "privilege": "DescribeNotebookExecution", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "notebook-execution*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe a persistent application history server", - "privilege": "DescribePersistentAppUI", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "cluster*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to view information about an EMR release, such as which applications are supported", - "privilege": "DescribeReleaseLabel", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe an EMR notebook repository", - "privilege": "DescribeRepository", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get details of a security configuration", - "privilege": "DescribeSecurityConfiguration", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get details about a cluster step", - "privilege": "DescribeStep", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "cluster*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to view information about an EMR Studio", - "privilege": "DescribeStudio", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "studio*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to detach an EMR notebook from a compute engine", - "privilege": "DetachEditor", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "editor*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve the auto-termination policy associated with a cluster", - "privilege": "GetAutoTerminationPolicy", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "cluster*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve the EMR block public access configuration for the AWS account in the Region", - "privilege": "GetBlockPublicAccessConfiguration", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to retrieve HTTP basic credentials associated with a given execution IAM Role for a fine-grained access control enabled EMR Cluster", - "privilege": "GetClusterSessionCredentials", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "cluster*" - }, - { - "condition_keys": [ - "elasticmapreduce:ExecutionRoleArn" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve the managed scaling policy associated with a cluster", - "privilege": "GetManagedScalingPolicy", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "cluster*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to get a presigned URL for an application history server running on the cluster", - "privilege": "GetOnClusterAppUIPresignedURL", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "cluster*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to get a presigned URL for a persistent application history server", - "privilege": "GetPersistentAppUIPresignedURL", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "cluster*" - }, - { - "condition_keys": [ - "elasticmapreduce:ExecutionRoleArn" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to view information about an EMR Studio session mapping", - "privilege": "GetStudioSessionMapping", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "studio*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to link an EMR notebook repository to EMR notebooks", - "privilege": "LinkRepository", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get details about the bootstrap actions associated with a cluster", - "privilege": "ListBootstrapActions", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "cluster*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to get the status of accessible clusters", - "privilege": "ListClusters", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list summary information for accessible EMR notebooks", - "privilege": "ListEditors", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get details of instance fleets in a cluster", - "privilege": "ListInstanceFleets", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "cluster*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get details of instance groups in a cluster", - "privilege": "ListInstanceGroups", + "description": "Grants permission to cancel in-progress environment configuration update or application version deployment", + "privilege": "AbortEnvironmentUpdate", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "environment*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details about the Amazon EC2 instances in a cluster", - "privilege": "ListInstances", + "access_level": "Tagging", + "description": "Grants permission to add tags to an Elastic Beanstalk resource and to update tag values", + "privilege": "AddTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list summary information for notebook executions", - "privilege": "ListNotebookExecutions", - "resource_types": [ + "resource_type": "application" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list and filter the available EMR releases in the current region", - "privilege": "ListReleaseLabels", - "resource_types": [ + "resource_type": "applicationversion" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list existing EMR notebook repositories", - "privilege": "ListRepositories", - "resource_types": [ + "resource_type": "configurationtemplate" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list available security configurations in this account by name, along with creation dates and times", - "privilege": "ListSecurityConfigurations", - "resource_types": [ + "resource_type": "environment" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "platform" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list steps associated with a cluster", - "privilege": "ListSteps", + "access_level": "Write", + "description": "Grants permission to apply a scheduled managed action immediately", + "privilege": "ApplyEnvironmentManagedAction", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "environment*" } ] }, { - "access_level": "List", - "description": "Grants permission to list summary information about EMR Studio session mappings", - "privilege": "ListStudioSessionMappings", + "access_level": "Write", + "description": "Grants permission to associate an operations role with an environment", + "privilege": "AssociateEnvironmentOperationsRole", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "environment*" } ] }, { - "access_level": "List", - "description": "Grants permission to list summary information about EMR Studios", - "privilege": "ListStudios", + "access_level": "Read", + "description": "Grants permission to check CNAME availability", + "privilege": "CheckDNSAvailability", "resource_types": [ { "condition_keys": [], @@ -126716,385 +129722,455 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the Amazon EC2 instance types that an Amazon EMR release supports", - "privilege": "ListSupportedInstanceTypes", + "access_level": "Write", + "description": "Grants permission to create or update a group of environments, each running a separate component of a single application", + "privilege": "ComposeEnvironments", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "application*" + }, + { + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], + "dependent_actions": [], + "resource_type": "applicationversion*" } ] }, { - "access_level": "List", - "description": "Grants permission to list identities that are granted access to a workspace", - "privilege": "ListWorkspaceAccessIdentities", + "access_level": "Write", + "description": "Grants permission to create a new application", + "privilege": "CreateApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "editor*" + "resource_type": "application*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to change cluster settings such as number of steps that can be executed concurrently for a cluster", - "privilege": "ModifyCluster", + "description": "Grants permission to create an application version for an application", + "privilege": "CreateApplicationVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "application*" + }, + { + "condition_keys": [ + "elasticbeanstalk:InApplication", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "applicationversion*" } ] }, { "access_level": "Write", - "description": "Grants permission to change the target On-Demand and target Spot capacities for a instance fleet", - "privilege": "ModifyInstanceFleet", + "description": "Grants permission to create a configuration template", + "privilege": "CreateConfigurationTemplate", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "configurationtemplate*" + }, + { + "condition_keys": [ + "elasticbeanstalk:FromApplication", + "elasticbeanstalk:FromApplicationVersion", + "elasticbeanstalk:FromConfigurationTemplate", + "elasticbeanstalk:FromEnvironment", + "elasticbeanstalk:FromSolutionStack", + "elasticbeanstalk:FromPlatform", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to change the number and configuration of EC2 instances for an instance group", - "privilege": "ModifyInstanceGroups", + "description": "Grants permission to launch an environment for an application", + "privilege": "CreateEnvironment", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], "dependent_actions": [], - "resource_type": "cluster" + "resource_type": "environment*" + }, + { + "condition_keys": [ + "elasticbeanstalk:FromApplicationVersion", + "elasticbeanstalk:FromConfigurationTemplate", + "elasticbeanstalk:FromSolutionStack", + "elasticbeanstalk:FromPlatform", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to launch the Jupyter notebook editor for an EMR notebook from within the console", - "privilege": "OpenEditorInConsole", + "description": "Grants permission to create a new version of a custom platform", + "privilege": "CreatePlatformVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "editor*" + "resource_type": "platform*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "cluster" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create or update an automatic scaling policy for a core instance group or task instance group", - "privilege": "PutAutoScalingPolicy", + "description": "Grants permission to create the Amazon S3 storage location for the account", + "privilege": "CreateStorageLocation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create or update the auto-termination policy associated with a cluster", - "privilege": "PutAutoTerminationPolicy", + "description": "Grants permission to delete an application along with all associated versions and configurations", + "privilege": "DeleteApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "application*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to create or update the EMR block public access configuration for the AWS account in the Region", - "privilege": "PutBlockPublicAccessConfiguration", + "access_level": "Write", + "description": "Grants permission to delete an application version from an application", + "privilege": "DeleteApplicationVersion", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], "dependent_actions": [], - "resource_type": "" + "resource_type": "applicationversion*" } ] }, { "access_level": "Write", - "description": "Grants permission to create or update the managed scaling policy associated with a cluster", - "privilege": "PutManagedScalingPolicy", + "description": "Grants permission to delete a configuration template", + "privilege": "DeleteConfigurationTemplate", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "configurationtemplate*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to allow an identity to open a collaborative workspace", - "privilege": "PutWorkspaceAccess", + "access_level": "Write", + "description": "Grants permission to delete the draft configuration associated with the running environment", + "privilege": "DeleteEnvironmentConfiguration", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], "dependent_actions": [], - "resource_type": "editor*" + "resource_type": "environment*" } ] }, { "access_level": "Write", - "description": "Grants permission to remove an automatic scaling policy from an instance group", - "privilege": "RemoveAutoScalingPolicy", + "description": "Grants permission to delete a version of a custom platform", + "privilege": "DeletePlatformVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "platform*" } ] }, { - "access_level": "Write", - "description": "Grants permission to remove the auto-termination policy associated with a cluster", - "privilege": "RemoveAutoTerminationPolicy", + "access_level": "Read", + "description": "Grants permission to retrieve a list of account attributes, including resource quotas", + "privilege": "DescribeAccountAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to remove the managed scaling policy associated with a cluster", - "privilege": "RemoveManagedScalingPolicy", + "access_level": "List", + "description": "Grants permission to retrieve a list of application versions stored in an AWS Elastic Beanstalk storage bucket", + "privilege": "DescribeApplicationVersions", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "applicationversion" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from an Amazon EMR resource", - "privilege": "RemoveTags", + "access_level": "List", + "description": "Grants permission to retrieve the descriptions of existing applications", + "privilege": "DescribeApplications", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster" - }, + "resource_type": "application" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve descriptions of environment configuration options", + "privilege": "DescribeConfigurationOptions", + "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], "dependent_actions": [], - "resource_type": "editor" + "resource_type": "configurationtemplate" }, { - "condition_keys": [], + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], "dependent_actions": [], - "resource_type": "notebook-execution" + "resource_type": "environment" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "studio" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "solutionstack" } ] }, { - "access_level": "Write", - "description": "Grants permission to create and launch a cluster (job flow)", - "privilege": "RunJobFlow", + "access_level": "Read", + "description": "Grants permission to retrieve a description of the settings for a configuration set", + "privilege": "DescribeConfigurationSettings", "resource_types": [ { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "elasticmapreduce:RequestTag/${TagKey}" + "elasticbeanstalk:InApplication" ], - "dependent_actions": [ - "iam:PassRole" + "dependent_actions": [], + "resource_type": "configurationtemplate" + }, + { + "condition_keys": [ + "elasticbeanstalk:InApplication" ], - "resource_type": "" + "dependent_actions": [], + "resource_type": "environment" } ] }, { - "access_level": "Write", - "description": "Grants permission to add and remove auto terminate after step execution for a cluster", - "privilege": "SetKeepJobFlowAliveWhenNoSteps", + "access_level": "Read", + "description": "Grants permission to retrieve information about the overall health of an environment", + "privilege": "DescribeEnvironmentHealth", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "environment" } ] }, { - "access_level": "Write", - "description": "Grants permission to add and remove termination protection for a cluster", - "privilege": "SetTerminationProtection", + "access_level": "Read", + "description": "Grants permission to retrieve a list of an environment's completed and failed managed actions", + "privilege": "DescribeEnvironmentManagedActionHistory", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "environment" } ] }, { - "access_level": "Write", - "description": "Grants permission to enable or disable unhealthy node replacement for a cluster", - "privilege": "SetUnhealthyNodeReplacement", + "access_level": "Read", + "description": "Grants permission to retrieve a list of an environment's upcoming and in-progress managed actions", + "privilege": "DescribeEnvironmentManagedActions", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "environment" } ] }, { - "access_level": "Write", - "description": "Grants permission to set whether all AWS Identity and Access Management (IAM) users in the AWS account can view a cluster. This API is deprecated and your cluster may be visible to all users in your account. To restrict cluster access using an IAM policy, see AWS Identity and Access Management for Amazon EMR (https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-plan-access-iam.html)", - "privilege": "SetVisibleToAllUsers", + "access_level": "Read", + "description": "Grants permission to retrieve a list of AWS resources for an environment", + "privilege": "DescribeEnvironmentResources", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "environment" } ] }, { - "access_level": "Write", - "description": "Grants permission to start an EMR notebook", - "privilege": "StartEditor", + "access_level": "List", + "description": "Grants permission to retrieve descriptions for existing environments", + "privilege": "DescribeEnvironments", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "editor*" - }, - { - "condition_keys": [], + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], "dependent_actions": [], - "resource_type": "cluster" + "resource_type": "environment" } ] }, { - "access_level": "Write", - "description": "Grants permission to start an EMR notebook execution", - "privilege": "StartNotebookExecution", + "access_level": "Read", + "description": "Grants permission to retrieve a list of event descriptions matching a set of criteria", + "privilege": "DescribeEvents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "application" }, { - "condition_keys": [], + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], "dependent_actions": [], - "resource_type": "editor*" + "resource_type": "applicationversion" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "elasticmapreduce:RequestTag/${TagKey}" + "elasticbeanstalk:InApplication" ], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to shut down an EMR notebook", - "privilege": "StopEditor", - "resource_types": [ + "resource_type": "configurationtemplate" + }, { - "condition_keys": [], + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], "dependent_actions": [], - "resource_type": "editor*" + "resource_type": "environment" } ] }, { - "access_level": "Write", - "description": "Grants permission to stop notebook execution", - "privilege": "StopNotebookExecution", + "access_level": "Read", + "description": "Grants permission to retrieve more detailed information about the health of environment instances", + "privilege": "DescribeInstancesHealth", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "notebook-execution*" + "resource_type": "environment" } ] }, { - "access_level": "Write", - "description": "Grants permission to terminate a cluster (job flow)", - "privilege": "TerminateJobFlows", + "access_level": "Read", + "description": "Grants permission to retrieve a description of a managed platform version", + "privilege": "DescribePlatformVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "platform" } ] }, { "access_level": "Write", - "description": "Grants permission to unlink an EMR notebook repository from EMR notebooks", - "privilege": "UnlinkRepository", + "description": "Grants permission to disassociate an operations role with an environment", + "privilege": "DisassociateEnvironmentOperationsRole", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "environment*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update an EMR notebook", - "privilege": "UpdateEditor", + "access_level": "List", + "description": "Grants permission to retrieve a list of the available solution stack names", + "privilege": "ListAvailableSolutionStacks", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "editor*" + "resource_type": "solutionstack" } ] }, { - "access_level": "Write", - "description": "Grants permission to update an EMR notebook repository", - "privilege": "UpdateRepository", + "access_level": "List", + "description": "Grants permission to retrieve a list of the available platform branches", + "privilege": "ListPlatformBranches", "resource_types": [ { "condition_keys": [], @@ -127104,250 +130180,255 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update information about an EMR Studio", - "privilege": "UpdateStudio", + "access_level": "List", + "description": "Grants permission to retrieve a list of the available platforms", + "privilege": "ListPlatformVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "studio*" + "resource_type": "platform" } ] }, { - "access_level": "Write", - "description": "Grants permission to update an EMR Studio session mapping", - "privilege": "UpdateStudioSessionMapping", + "access_level": "Read", + "description": "Grants permission to retrieve a list of tags of an Elastic Beanstalk resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "studio*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to use the EMR console to view events from all clusters", - "privilege": "ViewEventsFromAllClustersInConsole", - "resource_types": [ + "resource_type": "application" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:elasticmapreduce:${Region}:${Account}:cluster/${ClusterId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticmapreduce:ResourceTag/${TagKey}" - ], - "resource": "cluster" - }, - { - "arn": "arn:${Partition}:elasticmapreduce:${Region}:${Account}:editor/${EditorId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticmapreduce:ResourceTag/${TagKey}" - ], - "resource": "editor" - }, - { - "arn": "arn:${Partition}:elasticmapreduce:${Region}:${Account}:notebook-execution/${NotebookExecutionId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticmapreduce:ResourceTag/${TagKey}" - ], - "resource": "notebook-execution" - }, - { - "arn": "arn:${Partition}:elasticmapreduce:${Region}:${Account}:studio/${StudioId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticmapreduce:ResourceTag/${TagKey}" - ], - "resource": "studio" - } - ], - "service_name": "Amazon Elastic MapReduce" - }, - { - "conditions": [], - "prefix": "elastictranscoder", - "privileges": [ - { - "access_level": "Write", - "description": "Cancel a job that Elastic Transcoder has not begun to process", - "privilege": "CancelJob", - "resource_types": [ + "resource_type": "applicationversion" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "job*" + "resource_type": "configurationtemplate" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "platform" } ] }, { "access_level": "Write", - "description": "Create a job", - "privilege": "CreateJob", + "description": "Grants permission to submit instance statistics for enhanced health", + "privilege": "PutInstanceStatistics", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "application*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "preset*" + "resource_type": "environment*" } ] }, { "access_level": "Write", - "description": "Create a pipeline", - "privilege": "CreatePipeline", + "description": "Grants permission to delete and recreate all of the AWS resources for an environment and to force a restart", + "privilege": "RebuildEnvironment", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], "dependent_actions": [], - "resource_type": "" + "resource_type": "environment*" } ] }, { - "access_level": "Write", - "description": "Create a preset", - "privilege": "CreatePreset", + "access_level": "Tagging", + "description": "Grants permission to remove tags from an Elastic Beanstalk resource", + "privilege": "RemoveTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "application" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "applicationversion" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configurationtemplate" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "platform" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Delete a pipeline", - "privilege": "DeletePipeline", + "access_level": "Read", + "description": "Grants permission to initiate a request to compile information of the deployed environment", + "privilege": "RequestEnvironmentInfo", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "environment*" } ] }, { "access_level": "Write", - "description": "Delete a preset", - "privilege": "DeletePreset", + "description": "Grants permission to request an environment to restart the application container server running on each Amazon EC2 instance", + "privilege": "RestartAppServer", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], "dependent_actions": [], - "resource_type": "preset*" + "resource_type": "environment*" } ] }, { - "access_level": "List", - "description": "Get a list of the jobs that you assigned to a pipeline", - "privilege": "ListJobsByPipeline", + "access_level": "Read", + "description": "Grants permission to retrieve the compiled information from a RequestEnvironmentInfo request", + "privilege": "RetrieveEnvironmentInfo", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "environment*" } ] }, { - "access_level": "List", - "description": "Get information about all of the jobs associated with the current AWS account that have a specified status", - "privilege": "ListJobsByStatus", + "access_level": "Write", + "description": "Grants permission to swap the CNAMEs of two environments", + "privilege": "SwapEnvironmentCNAMEs", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Get a list of the pipelines associated with the current AWS account", - "privilege": "ListPipelines", - "resource_types": [ + "resource_type": "environment*" + }, { - "condition_keys": [], + "condition_keys": [ + "elasticbeanstalk:FromEnvironment" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Get a list of all presets associated with the current AWS account", - "privilege": "ListPresets", + "access_level": "Write", + "description": "Grants permission to terminate an environment", + "privilege": "TerminateEnvironment", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], "dependent_actions": [], - "resource_type": "" + "resource_type": "environment*" } ] }, { - "access_level": "Read", - "description": "Get detailed information about a job", - "privilege": "ReadJob", + "access_level": "Write", + "description": "Grants permission to update an application with specified properties", + "privilege": "UpdateApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job*" + "resource_type": "application*" } ] }, { - "access_level": "Read", - "description": "Get detailed information about a pipeline", - "privilege": "ReadPipeline", + "access_level": "Write", + "description": "Grants permission to update the application version lifecycle policy associated with the application", + "privilege": "UpdateApplicationResourceLifecycle", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "application*" } ] }, { - "access_level": "Read", - "description": "Get detailed information about a preset", - "privilege": "ReadPreset", + "access_level": "Write", + "description": "Grants permission to update an application version with specified properties", + "privilege": "UpdateApplicationVersion", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], "dependent_actions": [], - "resource_type": "preset*" + "resource_type": "applicationversion*" } ] }, { "access_level": "Write", - "description": "Test the settings for a pipeline to ensure that Elastic Transcoder can create and process jobs", - "privilege": "TestRole", + "description": "Grants permission to update a configuration template with specified properties or configuration option values", + "privilege": "UpdateConfigurationTemplate", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], + "dependent_actions": [], + "resource_type": "configurationtemplate*" + }, + { + "condition_keys": [ + "elasticbeanstalk:FromApplication", + "elasticbeanstalk:FromApplicationVersion", + "elasticbeanstalk:FromConfigurationTemplate", + "elasticbeanstalk:FromEnvironment", + "elasticbeanstalk:FromSolutionStack", + "elasticbeanstalk:FromPlatform" + ], "dependent_actions": [], "resource_type": "" } @@ -127355,119 +130436,202 @@ }, { "access_level": "Write", - "description": "Update settings for a pipeline", - "privilege": "UpdatePipeline", + "description": "Grants permission to update an environment", + "privilege": "UpdateEnvironment", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "environment*" + }, + { + "condition_keys": [ + "elasticbeanstalk:FromApplicationVersion", + "elasticbeanstalk:FromConfigurationTemplate", + "elasticbeanstalk:FromSolutionStack", + "elasticbeanstalk:FromPlatform" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Update only Amazon Simple Notification Service (Amazon SNS) notifications for a pipeline", - "privilege": "UpdatePipelineNotifications", + "access_level": "Tagging", + "description": "Doesn't grant permission to update tags. To grant permission to add tags to an Elastic Beanstalk resource, remove tags, and to update tag values, specify elasticbeanstalk:AddTags and elasticbeanstalk:RemoveTags", + "privilege": "UpdateTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "application" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "applicationversion" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configurationtemplate" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "platform" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Pause or reactivate a pipeline, so the pipeline stops or restarts processing jobs, update the status for the pipeline", - "privilege": "UpdatePipelineStatus", + "access_level": "Read", + "description": "Grants permission to check the validity of a set of configuration settings for a configuration template or an environment", + "privilege": "ValidateConfigurationSettings", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "configurationtemplate" + }, + { + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], + "dependent_actions": [], + "resource_type": "environment" } ] } ], "resources": [ { - "arn": "arn:${Partition}:elastictranscoder:${Region}:${Account}:job/${JobId}", - "condition_keys": [], - "resource": "job" + "arn": "arn:${Partition}:elasticbeanstalk:${Region}:${Account}:application/${ApplicationName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "application" }, { - "arn": "arn:${Partition}:elastictranscoder:${Region}:${Account}:pipeline/${PipelineId}", + "arn": "arn:${Partition}:elasticbeanstalk:${Region}:${Account}:applicationversion/${ApplicationName}/${VersionLabel}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticbeanstalk:InApplication" + ], + "resource": "applicationversion" + }, + { + "arn": "arn:${Partition}:elasticbeanstalk:${Region}:${Account}:configurationtemplate/${ApplicationName}/${TemplateName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticbeanstalk:InApplication" + ], + "resource": "configurationtemplate" + }, + { + "arn": "arn:${Partition}:elasticbeanstalk:${Region}:${Account}:environment/${ApplicationName}/${EnvironmentName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticbeanstalk:InApplication" + ], + "resource": "environment" + }, + { + "arn": "arn:${Partition}:elasticbeanstalk:${Region}::solutionstack/${SolutionStackName}", "condition_keys": [], - "resource": "pipeline" + "resource": "solutionstack" }, { - "arn": "arn:${Partition}:elastictranscoder:${Region}:${Account}:preset/${PresetId}", + "arn": "arn:${Partition}:elasticbeanstalk:${Region}::platform/${PlatformNameWithVersion}", "condition_keys": [], - "resource": "preset" + "resource": "platform" } ], - "service_name": "Amazon Elastic Transcoder" + "service_name": "AWS Elastic Beanstalk" }, { - "conditions": [], - "prefix": "elemental-activations", - "privileges": [ + "conditions": [ { - "access_level": "Write", - "description": "Grants permission to complete the process of registering customer account for AWS Elemental Appliances and Software Purchases", - "privilege": "CompleteAccountRegistration", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by a tag key and value pair that is allowed in the request", + "type": "String" }, { - "access_level": "Write", - "description": "Grants permission to complete the process of uploading a Software file for AWS Elemental Appliances and Software Purchases", - "privilege": "CompleteFileUpload", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by a tag key and value pair of a resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by a list of tag keys that are allowed in the request", + "type": "ArrayOfString" + }, + { + "condition": "elasticfilesystem:AccessPointArn", + "description": "Filters access by the ARN of the access point used to mount the file system", + "type": "ARN" + }, + { + "condition": "elasticfilesystem:AccessedViaMountTarget", + "description": "Filters access by whether the file system is accessed via mount targets", + "type": "Bool" + }, + { + "condition": "elasticfilesystem:CreateAction", + "description": "Filters access by the name of a resource-creating API action", + "type": "String" }, + { + "condition": "elasticfilesystem:Encrypted", + "description": "Filters access by whether users can create only encrypted or unencrypted file systems", + "type": "Bool" + } + ], + "prefix": "elasticfilesystem", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to confirm asset ownership", - "privilege": "ConfirmAccount", + "description": "Grants permission to start a backup job for an existing file system", + "privilege": "Backup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "file-system*" } ] }, { "access_level": "Read", - "description": "Grants permission to download the kickstart files for AWS Elemental Appliances and Software purchases", - "privilege": "DownloadKickstart", + "description": "Grants permission to allow an NFS client read-access to a file system", + "privilege": "ClientMount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to download the Software files for AWS Elemental Appliances and Software Purchases", - "privilege": "DownloadSoftware", - "resource_types": [ + "resource_type": "file-system*" + }, { - "condition_keys": [], + "condition_keys": [ + "elasticfilesystem:AccessPointArn", + "elasticfilesystem:AccessedViaMountTarget" + ], "dependent_actions": [], "resource_type": "" } @@ -127475,115 +130639,123 @@ }, { "access_level": "Write", - "description": "Grants permission to generate a software license for an AWS Elemental Appliances and Software purchase", - "privilege": "GenerateLicense", + "description": "Grants permission to allow an NFS client root-access to a file system", + "privilege": "ClientRootAccess", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "file-system*" + }, + { + "condition_keys": [ + "elasticfilesystem:AccessPointArn", + "elasticfilesystem:AccessedViaMountTarget" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to generate Software Licenses for AWS Elemental Appliances and Software Purchases", - "privilege": "GenerateLicenses", + "description": "Grants permission to allow an NFS client write-access to a file system", + "privilege": "ClientWrite", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the software version of an artifact group", - "privilege": "GetArtifactGroupSoftwareVersions", - "resource_types": [ + "resource_type": "file-system*" + }, { - "condition_keys": [], + "condition_keys": [ + "elasticfilesystem:AccessPointArn", + "elasticfilesystem:AccessedViaMountTarget" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe an asset", - "privilege": "GetAsset", + "access_level": "Write", + "description": "Grants permission to create an access point for the specified file system", + "privilege": "CreateAccessPoint", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "elasticfilesystem:TagResource" + ], + "resource_type": "file-system*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe assets associated to the requesting account", - "privilege": "GetAssets", + "access_level": "Write", + "description": "Grants permission to create a new, empty file system", + "privilege": "CreateFileSystem", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "elasticfilesystem:Encrypted" + ], + "dependent_actions": [ + "elasticfilesystem:TagResource" + ], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get all product advisories", - "privilege": "GetProductAdvisories", + "access_level": "Write", + "description": "Grants permission to create a mount target for a file system", + "privilege": "CreateMountTarget", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "file-system*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe available software versions", - "privilege": "GetSoftwareVersions", + "access_level": "Write", + "description": "Grants permission to create a new replication configuration", + "privilege": "CreateReplicationConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "file-system*" } ] }, { - "access_level": "Write", - "description": "Grants permission to start the process of uploading a Software file for AWS Elemental Appliances and Software Purchases", - "privilege": "StartFileUpload", + "access_level": "Tagging", + "description": "Grants permission to create or overwrite tags associated with a file system; deprecated, see TagResource", + "privilege": "CreateTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - } - ], - "resources": [], - "service_name": "AWS Elemental Appliances and Software Activation Service" - }, - { - "conditions": [], - "prefix": "elemental-appliances-software", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to complete an upload of an attachment for a quote or order", - "privilege": "CompleteUpload", - "resource_types": [ + "resource_type": "file-system*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -127591,351 +130763,346 @@ }, { "access_level": "Write", - "description": "Grants permission to create an order", - "privilege": "CreateOrderV1", + "description": "Grants permission to delete the specified access point", + "privilege": "DeleteAccessPoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "access-point*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a quote", - "privilege": "CreateQuote", + "description": "Grants permission to delete a file system, permanently severing access to its contents", + "privilege": "DeleteFileSystem", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "quote*" + "resource_type": "file-system*" } ] }, { - "access_level": "Read", - "description": "Grants permission to validate an address", - "privilege": "GetAvsCorrectAddress", + "access_level": "Permissions management", + "description": "Grants permission to delete the resource-level policy for a file system", + "privilege": "DeleteFileSystemPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "file-system*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list the billing addresses in the AWS Account", - "privilege": "GetBillingAddresses", + "access_level": "Write", + "description": "Grants permission to delete the specified mount target", + "privilege": "DeleteMountTarget", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "file-system*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list the delivery addresses in the AWS Account", - "privilege": "GetDeliveryAddressesV2", + "access_level": "Write", + "description": "Grants permission to delete a replication configuration", + "privilege": "DeleteReplicationConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "file-system*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe an order", - "privilege": "GetOrder", + "access_level": "Tagging", + "description": "Grants permission to delete the specified tags from a file system; deprecated, see UntagResource", + "privilege": "DeleteTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "file-system*" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list the orders in the AWS Account", - "privilege": "GetOrdersV2", + "access_level": "List", + "description": "Grants permission to view the descriptions of Amazon EFS access points", + "privilege": "DescribeAccessPoints", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "access-point" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "file-system" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a quote", - "privilege": "GetQuote", + "access_level": "List", + "description": "Grants permission to view the account preferences in effect for an account", + "privilege": "DescribeAccountPreferences", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "quote*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to calculate taxes for an order", - "privilege": "GetTaxes", + "description": "Grants permission to view the BackupPolicy object for an Amazon EFS file system", + "privilege": "DescribeBackupPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "file-system*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the quotes in the AWS Account", - "privilege": "ListQuotes", + "access_level": "Read", + "description": "Grants permission to view the resource-level policy for an Amazon EFS file system", + "privilege": "DescribeFileSystemPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "file-system" } ] }, { - "access_level": "Write", - "description": "Grants permission to start an upload of an attachment for a quote or order", - "privilege": "StartUpload", + "access_level": "List", + "description": "Grants permission to view the description of an Amazon EFS file system specified by file system CreationToken or FileSystemId; or to view the description of all file systems owned by the caller's AWS account in the AWS region of the endpoint that is being called", + "privilege": "DescribeFileSystems", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "file-system" } ] }, { - "access_level": "Write", - "description": "Grants permission to submit an order", - "privilege": "SubmitOrderV1", + "access_level": "Read", + "description": "Grants permission to view the LifecycleConfiguration object for an Amazon EFS file system", + "privilege": "DescribeLifecycleConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "file-system*" } ] }, { - "access_level": "Write", - "description": "Grants permission to modify a quote", - "privilege": "UpdateQuote", + "access_level": "Read", + "description": "Grants permission to view the security groups in effect for a mount target", + "privilege": "DescribeMountTargetSecurityGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "quote*" + "resource_type": "file-system*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:elemental-appliances-software:${Region}:${Account}:quote/${ResourceId}", - "condition_keys": [], - "resource": "quote" - } - ], - "service_name": "AWS Elemental Appliances and Software" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by tags that are passed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tags associated with the resource", - "type": "String" }, { - "condition": "aws:TagKeys", - "description": "Filters access by tag keys that are passed in the request", - "type": "ArrayOfString" - } - ], - "prefix": "elemental-support-cases", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to add a comment to a support case", - "privilege": "AddCaseComment", + "access_level": "Read", + "description": "Grants permission to view the descriptions of all mount targets, or a specific mount target, for a file system", + "privilege": "DescribeMountTargets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "case*" + "resource_type": "file-system*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "access-point" } ] }, { - "access_level": "Write", - "description": "Grants permission to verify whether the caller has the permissions to perform support case operations", - "privilege": "CheckCasePermission", + "access_level": "List", + "description": "Grants permission to view the description of an Amazon EFS replication configuration specified by FileSystemId; or to view the description of all replication configurations owned by the caller's AWS account in the AWS region of the endpoint that is being called", + "privilege": "DescribeReplicationConfigurations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "file-system" } ] }, { - "access_level": "Write", - "description": "Grants permission to complete a multipart file upload to a support case", - "privilege": "CompleteMultipartUpload", + "access_level": "Read", + "description": "Grants permission to view the tags associated with a file system", + "privilege": "DescribeTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "case*" + "resource_type": "file-system*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a support case", - "privilege": "CreateCase", + "access_level": "Read", + "description": "Grants permission to view the tags associated with the specified Amazon EFS resource", + "privilege": "ListTagsForResource", "resource_types": [ { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "access-point" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "file-system" } ] }, { "access_level": "Write", - "description": "Grants permission to create a cli command to allow a file upload to a support case", - "privilege": "CreateS3CLIUploadCommand", + "description": "Grants permission to modify the set of security groups in effect for a mount target", + "privilege": "ModifyMountTargetSecurityGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "case*" + "resource_type": "file-system*" } ] }, { "access_level": "Write", - "description": "Grants permission to download a file from a support case", - "privilege": "CreateS3DownloadUrl", + "description": "Grants permission to set the account preferences of an account", + "privilege": "PutAccountPreferences", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "case*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a support case in your account", - "privilege": "GetCase", + "access_level": "Write", + "description": "Grants permission to enable or disable automatic backups with AWS Backup by creating a new BackupPolicy object", + "privilege": "PutBackupPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "case*" + "resource_type": "file-system*" } ] }, { - "access_level": "Read", - "description": "Grants permission to verify whether the caller has the permissions to perform support case operations", - "privilege": "GetCasePermission", + "access_level": "Permissions management", + "description": "Grants permission to apply a resource-level policy that defines the actions allowed or denied from given actors for the specified file system", + "privilege": "PutFileSystemPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "file-system*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list the support cases in your account", - "privilege": "GetCases", + "access_level": "Write", + "description": "Grants permission to enable lifecycle management by creating a new LifecycleConfiguration object", + "privilege": "PutLifecycleConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "file-system*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve cached case user data for use in the Console", - "privilege": "GetUICache", + "description": "Grants permission to read file system data for replication", + "privilege": "ReplicationRead", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "file-system*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list tags on a support case", - "privilege": "ListTagsForCase", + "access_level": "Write", + "description": "Grants permission to replicate data to a file system", + "privilege": "ReplicationWrite", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "case*" + "resource_type": "file-system*" } ] }, { "access_level": "Write", - "description": "Grants permission to start a multipart file upload to a support case", - "privilege": "StartMultipartUpload", + "description": "Grants permission to start a restore job for a backup of a file system", + "privilege": "Restore", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "case*" + "resource_type": "file-system*" } ] }, { "access_level": "Tagging", - "description": "Grants permission to add a tag on a support case", - "privilege": "TagCase", + "description": "Grants permission to create or overwrite tags associated with the specified Amazon EFS resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "case*" + "resource_type": "access-point" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "file-system" }, { "condition_keys": [ + "aws:RequestTag/${TagKey}", "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "elasticfilesystem:CreateAction" ], "dependent_actions": [], "resource_type": "" @@ -127944,13 +131111,18 @@ }, { "access_level": "Tagging", - "description": "Grants permission to remove a tag on a support case", - "privilege": "UntagCase", + "description": "Grants permission to delete the specified tags from an Amazon EFS resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "case*" + "resource_type": "access-point" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "file-system" }, { "condition_keys": [ @@ -127963,135 +131135,166 @@ }, { "access_level": "Write", - "description": "Grants permission to update a support case", - "privilege": "UpdateCase", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "case*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a support case status", - "privilege": "UpdateCaseStatus", + "description": "Grants permission to update the throughput mode or the amount of provisioned throughput of an existing file system", + "privilege": "UpdateFileSystem", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "case*" + "resource_type": "file-system*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a multipart file upload to a support case", - "privilege": "UpdateMultipartUpload", + "description": "Grants permission to update the file system protection of an existing file system", + "privilege": "UpdateFileSystemProtection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "case*" + "resource_type": "file-system*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:elemental-support-cases::${Account}:case/${ResourceId}", + "arn": "arn:${Partition}:elasticfilesystem:${Region}:${Account}:file-system/${FileSystemId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "case" - } - ], - "service_name": "AWS Elemental Support Cases" - }, - { - "conditions": [], - "prefix": "elemental-support-content", - "privileges": [ + "resource": "file-system" + }, { - "access_level": "Read", - "description": "Grants permission to search support content", - "privilege": "Query", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] + "arn": "arn:${Partition}:elasticfilesystem:${Region}:${Account}:access-point/${AccessPointId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "access-point" } ], - "resources": [], - "service_name": "AWS Elemental Support Content" + "service_name": "Amazon Elastic File System" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tag key-value pairs present in the request", + "description": "Filters access by a tag key and value pair that is allowed in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tag key-value pairs attached to the resource", + "description": "Filters access by a tag key and value pair of a resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by the tag keys present in the request", + "description": "Filters access by a list of tag keys that are allowed in the request", "type": "ArrayOfString" }, { - "condition": "emr-containers:ExecutionRoleArn", - "description": "Filters access by the execution role arn present in the request", - "type": "ARN" + "condition": "elasticloadbalancing:CreateAction", + "description": "Filters access by the name of a resource-creating API action", + "type": "String" }, { - "condition": "emr-containers:JobTemplateArn", - "description": "Filters access by the job template arn present in the request", - "type": "ARN" + "condition": "elasticloadbalancing:ListenerProtocol", + "description": "Filters access by the listener protocols that are allowed in the request", + "type": "ArrayOfString" + }, + { + "condition": "elasticloadbalancing:ResourceTag/", + "description": "Filters access by the preface string for a tag key and value pair that are attached to a resource", + "type": "String" + }, + { + "condition": "elasticloadbalancing:ResourceTag/${TagKey}", + "description": "Filters access by the preface string for a tag key and value pair that are attached to a resource", + "type": "String" + }, + { + "condition": "elasticloadbalancing:Scheme", + "description": "Filters access by the load balancer scheme that are allowed in the request", + "type": "String" + }, + { + "condition": "elasticloadbalancing:SecurityGroup", + "description": "Filters access by the security-group IDs that are allowed in the request", + "type": "ArrayOfString" + }, + { + "condition": "elasticloadbalancing:SecurityPolicy", + "description": "Filters access by the SSL Security Policies that are allowed in the request", + "type": "ArrayOfString" + }, + { + "condition": "elasticloadbalancing:Subnet", + "description": "Filters access by the subnet IDs that are allowed in the request", + "type": "ArrayOfString" } ], - "prefix": "emr-containers", + "prefix": "elasticloadbalancing", "privileges": [ { - "access_level": "Write", - "description": "Grants permission to cancel a job run", - "privilege": "CancelJobRun", + "access_level": "Tagging", + "description": "Grants permission to add the specified tags to the specified load balancer. Each load balancer can have a maximum of 10 tags", + "privilege": "AddTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "jobRun*" + "resource_type": "loadbalancer*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}", + "elasticloadbalancing:CreateAction" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a certificate", - "privilege": "CreateCertificate", + "description": "Grants permission to associate one or more security groups with your load balancer in a virtual private cloud (VPC)", + "privilege": "ApplySecurityGroupsToLoadBalancer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "loadbalancer*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}", + "elasticloadbalancing:SecurityGroup" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a job template", - "privilege": "CreateJobTemplate", + "description": "Grants permission to add one or more subnets to the set of configured subnets for the specified load balancer", + "privilege": "AttachLoadBalancerToSubnets", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer*" + }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}", + "elasticloadbalancing:Subnet" ], "dependent_actions": [], "resource_type": "" @@ -128100,19 +131303,18 @@ }, { "access_level": "Write", - "description": "Grants permission to create a managed endpoint", - "privilege": "CreateManagedEndpoint", + "description": "Grants permission to specify the health check settings to use when evaluating the health state of your back-end instances", + "privilege": "ConfigureHealthCheck", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "virtualCluster*" + "resource_type": "loadbalancer*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "emr-containers:ExecutionRoleArn" + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -128121,13 +131323,18 @@ }, { "access_level": "Write", - "description": "Grants permission to create a security configuration", - "privilege": "CreateSecurityConfiguration", + "description": "Grants permission to generate a stickiness policy with sticky session lifetimes that follow that of an application-generated cookie", + "privilege": "CreateAppCookieStickinessPolicy", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer*" + }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -128136,13 +131343,18 @@ }, { "access_level": "Write", - "description": "Grants permission to create a virtual cluster", - "privilege": "CreateVirtualCluster", + "description": "Grants permission to generate a stickiness policy with sticky session lifetimes controlled by the lifetime of the browser (user-agent) or a specified expiration period", + "privilege": "CreateLBCookieStickinessPolicy", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer*" + }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -128151,128 +131363,194 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a job template", - "privilege": "DeleteJobTemplate", + "description": "Grants permission to create a load balancer", + "privilege": "CreateLoadBalancer", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "elasticloadbalancing:AddTags" + ], + "resource_type": "loadbalancer" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}", + "elasticloadbalancing:SecurityGroup", + "elasticloadbalancing:Subnet", + "elasticloadbalancing:Scheme", + "elasticloadbalancing:ListenerProtocol" + ], "dependent_actions": [], - "resource_type": "jobTemplate*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a managed endpoint", - "privilege": "DeleteManagedEndpoint", + "description": "Grants permission to create one or more listeners for the specified load balancer", + "privilege": "CreateLoadBalancerListeners", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "managedEndpoint*" + "resource_type": "loadbalancer*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}", + "elasticloadbalancing:ListenerProtocol" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a virtual cluster", - "privilege": "DeleteVirtualCluster", + "description": "Grants permission to create a policy with the specified attributes for the specified load balancer", + "privilege": "CreateLoadBalancerPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "virtualCluster*" + "resource_type": "loadbalancer*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}", + "elasticloadbalancing:SecurityPolicy" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a job run", - "privilege": "DescribeJobRun", + "access_level": "Write", + "description": "Grants permission to delete the specified load balancer", + "privilege": "DeleteLoadBalancer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "jobRun*" + "resource_type": "loadbalancer*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a job template", - "privilege": "DescribeJobTemplate", + "access_level": "Write", + "description": "Grants permission to delete the specified listeners from the specified load balancer", + "privilege": "DeleteLoadBalancerListeners", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "jobTemplate*" + "resource_type": "loadbalancer*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a managed endpoint", - "privilege": "DescribeManagedEndpoint", + "access_level": "Write", + "description": "Grants permission to delete the specified policy from the specified load balancer. This policy must not be enabled for any listeners", + "privilege": "DeleteLoadBalancerPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "managedEndpoint*" + "resource_type": "loadbalancer*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a security configuration", - "privilege": "DescribeSecurityConfiguration", + "access_level": "Write", + "description": "Grants permission to deregister the specified instances from the specified load balancer", + "privilege": "DeregisterInstancesFromLoadBalancer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "securityConfiguration*" + "resource_type": "loadbalancer*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a virtual cluster", - "privilege": "DescribeVirtualCluster", + "description": "Grants permission to describe the state of the specified instances with respect to the specified load balancer", + "privilege": "DescribeInstanceHealth", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "virtualCluster*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to generate a session token used to connect to a managed endpoint", - "privilege": "GetManagedEndpointSessionCredentials", + "access_level": "Read", + "description": "Grants permission to describe the attributes for the specified load balancer", + "privilege": "DescribeLoadBalancerAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "managedEndpoint*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list job runs associated with a virtual cluster", - "privilege": "ListJobRuns", + "access_level": "Read", + "description": "Grants permission to describe the specified policies", + "privilege": "DescribeLoadBalancerPolicies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "virtualCluster*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list job templates", - "privilege": "ListJobTemplates", + "access_level": "Read", + "description": "Grants permission to describe the specified load balancer policy types", + "privilege": "DescribeLoadBalancerPolicyTypes", "resource_types": [ { "condition_keys": [], @@ -128283,20 +131561,20 @@ }, { "access_level": "List", - "description": "Grants permission to list managed endpoints associated with a virtual cluster", - "privilege": "ListManagedEndpoints", + "description": "Grants permission to describe the specified the load balancers. If no load balancers are specified, the call describes all of your load balancers", + "privilege": "DescribeLoadBalancers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "virtualCluster*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list security configurations", - "privilege": "ListSecurityConfigurations", + "access_level": "Read", + "description": "Grants permission to describe the tags associated with the specified load balancers", + "privilege": "DescribeTags", "resource_types": [ { "condition_keys": [], @@ -128306,60 +131584,79 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list tags for the specified resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to remove the specified subnets from the set of configured subnets for the load balancer", + "privilege": "DetachLoadBalancerFromSubnets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "jobRun" + "resource_type": "loadbalancer*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "jobTemplate" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to remove the specified Availability Zones from the set of Availability Zones for the specified load balancer", + "privilege": "DisableAvailabilityZonesForLoadBalancer", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "managedEndpoint" + "resource_type": "loadbalancer*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "virtualCluster" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list virtual clusters", - "privilege": "ListVirtualClusters", + "access_level": "Write", + "description": "Grants permission to add the specified Availability Zones to the set of Availability Zones for the specified load balancer", + "privilege": "EnableAvailabilityZonesForLoadBalancer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "loadbalancer*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start a job run", - "privilege": "StartJobRun", + "description": "Grants permission to modify the attributes of the specified load balancer", + "privilege": "ModifyLoadBalancerAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "virtualCluster*" + "resource_type": "loadbalancer*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "emr-containers:ExecutionRoleArn", - "emr-containers:JobTemplateArn" + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -128367,34 +131664,41 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag the specified resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to add the specified instances to the specified load balancer", + "privilege": "RegisterInstancesWithLoadBalancer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "jobRun" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "jobTemplate" + "resource_type": "loadbalancer*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "managedEndpoint" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to remove one or more tags from the specified load balancer", + "privilege": "RemoveTags", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "virtualCluster" + "resource_type": "loadbalancer*" }, { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -128402,33 +131706,60 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag the specified resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to set the certificate that terminates the specified listener's SSL connections", + "privilege": "SetLoadBalancerListenerSSLCertificate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "jobRun" + "resource_type": "loadbalancer*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "jobTemplate" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to replace the set of policies associated with the specified port on which the back-end server is listening with a new set of policies", + "privilege": "SetLoadBalancerPoliciesForBackendServer", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "managedEndpoint" + "resource_type": "loadbalancer*" }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to replace the current set of policies for the specified load balancer port with the specified set of policies", + "privilege": "SetLoadBalancerPoliciesOfListener", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "virtualCluster" + "resource_type": "loadbalancer*" }, { "condition_keys": [ - "aws:TagKeys" + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}", + "elasticloadbalancing:SecurityPolicy" ], "dependent_actions": [], "resource_type": "" @@ -128438,117 +131769,158 @@ ], "resources": [ { - "arn": "arn:${Partition}:emr-containers:${Region}:${Account}:/virtualclusters/${VirtualClusterId}", + "arn": "arn:${Partition}:elasticloadbalancing:${Region}:${Account}:loadbalancer/${LoadBalancerName}", "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" ], - "resource": "virtualCluster" - }, + "resource": "loadbalancer" + } + ], + "service_name": "AWS Elastic Load Balancing" + }, + { + "conditions": [ { - "arn": "arn:${Partition}:emr-containers:${Region}:${Account}:/virtualclusters/${VirtualClusterId}/jobruns/${JobRunId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "jobRun" + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by a tag key and value pair that is allowed in the request", + "type": "String" }, { - "arn": "arn:${Partition}:emr-containers:${Region}:${Account}:/jobtemplates/${JobTemplateId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "jobTemplate" + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by a tag key and value pair of a resource", + "type": "String" }, { - "arn": "arn:${Partition}:emr-containers:${Region}:${Account}:/virtualclusters/${VirtualClusterId}/endpoints/${EndpointId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "managedEndpoint" + "condition": "aws:TagKeys", + "description": "Filters access by a list of tag keys that are allowed in the request", + "type": "ArrayOfString" }, { - "arn": "arn:${Partition}:emr-containers:${Region}:${Account}:/securityconfigurations/${SecurityConfigurationId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "securityConfiguration" + "condition": "elasticloadbalancing:CreateAction", + "description": "Filters access by the name of a resource-creating API action", + "type": "String" }, { - "arn": "arn:${Partition}:emr-containers:${Region}:${Account}:/certificates/${CertificateId}", - "condition_keys": [], - "resource": "certificate" - } - ], - "service_name": "Amazon EMR on EKS (EMR Containers)" - }, - { - "conditions": [ + "condition": "elasticloadbalancing:ListenerProtocol", + "description": "Filters access by the listener protocol that is allowed in the request", + "type": "String" + }, { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request", + "condition": "elasticloadbalancing:ResourceTag/${TagKey}", + "description": "Filters access by the preface string for a tag key and value pair that are attached to a resource", "type": "String" }, { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tag key-value pairs attached to the resource", + "condition": "elasticloadbalancing:Scheme", + "description": "Filters access by the load balancer scheme that is allowed in the request", "type": "String" }, { - "condition": "aws:TagKeys", - "description": "Filters access by the presence of tag keys in the request", + "condition": "elasticloadbalancing:SecurityGroup", + "description": "Filters access by the security-group IDs that are allowed in the request", + "type": "ArrayOfString" + }, + { + "condition": "elasticloadbalancing:SecurityPolicy", + "description": "Filters access by the SSL Security Policies that are allowed in the request", + "type": "ArrayOfString" + }, + { + "condition": "elasticloadbalancing:Subnet", + "description": "Filters access by the subnet IDs that are allowed in the request", "type": "ArrayOfString" } ], - "prefix": "emr-serverless", + "prefix": "elasticloadbalancing", "privileges": [ { "access_level": "Write", - "description": "Grants permission to execute interactive workloads on an application", - "privilege": "AccessInteractiveEndpoints", + "description": "Grants permission to add the specified certificates to the specified secure listener", + "privilege": "AddListenerCertificates", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:PassRole" - ], - "resource_type": "application*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to execute interactive workloads on Livy Endpoint enabled on an EMR Serverless Application", - "privilege": "AccessLivyEndpoints", - "resource_types": [ + "dependent_actions": [], + "resource_type": "listener/app*" + }, { "condition_keys": [], - "dependent_actions": [ - "iam:PassRole" + "dependent_actions": [], + "resource_type": "listener/net*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" ], - "resource_type": "application*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to cancel a job run", - "privilege": "CancelJobRun", + "access_level": "Tagging", + "description": "Grants permission to add the specified tags to the specified load balancer. Each load balancer can have a maximum of 10 tags", + "privilege": "AddTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "jobRun*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create an Application", - "privilege": "CreateApplication", - "resource_types": [ + "resource_type": "listener-rule/app" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "listener-rule/net" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "listener/app" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "listener/gwy" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "listener/net" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer/app/" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer/gwy/" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer/net/" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "targetgroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "truststore" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}", + "elasticloadbalancing:CreateAction" ], "dependent_actions": [], "resource_type": "" @@ -128557,133 +131929,180 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an application", - "privilege": "DeleteApplication", + "description": "Grants permission to add revocations to a trust store", + "privilege": "AddTrustStoreRevocations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get application", - "privilege": "GetApplication", - "resource_types": [ + "resource_type": "truststore*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get job run dashboard", - "privilege": "GetDashboardForJobRun", + "access_level": "Permissions management", + "description": "Grants permission to configure vended log delivery for load balancers", + "privilege": "AllowVendedLogDeliveryForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "jobRun*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a job run", - "privilege": "GetJobRun", + "access_level": "Write", + "description": "Grants permission to create a listener for the specified Application Load Balancer", + "privilege": "CreateListener", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "elasticloadbalancing:AddTags" + ], + "resource_type": "loadbalancer/app/" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "jobRun*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list applications", - "privilege": "ListApplications", - "resource_types": [ + "resource_type": "loadbalancer/gwy/" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "loadbalancer/net/" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}", + "elasticloadbalancing:SecurityPolicy", + "elasticloadbalancing:ListenerProtocol" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list job run attempts associated with a job run", - "privilege": "ListJobRunAttempts", + "access_level": "Write", + "description": "Grants permission to create a load balancer", + "privilege": "CreateLoadBalancer", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "elasticloadbalancing:AddTags" + ], + "resource_type": "loadbalancer/app/" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer/gwy/" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer/net/" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}", + "elasticloadbalancing:SecurityGroup", + "elasticloadbalancing:Subnet", + "elasticloadbalancing:Scheme" + ], "dependent_actions": [], - "resource_type": "jobRun*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list job runs associated with an application", - "privilege": "ListJobRuns", + "access_level": "Write", + "description": "Grants permission to create a rule for the specified listener", + "privilege": "CreateRule", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list tags for the specified resource", - "privilege": "ListTagsForResource", - "resource_types": [ + "dependent_actions": [ + "elasticloadbalancing:AddTags" + ], + "resource_type": "listener/app*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "application" + "resource_type": "listener/net*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "jobRun" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to Start an application", - "privilege": "StartApplication", + "description": "Grants permission to create a target group", + "privilege": "CreateTargetGroup", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "elasticloadbalancing:AddTags" + ], + "resource_type": "targetgroup*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start a job run", - "privilege": "StartJobRun", + "description": "Grants permission to create a trust store", + "privilege": "CreateTrustStore", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "iam:PassRole" + "elasticloadbalancing:AddTags" ], - "resource_type": "application*" + "resource_type": "truststore" }, { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -128692,35 +132111,28 @@ }, { "access_level": "Write", - "description": "Grants permission to Stop an application", - "privilege": "StopApplication", + "description": "Grants permission to delete the specified listener", + "privilege": "DeleteListener", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to tag the specified resource", - "privilege": "TagResource", - "resource_types": [ + "resource_type": "listener/app*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "application" + "resource_type": "listener/gwy*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "jobRun" + "resource_type": "listener/net*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -128728,23 +132140,29 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag the specified resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to delete the specified load balancer", + "privilege": "DeleteLoadBalancer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application" + "resource_type": "loadbalancer/app/" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "jobRun" + "resource_type": "loadbalancer/gwy/" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer/net/" }, { "condition_keys": [ - "aws:TagKeys" + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -128753,88 +132171,83 @@ }, { "access_level": "Write", - "description": "Grants permission to Update an application", - "privilege": "UpdateApplication", + "description": "Grants permission to delete the specified rule", + "privilege": "DeleteRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "listener-rule/app*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "listener-rule/net*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:emr-serverless:${Region}:${Account}:/applications/${ApplicationId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "application" - }, - { - "arn": "arn:${Partition}:emr-serverless:${Region}:${Account}:/applications/${ApplicationId}/jobruns/${JobRunId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "jobRun" - } - ], - "service_name": "Amazon EMR Serverless" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by a key that is present in the request the user makes to the entity resolution service", - "type": "String" }, { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by a tag key and value pair", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the list of all the tag key names present in the request the user makes to the entity resolution service", - "type": "ArrayOfString" - } - ], - "prefix": "entityresolution", - "privileges": [ - { - "access_level": "Permissions management", - "description": "Grants permission to give an AWS service or another account permission to use an AWS Entity Resolution resources", - "privilege": "AddPolicyStatement", + "access_level": "Write", + "description": "Grants permission to delete the specified shared trust store association", + "privilege": "DeleteSharedTrustStoreAssociation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "truststore*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to batch delete unique Id", - "privilege": "BatchDeleteUniqueId", + "description": "Grants permission to delete the specified target group", + "privilege": "DeleteTargetGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "MatchingWorkflow*" + "resource_type": "targetgroup*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a idmapping workflow", - "privilege": "CreateIdMappingWorkflow", + "description": "Grants permission to delete the specified trust store", + "privilege": "DeleteTrustStore", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "truststore*" + }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -128843,13 +132256,18 @@ }, { "access_level": "Write", - "description": "Grants permission to create a IdNamespace", - "privilege": "CreateIdNamespace", + "description": "Grants permission to deregister the specified targets from the specified target group", + "privilege": "DeregisterTargets", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "targetgroup*" + }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -128857,75 +132275,69 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a matching workflow", - "privilege": "CreateMatchingWorkflow", + "access_level": "Read", + "description": "Grants permission to describe the Elastic Load Balancing resource limits for the AWS account", + "privilege": "DescribeAccountLimits", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a schema mapping", - "privilege": "CreateSchemaMapping", + "access_level": "Read", + "description": "Grants permission to describe the capacity reservation for a load balancer", + "privilege": "DescribeCapacityReservation", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a idmapping workflow", - "privilege": "DeleteIdMappingWorkflow", + "access_level": "Read", + "description": "Grants permission to describe the attributes for the specified listener", + "privilege": "DescribeListenerAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "IdMappingWorkflow*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a IdNamespace", - "privilege": "DeleteIdNamespace", + "access_level": "Read", + "description": "Grants permission to describe the certificates for the specified secure listener", + "privilege": "DescribeListenerCertificates", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "IdNamespace*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a matching workflow", - "privilege": "DeleteMatchingWorkflow", + "access_level": "Read", + "description": "Grants permission to describe the specified listeners or the listeners for the specified Application Load Balancer", + "privilege": "DescribeListeners", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "MatchingWorkflow*" + "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to delete permission given to an AWS service or another account permission to use an AWS Entity Resolution resources", - "privilege": "DeletePolicyStatement", + "access_level": "Read", + "description": "Grants permission to describe the attributes for the specified load balancer", + "privilege": "DescribeLoadBalancerAttributes", "resource_types": [ { "condition_keys": [], @@ -128935,93 +132347,93 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete a schema mapping", - "privilege": "DeleteSchemaMapping", + "access_level": "List", + "description": "Grants permission to describe the specified the load balancers. If no load balancers are specified, the call describes all of your load balancers", + "privilege": "DescribeLoadBalancers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SchemaMapping*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get a idmapping job", - "privilege": "GetIdMappingJob", + "description": "Grants permission to describe the specified rules or the rules for the specified listener", + "privilege": "DescribeRules", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "IdMappingWorkflow*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get a idmapping workflow", - "privilege": "GetIdMappingWorkflow", + "description": "Grants permission to describe the specified policies or all policies used for SSL negotiation", + "privilege": "DescribeSSLPolicies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "IdMappingWorkflow*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get a IdNamespace", - "privilege": "GetIdNamespace", + "description": "Grants permission to describe the tags associated with the specified resource", + "privilege": "DescribeTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "IdNamespace*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get match Id", - "privilege": "GetMatchId", + "description": "Grants permission to describe the attributes for the specified target group", + "privilege": "DescribeTargetGroupAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "MatchingWorkflow*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get a matching job", - "privilege": "GetMatchingJob", + "description": "Grants permission to describe the specified target groups or all of your target groups", + "privilege": "DescribeTargetGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "MatchingWorkflow*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get a matching workflow", - "privilege": "GetMatchingWorkflow", + "description": "Grants permission to describe the health of the specified targets or all of your targets", + "privilege": "DescribeTargetHealth", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "MatchingWorkflow*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get a resource policy for an AWS Entity Resolution resources", - "privilege": "GetPolicy", + "description": "Grants permission to describe the associations with a trust store", + "privilege": "DescribeTrustStoreAssociations", "resource_types": [ { "condition_keys": [], @@ -129032,194 +132444,354 @@ }, { "access_level": "Read", - "description": "Grants permission to get provider service", - "privilege": "GetProviderService", + "description": "Grants permission to describe the specified trust stores revocations or all of your revocations related to a trust store", + "privilege": "DescribeTrustStoreRevocations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ProviderService*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get a schema mapping", - "privilege": "GetSchemaMapping", + "description": "Grants permission to describe the specified trust stores or all of your trust stores", + "privilege": "DescribeTrustStores", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SchemaMapping*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list idmapping jobs", - "privilege": "ListIdMappingJobs", + "access_level": "Read", + "description": "Grants permission to retrieve the resource policy associated with the resource", + "privilege": "GetResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "IdMappingWorkflow*" + "resource_type": "truststore" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list idmapping workflows", - "privilege": "ListIdMappingWorkflows", + "access_level": "Read", + "description": "Grants permission to retrieve a trust store CA certificates bundle", + "privilege": "GetTrustStoreCaCertificatesBundle", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "truststore*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list IdNamespaces", - "privilege": "ListIdNamespaces", + "access_level": "Read", + "description": "Grants permission to retrieve a trust store revocation content", + "privilege": "GetTrustStoreRevocationContent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "truststore*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list matching jobs", - "privilege": "ListMatchingJobs", + "access_level": "Write", + "description": "Grants permission to modify the capacity reservation for a load balancer", + "privilege": "ModifyCapacityReservation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "MatchingWorkflow*" + "resource_type": "loadbalancer/app/" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer/gwy/" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer/net/" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list matching workflows", - "privilege": "ListMatchingWorkflows", + "access_level": "Write", + "description": "Grants permission to modify the ip pools for a load balancer", + "privilege": "ModifyIpPools", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "loadbalancer/app/" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list provider service", - "privilege": "ListProviderServices", + "access_level": "Write", + "description": "Grants permission to modify the specified properties of the specified listener", + "privilege": "ModifyListener", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ProviderService*" + "resource_type": "listener/app*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "listener/gwy*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "listener/net*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}", + "elasticloadbalancing:SecurityPolicy", + "elasticloadbalancing:ListenerProtocol" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list schema mappings", - "privilege": "ListSchemaMappings", + "access_level": "Write", + "description": "Grants permission to modify the attributes of the specified listener", + "privilege": "ModifyListenerAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "listener/app*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "listener/gwy*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "listener/net*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to List tags for a resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to modify the attributes of the specified load balancer", + "privilege": "ModifyLoadBalancerAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "loadbalancer/app/" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer/gwy/" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer/net/" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to put a resource policy for an AWS Entity Resolution resources", - "privilege": "PutPolicy", + "access_level": "Write", + "description": "Grants permission to modify the specified rule", + "privilege": "ModifyRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "listener-rule/app*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "listener-rule/net*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start a idmapping job", - "privilege": "StartIdMappingJob", + "description": "Grants permission to modify the health checks used when evaluating the health state of the targets in the specified target group", + "privilege": "ModifyTargetGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "IdMappingWorkflow*" + "resource_type": "targetgroup*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start a matching job", - "privilege": "StartMatchingJob", + "description": "Grants permission to modify the specified attributes of the specified target group", + "privilege": "ModifyTargetGroupAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "MatchingWorkflow*" + "resource_type": "targetgroup*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to adds tags to a resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to modify the specified trust store", + "privilege": "ModifyTrustStore", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "IdMappingWorkflow" + "resource_type": "truststore*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "IdNamespace" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to register the specified targets with the specified target group", + "privilege": "RegisterTargets", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "MatchingWorkflow" + "resource_type": "targetgroup*" }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to remove the specified certificates of the specified secure listener", + "privilege": "RemoveListenerCertificates", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ProviderService" + "resource_type": "listener/app*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "SchemaMapping" + "resource_type": "listener/net*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -129228,37 +132800,65 @@ }, { "access_level": "Tagging", - "description": "Grants permission to untag a resource", - "privilege": "UntagResource", + "description": "Grants permission to remove one or more tags from the specified load balancer", + "privilege": "RemoveTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "IdMappingWorkflow" + "resource_type": "listener-rule/app" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "IdNamespace" + "resource_type": "listener-rule/net" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "MatchingWorkflow" + "resource_type": "listener/app" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ProviderService" + "resource_type": "listener/gwy" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "SchemaMapping" + "resource_type": "listener/net" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer/app/" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer/gwy/" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer/net/" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "targetgroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "truststore" }, { "condition_keys": [ - "aws:TagKeys" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -129267,68 +132867,132 @@ }, { "access_level": "Write", - "description": "Grants permission to update a idmapping workflow", - "privilege": "UpdateIdMappingWorkflow", + "description": "Grants permission to remove revocations from a trust store", + "privilege": "RemoveTrustStoreRevocations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "IdMappingWorkflow*" + "resource_type": "truststore*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a IdNamespace", - "privilege": "UpdateIdNamespace", + "description": "Grants permission to set the type of IP addresses used by the subnets of the specified load balancer", + "privilege": "SetIpAddressType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "IdNamespace*" + "resource_type": "loadbalancer/app/" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer/gwy/" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer/net/" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a matching workflow", - "privilege": "UpdateMatchingWorkflow", + "description": "Grants permission to set the priorities of the specified rules", + "privilege": "SetRulePriorities", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "MatchingWorkflow*" + "resource_type": "listener-rule/app*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "listener-rule/net*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a schema mapping", - "privilege": "UpdateSchemaMapping", + "description": "Grants permission to associate the specified security groups with the specified load balancer", + "privilege": "SetSecurityGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SchemaMapping*" + "resource_type": "loadbalancer/app/" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer/net/" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}", + "elasticloadbalancing:SecurityGroup" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to give an AWS service or another account permission to use IdNamespace within a workflow", - "privilege": "UseIdNamespace", + "access_level": "Write", + "description": "Grants permission to enable the Availability Zone for the specified subnets for the specified load balancer", + "privilege": "SetSubnets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "loadbalancer/app/" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer/gwy/" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer/net/" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}", + "elasticloadbalancing:Subnet" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to give an AWS service or another account permission to use workflow within a IdNamespace", - "privilege": "UseWorkflow", + "access_level": "Write", + "description": "Grants permission to give WebAcl permission to WAF", + "privilege": "SetWebAcl", "resource_types": [ { "condition_keys": [], @@ -129340,113 +133004,172 @@ ], "resources": [ { - "arn": "arn:${Partition}:entityresolution:${Region}:${Account}:matchingworkflow/${WorkflowName}", + "arn": "arn:${Partition}:elasticloadbalancing:${Region}:${Account}:listener/gwy/${LoadBalancerName}/${LoadBalancerId}/${ListenerId}", "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" ], - "resource": "MatchingWorkflow" + "resource": "listener/gwy" }, { - "arn": "arn:${Partition}:entityresolution:${Region}:${Account}:schemamapping/${SchemaName}", + "arn": "arn:${Partition}:elasticloadbalancing:${Region}:${Account}:listener/app/${LoadBalancerName}/${LoadBalancerId}/${ListenerId}", "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" ], - "resource": "SchemaMapping" + "resource": "listener/app" }, { - "arn": "arn:${Partition}:entityresolution:${Region}:${Account}:idmappingworkflow/${WorkflowName}", + "arn": "arn:${Partition}:elasticloadbalancing:${Region}:${Account}:listener-rule/app/${LoadBalancerName}/${LoadBalancerId}/${ListenerId}/${ListenerRuleId}", "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" ], - "resource": "IdMappingWorkflow" + "resource": "listener-rule/app" }, { - "arn": "arn:${Partition}:entityresolution:${Region}:${Account}:providerservice/${ProviderName}/${ProviderServiceName}", + "arn": "arn:${Partition}:elasticloadbalancing:${Region}:${Account}:listener/net/${LoadBalancerName}/${LoadBalancerId}/${ListenerId}", "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" ], - "resource": "ProviderService" + "resource": "listener/net" }, { - "arn": "arn:${Partition}:entityresolution:${Region}:${Account}:idnamespace/${IdNamespaceName}", + "arn": "arn:${Partition}:elasticloadbalancing:${Region}:${Account}:listener-rule/net/${LoadBalancerName}/${LoadBalancerId}/${ListenerId}/${ListenerRuleId}", "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" ], - "resource": "IdNamespace" + "resource": "listener-rule/net" + }, + { + "arn": "arn:${Partition}:elasticloadbalancing:${Region}:${Account}:loadbalancer/gwy/${LoadBalancerName}/${LoadBalancerId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "resource": "loadbalancer/gwy/" + }, + { + "arn": "arn:${Partition}:elasticloadbalancing:${Region}:${Account}:loadbalancer/app/${LoadBalancerName}/${LoadBalancerId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "resource": "loadbalancer/app/" + }, + { + "arn": "arn:${Partition}:elasticloadbalancing:${Region}:${Account}:loadbalancer/net/${LoadBalancerName}/${LoadBalancerId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "resource": "loadbalancer/net/" + }, + { + "arn": "arn:${Partition}:elasticloadbalancing:${Region}:${Account}:targetgroup/${TargetGroupName}/${TargetGroupId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "resource": "targetgroup" + }, + { + "arn": "arn:${Partition}:elasticloadbalancing:${Region}:${Account}:truststore/${TrustStoreName}/${TrustStoreId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "resource": "truststore" } ], - "service_name": "AWS Entity Resolution" + "service_name": "AWS Elastic Load Balancing V2" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access based on the tags that are passed in the request", + "description": "Filters access by whether the tag and value pair is provided with the action", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access based on the tags associated with the resource", + "description": "Filters access by the tag and value pair associated with an Amazon EMR resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access based on the tag keys that are passed in the request", + "description": "Filters access by whether the tag keys are provided with the action regardless of tag value", "type": "ArrayOfString" + }, + { + "condition": "elasticmapreduce:ExecutionRoleArn", + "description": "Filters access by whether the execution role ARN is provided with the action", + "type": "ARN" + }, + { + "condition": "elasticmapreduce:RequestTag/${TagKey}", + "description": "Filters access by whether the tag and value pair is provided with the action", + "type": "String" + }, + { + "condition": "elasticmapreduce:ResourceTag/${TagKey}", + "description": "Filters access by the tag and value pair associated with an Amazon EMR resource", + "type": "String" } ], - "prefix": "es", + "prefix": "elasticmapreduce", "privileges": [ { "access_level": "Write", - "description": "Grants permission to the destination domain owner to accept an inbound cross-cluster search connection request", - "privilege": "AcceptInboundConnection", + "description": "Grants permission to view all event logs in a persistent application history server", + "privilege": "AccessAllEventLogs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "cluster*" } ] }, { "access_level": "Write", - "description": "Grants permission to the destination domain owner to accept an inbound cross-cluster search connection request. This permission is deprecated. Use AcceptInboundConnection instead", - "privilege": "AcceptInboundCrossClusterSearchConnection", + "description": "Grants permission to add an instance fleet to a running cluster", + "privilege": "AddInstanceFleet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "cluster*" } ] }, { "access_level": "Write", - "description": "Grants permission to add the data source for the OpenSearch Service domain", - "privilege": "AddDataSource", + "description": "Grants permission to add instance groups to a running cluster", + "privilege": "AddInstanceGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "cluster*" } ] }, { "access_level": "Write", - "description": "Grants permission to add the data source for the provided OpenSearch arns", - "privilege": "AddDirectQueryDataSource", + "description": "Grants permission to add new steps to a running cluster", + "privilege": "AddJobFlowSteps", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datasource*" + "resource_type": "cluster*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "elasticmapreduce:ExecutionRoleArn" ], "dependent_actions": [], "resource_type": "" @@ -129455,28 +133178,34 @@ }, { "access_level": "Tagging", - "description": "Grants permission to attach resource tags to an OpenSearch Service domain, data source, or application", + "description": "Grants permission to add tags to an Amazon EMR resource", "privilege": "AddTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "cluster" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "datasource*" + "resource_type": "editor" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "notebook-execution" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "studio" }, { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "elasticmapreduce:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -129485,85 +133214,95 @@ }, { "access_level": "Write", - "description": "Grants permission to associate a package with an OpenSearch Service domain", - "privilege": "AssociatePackage", + "description": "Grants permission to attach an EMR notebook to a compute engine", + "privilege": "AttachEditor", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "editor*" } ] }, { "access_level": "Write", - "description": "Grants permission to associate multiple packages with an OpenSearch Service domain", - "privilege": "AssociatePackages", + "description": "Grants permission to cancel a pending step or steps in a running cluster", + "privilege": "CancelSteps", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "cluster*" } ] }, { "access_level": "Write", - "description": "Grants permission to provide access to an Amazon OpenSearch Service domain through the use of an interface VPC endpoint", - "privilege": "AuthorizeVpcEndpointAccess", + "description": "Grants permission to create an EMR notebook", + "privilege": "CreateEditor", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "cluster" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "elasticmapreduce:RequestTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to cancel a change on an OpenSearch Service domain", - "privilege": "CancelDomainConfigChange", + "description": "Grants permission to create a persistent application history server", + "privilege": "CreatePersistentAppUI", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "cluster*" } ] }, { "access_level": "Write", - "description": "Grants permission to cancel a service software update of a domain. This permission is deprecated. Use CancelServiceSoftwareUpdate instead", - "privilege": "CancelElasticsearchServiceSoftwareUpdate", + "description": "Grants permission to create an EMR notebook repository", + "privilege": "CreateRepository", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to cancel a service software update of a domain", - "privilege": "CancelServiceSoftwareUpdate", + "description": "Grants permission to create a security configuration", + "privilege": "CreateSecurityConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create an OpenSearch Application", - "privilege": "CreateApplication", + "description": "Grants permission to create an EMR Studio", + "privilege": "CreateStudio", "resource_types": [ { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "elasticmapreduce:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -129572,39 +133311,47 @@ }, { "access_level": "Write", - "description": "Grants permission to create an Amazon OpenSearch Service domain", - "privilege": "CreateDomain", + "description": "Grants permission to launch an EMR Studio using IAM authentication mode", + "privilege": "CreateStudioPresignedUrl", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain" - }, + "resource_type": "studio*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an EMR Studio session mapping", + "privilege": "CreateStudioSessionMapping", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "studio*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an OpenSearch Service domain. This permission is deprecated. Use CreateDomain instead", - "privilege": "CreateElasticsearchDomain", + "description": "Grants permission to delete an EMR notebook", + "privilege": "DeleteEditor", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain" - }, + "resource_type": "editor*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an EMR notebook repository", + "privilege": "DeleteRepository", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -129612,44 +133359,116 @@ }, { "access_level": "Write", - "description": "Grants permission to create the service-linked role required for OpenSearch Service domains that use VPC access. This permission is deprecated. OpenSearch Service creates the service-linked role for you", - "privilege": "CreateElasticsearchServiceRole", + "description": "Grants permission to delete a security configuration", + "privilege": "DeleteSecurityConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an EMR Studio", + "privilege": "DeleteStudio", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "studio*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an EMR Studio session mapping", + "privilege": "DeleteStudioSessionMapping", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "studio*" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to block an identity from opening a collaborative workspace", + "privilege": "DeleteWorkspaceAccess", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "editor*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get details about a cluster, including status, hardware and software configuration, VPC settings, and so on", + "privilege": "DescribeCluster", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to view information about a notebook, including status, user, role, tags, location, and more", + "privilege": "DescribeEditor", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "editor*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe details of clusters (job flows). This API is deprecated and will eventually be removed. We recommend you use ListClusters, DescribeCluster, ListSteps, ListInstanceGroups and ListBootstrapActions instead", + "privilege": "DescribeJobFlows", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "cluster*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new cross-cluster search connection from a source domain to a destination domain", - "privilege": "CreateOutboundConnection", + "access_level": "Read", + "description": "Grants permission to view information about a notebook execution", + "privilege": "DescribeNotebookExecution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "notebook-execution*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new cross-cluster search connection from a source domain to a destination domain. This permission is deprecated. Use CreateOutboundConnection instead", - "privilege": "CreateOutboundCrossClusterSearchConnection", + "access_level": "Read", + "description": "Grants permission to describe a persistent application history server", + "privilege": "DescribePersistentAppUI", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "cluster*" } ] }, { - "access_level": "Write", - "description": "Grants permission to add a package for use with OpenSearch Service domains", - "privilege": "CreatePackage", + "access_level": "Read", + "description": "Grants permission to view information about an EMR release, such as which applications are supported", + "privilege": "DescribeReleaseLabel", "resource_types": [ { "condition_keys": [], @@ -129659,9 +133478,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create the service-linked role required for Amazon OpenSearch Service domains that use VPC access", - "privilege": "CreateServiceRole", + "access_level": "Read", + "description": "Grants permission to describe an EMR notebook repository", + "privilege": "DescribeRepository", "resource_types": [ { "condition_keys": [], @@ -129671,9 +133490,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create an Amazon OpenSearch Service-managed VPC endpoint", - "privilege": "CreateVpcEndpoint", + "access_level": "Read", + "description": "Grants permission to get details of a security configuration", + "privilege": "DescribeSecurityConfiguration", "resource_types": [ { "condition_keys": [], @@ -129683,129 +133502,143 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete an OpenSearch Application", - "privilege": "DeleteApplication", + "access_level": "Read", + "description": "Grants permission to get details about a cluster step", + "privilege": "DescribeStep", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "cluster*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the data source for the OpenSearch Service domain", - "privilege": "DeleteDataSource", + "access_level": "Read", + "description": "Grants permission to view information about an EMR Studio", + "privilege": "DescribeStudio", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "studio*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the data source for the provided OpenSearch arns", - "privilege": "DeleteDirectQueryDataSource", + "description": "Grants permission to detach an EMR notebook from a compute engine", + "privilege": "DetachEditor", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datasource*" + "resource_type": "editor*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an Amazon OpenSearch Service domain and all of its data", - "privilege": "DeleteDomain", + "access_level": "Read", + "description": "Grants permission to retrieve the auto-termination policy associated with a cluster", + "privilege": "GetAutoTerminationPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "cluster*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an OpenSearch Service domain and all of its data. This permission is deprecated. Use DeleteDomain instead", - "privilege": "DeleteElasticsearchDomain", + "access_level": "Read", + "description": "Grants permission to retrieve the EMR block public access configuration for the AWS account in the Region", + "privilege": "GetBlockPublicAccessConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the service-linked role required for OpenSearch Service domains that use VPC access. This permission is deprecated. Use the IAM API to delete service-linked roles", - "privilege": "DeleteElasticsearchServiceRole", + "description": "Grants permission to retrieve HTTP basic credentials associated with a given execution IAM Role for a fine-grained access control enabled EMR Cluster", + "privilege": "GetClusterSessionCredentials", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "cluster*" + }, + { + "condition_keys": [ + "elasticmapreduce:ExecutionRoleArn" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to the destination domain owner to delete an existing inbound cross-cluster search connection", - "privilege": "DeleteInboundConnection", + "access_level": "Read", + "description": "Grants permission to retrieve the managed scaling policy associated with a cluster", + "privilege": "GetManagedScalingPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "cluster*" } ] }, { "access_level": "Write", - "description": "Grants permission to the destination domain owner to delete an existing inbound cross-cluster search connection. This permission is deprecated. Use DeleteInboundConnection instead", - "privilege": "DeleteInboundCrossClusterSearchConnection", + "description": "Grants permission to get a presigned URL for an application history server running on the cluster", + "privilege": "GetOnClusterAppUIPresignedURL", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "cluster*" } ] }, { "access_level": "Write", - "description": "Grants permission to the source domain owner to delete an existing outbound cross-cluster search connection", - "privilege": "DeleteOutboundConnection", + "description": "Grants permission to get a presigned URL for a persistent application history server", + "privilege": "GetPersistentAppUIPresignedURL", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "cluster*" + }, + { + "condition_keys": [ + "elasticmapreduce:ExecutionRoleArn" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to the source domain owner to delete an existing outbound cross-cluster search connection. This permission is deprecated. Use DeleteOutboundConnection instead", - "privilege": "DeleteOutboundCrossClusterSearchConnection", + "access_level": "Read", + "description": "Grants permission to view information about an EMR Studio session mapping", + "privilege": "GetStudioSessionMapping", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "studio*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a package from OpenSearch Service. The package cannot be associated with any domains", - "privilege": "DeletePackage", + "description": "Grants permission to link an EMR notebook repository to EMR notebooks", + "privilege": "LinkRepository", "resource_types": [ { "condition_keys": [], @@ -129815,153 +133648,153 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete an Amazon OpenSearch Service-managed interface VPC endpoint", - "privilege": "DeleteVpcEndpoint", + "access_level": "Read", + "description": "Grants permission to get details about the bootstrap actions associated with a cluster", + "privilege": "ListBootstrapActions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "cluster*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view a description of the domain configuration for the specified OpenSearch Service domain, including the domain ID, service endpoint, and ARN", - "privilege": "DescribeDomain", + "access_level": "List", + "description": "Grants permission to get the status of accessible clusters", + "privilege": "ListClusters", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view the Auto-Tune configuration of the domain for the specified OpenSearch Service domain, including the Auto-Tune state and maintenance schedules", - "privilege": "DescribeDomainAutoTunes", + "access_level": "List", + "description": "Grants permission to list summary information for accessible EMR notebooks", + "privilege": "ListEditors", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to view detail stage progress of an OpenSearch Service domain", - "privilege": "DescribeDomainChangeProgress", + "description": "Grants permission to get details of instance fleets in a cluster", + "privilege": "ListInstanceFleets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "cluster*" } ] }, { "access_level": "Read", - "description": "Grants permission to view a description of the configuration options and status of an OpenSearch Service domain", - "privilege": "DescribeDomainConfig", + "description": "Grants permission to get details of instance groups in a cluster", + "privilege": "ListInstanceGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "cluster*" } ] }, { "access_level": "Read", - "description": "Grants permission to view information about domain and node health, the standby Availability Zone, number of nodes per Availability Zone, and shard count per node", - "privilege": "DescribeDomainHealth", + "description": "Grants permission to get details about the Amazon EC2 instances in a cluster", + "privilege": "ListInstances", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "cluster*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view information about nodes configured for the domain and their configurations- the node id, type of node, status of node, Availability Zone, instance type and storage", - "privilege": "DescribeDomainNodes", + "access_level": "List", + "description": "Grants permission to list summary information for notebook executions", + "privilege": "ListNotebookExecutions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to view a description of the domain configuration for up to five specified OpenSearch Service domains", - "privilege": "DescribeDomains", + "description": "Grants permission to list and filter the available EMR releases in the current region", + "privilege": "ListReleaseLabels", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe the status of a pre-update validation check on an OpenSearch Service domain", - "privilege": "DescribeDryRunProgress", + "access_level": "List", + "description": "Grants permission to list existing EMR notebook repositories", + "privilege": "ListRepositories", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view a description of the domain configuration for the specified OpenSearch Service domain, including the domain ID, service endpoint, and ARN. This permission is deprecated. Use DescribeDomain instead", - "privilege": "DescribeElasticsearchDomain", + "access_level": "List", + "description": "Grants permission to list available security configurations in this account by name, along with creation dates and times", + "privilege": "ListSecurityConfigurations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to view a description of the configuration and status of an OpenSearch Service domain. This permission is deprecated. Use DescribeDomainConfig instead", - "privilege": "DescribeElasticsearchDomainConfig", + "description": "Grants permission to list steps associated with a cluster", + "privilege": "ListSteps", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "cluster*" } ] }, { "access_level": "List", - "description": "Grants permission to view a description of the domain configuration for up to five specified Amazon OpenSearch domains. This permission is deprecated. Use DescribeDomains instead", - "privilege": "DescribeElasticsearchDomains", + "description": "Grants permission to list summary information about EMR Studio session mappings", + "privilege": "ListStudioSessionMappings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to view the instance count, storage, and master node limits for a given OpenSearch version and instance type. This permission is deprecated. Use DescribeInstanceTypeLimits instead", - "privilege": "DescribeElasticsearchInstanceTypeLimits", + "description": "Grants permission to list summary information about EMR Studios", + "privilege": "ListStudios", "resource_types": [ { "condition_keys": [], @@ -129972,8 +133805,8 @@ }, { "access_level": "List", - "description": "Grants permission to list all the inbound cross-cluster search connections for a destination domain", - "privilege": "DescribeInboundConnections", + "description": "Grants permission to list the Amazon EC2 instance types that an Amazon EMR release supports", + "privilege": "ListSupportedInstanceTypes", "resource_types": [ { "condition_keys": [], @@ -129984,92 +133817,97 @@ }, { "access_level": "List", - "description": "Grants permission to list all the inbound cross-cluster search connections for a destination domain. This permission is deprecated. Use DescribeInboundConnections instead", - "privilege": "DescribeInboundCrossClusterSearchConnections", + "description": "Grants permission to list identities that are granted access to a workspace", + "privilege": "ListWorkspaceAccessIdentities", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "editor*" } ] }, { - "access_level": "List", - "description": "Grants permission to view the instance count, storage, and master node limits for a given engine version and instance type", - "privilege": "DescribeInstanceTypeLimits", + "access_level": "Write", + "description": "Grants permission to change cluster settings such as number of steps that can be executed concurrently for a cluster", + "privilege": "ModifyCluster", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "cluster*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all the outbound cross-cluster search connections for a source domain", - "privilege": "DescribeOutboundConnections", + "access_level": "Write", + "description": "Grants permission to change the target On-Demand and target Spot capacities for a instance fleet", + "privilege": "ModifyInstanceFleet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "cluster*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all the outbound cross-cluster search connections for a source domain. This permission is deprecated. Use DescribeOutboundConnections instead", - "privilege": "DescribeOutboundCrossClusterSearchConnections", + "access_level": "Write", + "description": "Grants permission to change the number and configuration of EC2 instances for an instance group", + "privilege": "ModifyInstanceGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "cluster" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe all packages available to OpenSearch Service domains", - "privilege": "DescribePackages", + "access_level": "Write", + "description": "Grants permission to launch the Jupyter notebook editor for an EMR notebook from within the console", + "privilege": "OpenEditorInConsole", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "editor*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster" } ] }, { - "access_level": "List", - "description": "Grants permission to fetch Reserved Instance offerings for Amazon OpenSearch Service. This permission is deprecated. Use DescribeReservedInstanceOfferings instead", - "privilege": "DescribeReservedElasticsearchInstanceOfferings", + "access_level": "Write", + "description": "Grants permission to create or update an automatic scaling policy for a core instance group or task instance group", + "privilege": "PutAutoScalingPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "cluster*" } ] }, { - "access_level": "List", - "description": "Grants permission to fetch OpenSearch Service Reserved Instances that have already been purchased. This permission is deprecated. Use DescribeReservedInstances instead", - "privilege": "DescribeReservedElasticsearchInstances", + "access_level": "Write", + "description": "Grants permission to create or update the auto-termination policy associated with a cluster", + "privilege": "PutAutoTerminationPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "cluster*" } ] }, { - "access_level": "List", - "description": "Grants permission to fetch Reserved Instance offerings for OpenSearch Service", - "privilege": "DescribeReservedInstanceOfferings", + "access_level": "Permissions management", + "description": "Grants permission to create or update the EMR block public access configuration for the AWS account in the Region", + "privilege": "PutBlockPublicAccessConfiguration", "resource_types": [ { "condition_keys": [], @@ -130079,297 +133917,390 @@ ] }, { - "access_level": "List", - "description": "Grants permission to fetch OpenSearch Service Reserved Instances that have already been purchased", - "privilege": "DescribeReservedInstances", + "access_level": "Write", + "description": "Grants permission to create or update the managed scaling policy associated with a cluster", + "privilege": "PutManagedScalingPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "cluster*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more Amazon OpenSearch Service-managed VPC endpoints", - "privilege": "DescribeVpcEndpoints", + "access_level": "Permissions management", + "description": "Grants permission to allow an identity to open a collaborative workspace", + "privilege": "PutWorkspaceAccess", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "editor*" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate a package from the specified OpenSearch Service domain", - "privilege": "DissociatePackage", + "description": "Grants permission to remove an automatic scaling policy from an instance group", + "privilege": "RemoveAutoScalingPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "cluster*" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate multiple packages from the specified OpenSearch Service domain", - "privilege": "DissociatePackages", + "description": "Grants permission to remove the auto-termination policy associated with a cluster", + "privilege": "RemoveAutoTerminationPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "cluster*" } ] }, { - "access_level": "Read", - "description": "Grants permission to send cross-cluster requests to a destination domain", - "privilege": "ESCrossClusterGet", + "access_level": "Write", + "description": "Grants permission to remove the managed scaling policy associated with a cluster", + "privilege": "RemoveManagedScalingPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain" + "resource_type": "cluster*" } ] }, { - "access_level": "Write", - "description": "Grants permission to send HTTP DELETE requests to the OpenSearch APIs", - "privilege": "ESHttpDelete", + "access_level": "Tagging", + "description": "Grants permission to remove tags from an Amazon EMR resource", + "privilege": "RemoveTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain" + "resource_type": "cluster" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "editor" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "notebook-execution" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "studio" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to send HTTP GET requests to the OpenSearch APIs", - "privilege": "ESHttpGet", + "access_level": "Write", + "description": "Grants permission to create and launch a cluster (job flow)", + "privilege": "RunJobFlow", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "domain" + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "elasticmapreduce:RequestTag/${TagKey}" + ], + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to send HTTP HEAD requests to the OpenSearch APIs", - "privilege": "ESHttpHead", + "access_level": "Write", + "description": "Grants permission to add and remove auto terminate after step execution for a cluster", + "privilege": "SetKeepJobFlowAliveWhenNoSteps", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain" + "resource_type": "cluster*" } ] }, { "access_level": "Write", - "description": "Grants permission to send HTTP PATCH requests to the OpenSearch APIs", - "privilege": "ESHttpPatch", + "description": "Grants permission to add and remove termination protection for a cluster", + "privilege": "SetTerminationProtection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain" + "resource_type": "cluster*" } ] }, { "access_level": "Write", - "description": "Grants permission to send HTTP POST requests to the OpenSearch APIs", - "privilege": "ESHttpPost", + "description": "Grants permission to enable or disable unhealthy node replacement for a cluster", + "privilege": "SetUnhealthyNodeReplacement", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain" + "resource_type": "cluster*" } ] }, { "access_level": "Write", - "description": "Grants permission to send HTTP PUT requests to the OpenSearch APIs", - "privilege": "ESHttpPut", + "description": "Grants permission to set whether all AWS Identity and Access Management (IAM) users in the AWS account can view a cluster. This API is deprecated and your cluster may be visible to all users in your account. To restrict cluster access using an IAM policy, see AWS Identity and Access Management for Amazon EMR (https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-plan-access-iam.html)", + "privilege": "SetVisibleToAllUsers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain" + "resource_type": "cluster*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about an OpenSearch Application", - "privilege": "GetApplication", + "access_level": "Write", + "description": "Grants permission to start an EMR notebook", + "privilege": "StartEditor", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "editor*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster" } ] }, { - "access_level": "List", - "description": "Grants permission to fetch a list of compatible OpenSearch and Elasticsearch versions to which an OpenSearch Service domain can be upgraded. This permission is deprecated. Use GetCompatibleVersions instead", - "privilege": "GetCompatibleElasticsearchVersions", + "access_level": "Write", + "description": "Grants permission to start an EMR notebook execution", + "privilege": "StartNotebookExecution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "cluster*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "editor*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "elasticmapreduce:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to fetch list of compatible engine versions to which an OpenSearch Service domain can be upgraded", - "privilege": "GetCompatibleVersions", + "access_level": "Write", + "description": "Grants permission to shut down an EMR notebook", + "privilege": "StopEditor", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "editor*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the data source for the OpenSearch Service domain", - "privilege": "GetDataSource", + "access_level": "Write", + "description": "Grants permission to stop notebook execution", + "privilege": "StopNotebookExecution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "notebook-execution*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the data source for the provided OpenSearch arns", - "privilege": "GetDirectQueryDataSource", + "access_level": "Write", + "description": "Grants permission to terminate a cluster (job flow)", + "privilege": "TerminateJobFlows", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datasource*" + "resource_type": "cluster*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the status of maintenance action for the node", - "privilege": "GetDomainMaintenanceStatus", + "access_level": "Write", + "description": "Grants permission to unlink an EMR notebook repository from EMR notebooks", + "privilege": "UnlinkRepository", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to fetch the version history for a package", - "privilege": "GetPackageVersionHistory", + "access_level": "Write", + "description": "Grants permission to update an EMR notebook", + "privilege": "UpdateEditor", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "editor*" } ] }, { - "access_level": "Read", - "description": "Grants permission to fetch the upgrade history of a given OpenSearch Service domain", - "privilege": "GetUpgradeHistory", + "access_level": "Write", + "description": "Grants permission to update an EMR notebook repository", + "privilege": "UpdateRepository", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to fetch the upgrade status of a given OpenSearch Service domain", - "privilege": "GetUpgradeStatus", + "access_level": "Write", + "description": "Grants permission to update information about an EMR Studio", + "privilege": "UpdateStudio", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "studio*" } ] }, { - "access_level": "List", - "description": "Grants permission to list OpenSearch Applications", - "privilege": "ListApplications", + "access_level": "Write", + "description": "Grants permission to update an EMR Studio session mapping", + "privilege": "UpdateStudioSessionMapping", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "studio*" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve a list of data source for the OpenSearch Service domain", - "privilege": "ListDataSources", + "description": "Grants permission to use the EMR console to view events from all clusters", + "privilege": "ViewEventsFromAllClustersInConsole", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:elasticmapreduce:${Region}:${Account}:cluster/${ClusterId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticmapreduce:ResourceTag/${TagKey}" + ], + "resource": "cluster" }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of data source for the provided OpenSearch arns", - "privilege": "ListDirectQueryDataSources", + "arn": "arn:${Partition}:elasticmapreduce:${Region}:${Account}:editor/${EditorId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticmapreduce:ResourceTag/${TagKey}" + ], + "resource": "editor" + }, + { + "arn": "arn:${Partition}:elasticmapreduce:${Region}:${Account}:notebook-execution/${NotebookExecutionId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticmapreduce:ResourceTag/${TagKey}" + ], + "resource": "notebook-execution" + }, + { + "arn": "arn:${Partition}:elasticmapreduce:${Region}:${Account}:studio/${StudioId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticmapreduce:ResourceTag/${TagKey}" + ], + "resource": "studio" + } + ], + "service_name": "Amazon Elastic MapReduce" + }, + { + "conditions": [], + "prefix": "elastictranscoder", + "privileges": [ + { + "access_level": "Write", + "description": "Cancel a job that Elastic Transcoder has not begun to process", + "privilege": "CancelJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datasource*" + "resource_type": "job*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of maintenance actions for the OpenSearch Service domain", - "privilege": "ListDomainMaintenances", + "access_level": "Write", + "description": "Create a job", + "privilege": "CreateJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "pipeline*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "preset*" } ] }, { - "access_level": "List", - "description": "Grants permission to display the names of all OpenSearch Service domains that the current user owns", - "privilege": "ListDomainNames", + "access_level": "Write", + "description": "Create a pipeline", + "privilege": "CreatePipeline", "resource_types": [ { "condition_keys": [], @@ -130379,9 +134310,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all OpenSearch Service domains that a package is associated with", - "privilege": "ListDomainsForPackage", + "access_level": "Write", + "description": "Create a preset", + "privilege": "CreatePreset", "resource_types": [ { "condition_keys": [], @@ -130391,45 +134322,45 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all instance types and available features for a given OpenSearch version. This permission is deprecated. Use ListInstanceTypeDetails instead", - "privilege": "ListElasticsearchInstanceTypeDetails", + "access_level": "Write", + "description": "Delete a pipeline", + "privilege": "DeletePipeline", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "pipeline*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all EC2 instance types that are supported for a given OpenSearch version", - "privilege": "ListElasticsearchInstanceTypes", + "access_level": "Write", + "description": "Delete a preset", + "privilege": "DeletePreset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "preset*" } ] }, { "access_level": "List", - "description": "Grants permission to list all supported OpenSearch versions on Amazon OpenSearch Service. This permission is deprecated. Use ListVersions instead", - "privilege": "ListElasticsearchVersions", + "description": "Get a list of the jobs that you assigned to a pipeline", + "privilege": "ListJobsByPipeline", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "pipeline*" } ] }, { "access_level": "List", - "description": "Grants permission to list all instance types and available features for a given OpenSearch or Elasticsearch version", - "privilege": "ListInstanceTypeDetails", + "description": "Get information about all of the jobs associated with the current AWS account that have a specified status", + "privilege": "ListJobsByStatus", "resource_types": [ { "condition_keys": [], @@ -130440,54 +134371,68 @@ }, { "access_level": "List", - "description": "Grants permission to list all packages associated with the OpenSearch Service domain", - "privilege": "ListPackagesForDomain", + "description": "Get a list of the pipelines associated with the current AWS account", + "privilege": "ListPipelines", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve a list of configuration changes that are scheduled for a OpenSearch Service domain", - "privilege": "ListScheduledActions", + "description": "Get a list of all presets associated with the current AWS account", + "privilege": "ListPresets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to display all resource tags for an OpenSearch Service domain, data source, or application", - "privilege": "ListTags", + "description": "Get detailed information about a job", + "privilege": "ReadJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" - }, + "resource_type": "job*" + } + ] + }, + { + "access_level": "Read", + "description": "Get detailed information about a pipeline", + "privilege": "ReadPipeline", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datasource*" - }, + "resource_type": "pipeline*" + } + ] + }, + { + "access_level": "Read", + "description": "Get detailed information about a preset", + "privilege": "ReadPreset", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "preset*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all supported OpenSearch and Elasticsearch versions in Amazon OpenSearch Service", - "privilege": "ListVersions", + "access_level": "Write", + "description": "Test the settings for a pipeline to ensure that Elastic Transcoder can create and process jobs", + "privilege": "TestRole", "resource_types": [ { "condition_keys": [], @@ -130497,45 +134442,69 @@ ] }, { - "access_level": "List", - "description": "Grants permission to retrieve information about each AWS principal that is allowed to access a given Amazon OpenSearch Service domain through the use of an interface VPC endpoint", - "privilege": "ListVpcEndpointAccess", + "access_level": "Write", + "description": "Update settings for a pipeline", + "privilege": "UpdatePipeline", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "pipeline*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve all Amazon OpenSearch Service-managed VPC endpoints in the current AWS account and Region", - "privilege": "ListVpcEndpoints", + "access_level": "Write", + "description": "Update only Amazon Simple Notification Service (Amazon SNS) notifications for a pipeline", + "privilege": "UpdatePipelineNotifications", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "pipeline*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve all Amazon OpenSearch Service-managed VPC endpoints associated with a particular domain", - "privilege": "ListVpcEndpointsForDomain", + "access_level": "Write", + "description": "Pause or reactivate a pipeline, so the pipeline stops or restarts processing jobs, update the status for the pipeline", + "privilege": "UpdatePipelineStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "pipeline*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:elastictranscoder:${Region}:${Account}:job/${JobId}", + "condition_keys": [], + "resource": "job" + }, + { + "arn": "arn:${Partition}:elastictranscoder:${Region}:${Account}:pipeline/${PipelineId}", + "condition_keys": [], + "resource": "pipeline" }, + { + "arn": "arn:${Partition}:elastictranscoder:${Region}:${Account}:preset/${PresetId}", + "condition_keys": [], + "resource": "preset" + } + ], + "service_name": "Amazon Elastic Transcoder" + }, + { + "conditions": [], + "prefix": "elemental-activations", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to purchase OpenSearch Service Reserved Instances. This permission is deprecated. Use PurchaseReservedInstanceOffering instead", - "privilege": "PurchaseReservedElasticsearchInstanceOffering", + "description": "Grants permission to complete the process of registering customer account for AWS Elemental Appliances and Software Purchases", + "privilege": "CompleteAccountRegistration", "resource_types": [ { "condition_keys": [], @@ -130546,8 +134515,8 @@ }, { "access_level": "Write", - "description": "Grants permission to purchase OpenSearch reserved instances", - "privilege": "PurchaseReservedInstanceOffering", + "description": "Grants permission to complete the process of uploading a Software file for AWS Elemental Appliances and Software Purchases", + "privilege": "CompleteFileUpload", "resource_types": [ { "condition_keys": [], @@ -130558,8 +134527,8 @@ }, { "access_level": "Write", - "description": "Grants permission to the destination domain owner to reject an inbound cross-cluster search connection request", - "privilege": "RejectInboundConnection", + "description": "Grants permission to confirm asset ownership", + "privilege": "ConfirmAccount", "resource_types": [ { "condition_keys": [], @@ -130569,9 +134538,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to the destination domain owner to reject an inbound cross-cluster search connection request. This permission is deprecated. Use RejectInboundConnection instead", - "privilege": "RejectInboundCrossClusterSearchConnection", + "access_level": "Read", + "description": "Grants permission to download the kickstart files for AWS Elemental Appliances and Software purchases", + "privilege": "DownloadKickstart", "resource_types": [ { "condition_keys": [], @@ -130581,38 +134550,45 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove resource tags from an OpenSearch Service domain, data source, or application", - "privilege": "RemoveTags", + "access_level": "Read", + "description": "Grants permission to download the Software files for AWS Elemental Appliances and Software Purchases", + "privilege": "DownloadSoftware", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to generate a software license for an AWS Elemental Appliances and Software purchase", + "privilege": "GenerateLicense", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datasource*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to generate Software Licenses for AWS Elemental Appliances and Software Purchases", + "privilege": "GenerateLicenses", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to revoke access to an Amazon OpenSearch Service domain that was provided through an interface VPC endpoint", - "privilege": "RevokeVpcEndpointAccess", + "access_level": "Read", + "description": "Grants permission to describe the software version of an artifact group", + "privilege": "GetArtifactGroupSoftwareVersions", "resource_types": [ { "condition_keys": [], @@ -130622,105 +134598,113 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to initiate the maintenance on the node", - "privilege": "StartDomainMaintenance", + "access_level": "Read", + "description": "Grants permission to describe an asset", + "privilege": "GetAsset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to start a service software update of a domain. This permission is deprecated. Use StartServiceSoftwareUpdate instead", - "privilege": "StartElasticsearchServiceSoftwareUpdate", + "access_level": "Read", + "description": "Grants permission to describe assets associated to the requesting account", + "privilege": "GetAssets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to start a service software update of a domain", - "privilege": "StartServiceSoftwareUpdate", + "access_level": "Read", + "description": "Grants permission to get all product advisories", + "privilege": "GetProductAdvisories", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update an OpenSearch Application", - "privilege": "UpdateApplication", + "access_level": "Read", + "description": "Grants permission to describe available software versions", + "privilege": "GetSoftwareVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the data source for the OpenSearch Service domain", - "privilege": "UpdateDataSource", + "description": "Grants permission to start the process of uploading a Software file for AWS Elemental Appliances and Software Purchases", + "privilege": "StartFileUpload", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] - }, + } + ], + "resources": [], + "service_name": "AWS Elemental Appliances and Software Activation Service" + }, + { + "conditions": [], + "prefix": "elemental-appliances-software", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to update the data source for the provided OpenSearch arns", - "privilege": "UpdateDirectQueryDataSource", + "description": "Grants permission to complete an upload of an attachment for a quote or order", + "privilege": "CompleteUpload", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datasource*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to modify the configuration of an OpenSearch Service domain, such as the instance type or number of instances", - "privilege": "UpdateDomainConfig", + "description": "Grants permission to create an order", + "privilege": "CreateOrderV1", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to modify the configuration of an OpenSearch Service domain, such as the instance type or number of instances. This permission is deprecated. Use UpdateDomainConfig instead", - "privilege": "UpdateElasticsearchDomainConfig", + "description": "Grants permission to create a quote", + "privilege": "CreateQuote", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "quote*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a package for use with OpenSearch Service domains", - "privilege": "UpdatePackage", + "access_level": "Read", + "description": "Grants permission to validate an address", + "privilege": "GetAvsCorrectAddress", "resource_types": [ { "condition_keys": [], @@ -130730,9 +134714,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update scope a package", - "privilege": "UpdatePackageScope", + "access_level": "Read", + "description": "Grants permission to list the billing addresses in the AWS Account", + "privilege": "GetBillingAddresses", "resource_types": [ { "condition_keys": [], @@ -130742,21 +134726,21 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to reschedule a planned OpenSearch Service domain configuration change for a later time", - "privilege": "UpdateScheduledAction", + "access_level": "Read", + "description": "Grants permission to list the delivery addresses in the AWS Account", + "privilege": "GetDeliveryAddressesV2", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to modify an Amazon OpenSearch Service-managed interface VPC endpoint", - "privilege": "UpdateVpcEndpoint", + "access_level": "Read", + "description": "Grants permission to describe an order", + "privilege": "GetOrder", "resource_types": [ { "condition_keys": [], @@ -130766,242 +134750,164 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to initiate upgrade of an OpenSearch Service domain to a given version", - "privilege": "UpgradeDomain", + "access_level": "Read", + "description": "Grants permission to list the orders in the AWS Account", + "privilege": "GetOrdersV2", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to initiate upgrade of an OpenSearch Service domain to a specified version. This permission is deprecated. Use UpgradeDomain instead", - "privilege": "UpgradeElasticsearchDomain", + "access_level": "Read", + "description": "Grants permission to describe a quote", + "privilege": "GetQuote", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "quote*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:es:${Region}:${Account}:domain/${DomainName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "domain" - }, - { - "arn": "arn:${Partition}:opensearch:${Region}:${Account}:application/${AppId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "application" - }, - { - "arn": "arn:${Partition}:iam::${Account}:role/aws-service-role/es.amazonaws.com/AWSServiceRoleForAmazonOpenSearchService", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "es_role" - }, - { - "arn": "arn:${Partition}:iam::${Account}:role/aws-service-role/opensearchservice.amazonaws.com/AWSServiceRoleForAmazonOpenSearchService", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "opensearchservice_role" - }, - { - "arn": "arn:${Partition}:opensearch:${Region}:${Account}:datasource/${DataSourceName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "datasource" - } - ], - "service_name": "Amazon OpenSearch Service" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the allowed set of values for each of the tags to event bus and rule actions", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tag-value associated with the resource to event bus and rule actions", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the tags in the request to event bus and rule actions", - "type": "ArrayOfString" - }, - { - "condition": "events:EventBusArn", - "description": "Filters access by the ARN of the event buses that can be associated with an endpoint to CreateEndpoint and UpdateEndpoint actions", - "type": "ArrayOfARN" - }, - { - "condition": "events:ManagedBy", - "description": "Filters access by AWS services. If a rule is created by an AWS service on your behalf, the value is the principal name of the service that created the rule", - "type": "String" - }, - { - "condition": "events:TargetArn", - "description": "Filters access by the ARN of a target that can be put to a rule to PutTargets actions. TargetARN doesn't include DeadLetterConfigArn", - "type": "ArrayOfARN" - }, - { - "condition": "events:creatorAccount", - "description": "Filters access by the account the rule was created in to rule actions", - "type": "String" - }, - { - "condition": "events:detail-type", - "description": "Filters access by the literal string of the detail-type of the event to PutEvents and PutRule actions", - "type": "String" - }, - { - "condition": "events:detail.eventTypeCode", - "description": "Filters access by the literal string for the detail.eventTypeCode field of the event to PutRule actions", - "type": "String" }, { - "condition": "events:detail.service", - "description": "Filters access by the literal string for the detail.service field of the event to PutRule actions", - "type": "String" - }, - { - "condition": "events:detail.userIdentity.principalId", - "description": "Filters access by the literal string for the detail.useridentity.principalid field of the event to PutRule actions", - "type": "String" - }, - { - "condition": "events:eventBusInvocation", - "description": "Filters access by whether the event was generated via API or cross-account bus invocation to PutEvents actions", - "type": "String" + "access_level": "Read", + "description": "Grants permission to calculate taxes for an order", + "privilege": "GetTaxes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "events:source", - "description": "Filters access by the AWS service or AWS partner event source that generated the event to PutEvents and PutRule actions. Matches the literal string of the source field of the event", - "type": "ArrayOfString" - } - ], - "prefix": "events", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to activate partner event sources", - "privilege": "ActivateEventSource", + "access_level": "List", + "description": "Grants permission to list the quotes in the AWS Account", + "privilege": "ListQuotes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-source*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to cancel a replay", - "privilege": "CancelReplay", + "description": "Grants permission to start an upload of an attachment for a quote or order", + "privilege": "StartUpload", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "replay*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new api destination", - "privilege": "CreateApiDestination", + "description": "Grants permission to submit an order", + "privilege": "SubmitOrderV1", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "api-destination*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify a quote", + "privilege": "UpdateQuote", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connection*" + "resource_type": "quote*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:elemental-appliances-software:${Region}:${Account}:quote/${ResourceId}", + "condition_keys": [], + "resource": "quote" + } + ], + "service_name": "AWS Elemental Appliances and Software" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tags associated with the resource", + "type": "String" }, + { + "condition": "aws:TagKeys", + "description": "Filters access by tag keys that are passed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "elemental-support-cases", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to create a new archive", - "privilege": "CreateArchive", + "description": "Grants permission to add a comment to a support case", + "privilege": "AddCaseComment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "archive*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "event-bus*" + "resource_type": "case*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new connection", - "privilege": "CreateConnection", + "description": "Grants permission to verify whether the caller has the permissions to perform support case operations", + "privilege": "CheckCasePermission", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connection*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create an endpoint", - "privilege": "CreateEndpoint", + "description": "Grants permission to complete a multipart file upload to a support case", + "privilege": "CompleteMultipartUpload", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "endpoint*" - }, - { - "condition_keys": [ - "events:EventBusArn" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "case*" } ] }, { "access_level": "Write", - "description": "Grants permission to create event buses", - "privilege": "CreateEventBus", + "description": "Grants permission to create a support case", + "privilege": "CreateCase", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "event-bus*" - }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -131010,131 +134916,114 @@ }, { "access_level": "Write", - "description": "Grants permission to create partner event sources", - "privilege": "CreatePartnerEventSource", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "event-source*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to deactivate event sources", - "privilege": "DeactivateEventSource", + "description": "Grants permission to create a cli command to allow a file upload to a support case", + "privilege": "CreateS3CLIUploadCommand", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-source*" + "resource_type": "case*" } ] }, { "access_level": "Write", - "description": "Grants permission to deauthorize a connection, deleting its stored authorization secrets", - "privilege": "DeauthorizeConnection", + "description": "Grants permission to download a file from a support case", + "privilege": "CreateS3DownloadUrl", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connection*" + "resource_type": "case*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an api destination", - "privilege": "DeleteApiDestination", + "access_level": "Read", + "description": "Grants permission to describe a support case in your account", + "privilege": "GetCase", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "api-destination*" + "resource_type": "case*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an archive", - "privilege": "DeleteArchive", + "access_level": "Read", + "description": "Grants permission to verify whether the caller has the permissions to perform support case operations", + "privilege": "GetCasePermission", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "archive*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a connection", - "privilege": "DeleteConnection", + "access_level": "Read", + "description": "Grants permission to list the support cases in your account", + "privilege": "GetCases", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connection*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an endpoint", - "privilege": "DeleteEndpoint", + "access_level": "Read", + "description": "Grants permission to retrieve cached case user data for use in the Console", + "privilege": "GetUICache", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "endpoint*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete event buses", - "privilege": "DeleteEventBus", + "access_level": "Read", + "description": "Grants permission to list tags on a support case", + "privilege": "ListTagsForCase", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-bus*" + "resource_type": "case*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete partner event sources", - "privilege": "DeletePartnerEventSource", + "description": "Grants permission to start a multipart file upload to a support case", + "privilege": "StartMultipartUpload", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-source*" + "resource_type": "case*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete rules", - "privilege": "DeleteRule", + "access_level": "Tagging", + "description": "Grants permission to add a tag on a support case", + "privilege": "TagCase", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule-on-custom-event-bus" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "rule-on-default-event-bus" + "resource_type": "case*" }, { "condition_keys": [ - "events:creatorAccount", - "events:ManagedBy" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -131142,124 +135031,176 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve details about an api destination", - "privilege": "DescribeApiDestination", + "access_level": "Tagging", + "description": "Grants permission to remove a tag on a support case", + "privilege": "UntagCase", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "api-destination*" + "resource_type": "case*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "connection*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve details about an archive", - "privilege": "DescribeArchive", + "access_level": "Write", + "description": "Grants permission to update a support case", + "privilege": "UpdateCase", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "archive*" + "resource_type": "case*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve details about a conection", - "privilege": "DescribeConnection", + "access_level": "Write", + "description": "Grants permission to update a support case status", + "privilege": "UpdateCaseStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connection*" + "resource_type": "case*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve details about an endpoint", - "privilege": "DescribeEndpoint", + "access_level": "Write", + "description": "Grants permission to update a multipart file upload to a support case", + "privilege": "UpdateMultipartUpload", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "endpoint*" + "resource_type": "case*" } ] - }, + } + ], + "resources": [ + { + "arn": "arn:${Partition}:elemental-support-cases::${Account}:case/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "case" + } + ], + "service_name": "AWS Elemental Support Cases" + }, + { + "conditions": [], + "prefix": "elemental-support-content", + "privileges": [ { "access_level": "Read", - "description": "Grants permission to retrieve details about event buses", - "privilege": "DescribeEventBus", + "description": "Grants permission to search support content", + "privilege": "Query", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-bus" + "resource_type": "" } ] + } + ], + "resources": [], + "service_name": "AWS Elemental Support Content" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tag key-value pairs present in the request", + "type": "String" }, { - "access_level": "Read", - "description": "Grants permission to retrieve details about event sources", - "privilege": "DescribeEventSource", + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys present in the request", + "type": "ArrayOfString" + }, + { + "condition": "emr-containers:ExecutionRoleArn", + "description": "Filters access by the execution role arn present in the request", + "type": "ARN" + }, + { + "condition": "emr-containers:JobTemplateArn", + "description": "Filters access by the job template arn present in the request", + "type": "ARN" + } + ], + "prefix": "emr-containers", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to cancel a job run", + "privilege": "CancelJobRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-source*" + "resource_type": "jobRun*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve details about partner event sources", - "privilege": "DescribePartnerEventSource", + "access_level": "Write", + "description": "Grants permission to call the CreateCertificate method to accept the CertificateSigningRequest, and return the signed certificate", + "privilege": "CreateCertificate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-source*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the details of a replay", - "privilege": "DescribeReplay", + "access_level": "Write", + "description": "Grants permission to create a job template", + "privilege": "CreateJobTemplate", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "replay*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve details about rules", - "privilege": "DescribeRule", + "access_level": "Write", + "description": "Grants permission to create a managed endpoint", + "privilege": "CreateManagedEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule-on-custom-event-bus" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "rule-on-default-event-bus" + "resource_type": "virtualCluster*" }, { "condition_keys": [ - "events:creatorAccount" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "emr-containers:ExecutionRoleArn" ], "dependent_actions": [], "resource_type": "" @@ -131268,23 +135209,28 @@ }, { "access_level": "Write", - "description": "Grants permission to disable rules", - "privilege": "DisableRule", + "description": "Grants permission to create a security configuration", + "privilege": "CreateSecurityConfiguration", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "rule-on-custom-event-bus" - }, - { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "rule-on-default-event-bus" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a virtual cluster", + "privilege": "CreateVirtualCluster", + "resource_types": [ { "condition_keys": [ - "events:creatorAccount", - "events:ManagedBy" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -131293,141 +135239,140 @@ }, { "access_level": "Write", - "description": "Grants permission to enable rules", - "privilege": "EnableRule", + "description": "Grants permission to delete a job template", + "privilege": "DeleteJobTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule-on-custom-event-bus" - }, + "resource_type": "jobTemplate*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a managed endpoint", + "privilege": "DeleteManagedEndpoint", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule-on-default-event-bus" - }, - { - "condition_keys": [ - "events:creatorAccount", - "events:ManagedBy" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "managedEndpoint*" } ] }, { "access_level": "Write", - "description": "Grants permission to invoke an api destination", - "privilege": "InvokeApiDestination", + "description": "Grants permission to delete a security configuration", + "privilege": "DeleteSecurityConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "api-destination*" + "resource_type": "securityConfiguration*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of api destinations", - "privilege": "ListApiDestinations", + "access_level": "Write", + "description": "Grants permission to delete a virtual cluster", + "privilege": "DeleteVirtualCluster", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "virtualCluster*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of archives", - "privilege": "ListArchives", + "access_level": "Read", + "description": "Grants permission to describe a job run", + "privilege": "DescribeJobRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "jobRun*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of connections", - "privilege": "ListConnections", + "access_level": "Read", + "description": "Grants permission to describe a job template", + "privilege": "DescribeJobTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "jobTemplate*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of endpoints", - "privilege": "ListEndpoints", + "access_level": "Read", + "description": "Grants permission to describe a managed endpoint", + "privilege": "DescribeManagedEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "managedEndpoint*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of the event buses in your account", - "privilege": "ListEventBuses", + "access_level": "Read", + "description": "Grants permission to describe a security configuration", + "privilege": "DescribeSecurityConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "securityConfiguration*" } ] }, { - "access_level": "List", - "description": "Grants permission to to retrieve a list of event sources shared with this account", - "privilege": "ListEventSources", + "access_level": "Read", + "description": "Grants permission to describe a virtual cluster", + "privilege": "DescribeVirtualCluster", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "virtualCluster*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of AWS account IDs associated with an event source", - "privilege": "ListPartnerEventSourceAccounts", + "access_level": "Write", + "description": "Grants permission to generate a session token used to connect to a managed endpoint", + "privilege": "GetManagedEndpointSessionCredentials", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-source*" + "resource_type": "managedEndpoint*" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve a list partner event sources", - "privilege": "ListPartnerEventSources", + "description": "Grants permission to list job runs associated with a virtual cluster", + "privilege": "ListJobRuns", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "virtualCluster*" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve a list of replays", - "privilege": "ListReplays", + "description": "Grants permission to list job templates", + "privilege": "ListJobTemplates", "resource_types": [ { "condition_keys": [], @@ -131438,20 +135383,20 @@ }, { "access_level": "List", - "description": "Grants permission to retrieve a list of the names of the rules associated with a target", - "privilege": "ListRuleNamesByTarget", + "description": "Grants permission to list managed endpoints associated with a virtual cluster", + "privilege": "ListManagedEndpoints", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "virtualCluster*" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve a list of the Amazon EventBridge rules in the account", - "privilege": "ListRules", + "description": "Grants permission to list security configurations", + "privilege": "ListSecurityConfigurations", "resource_types": [ { "condition_keys": [], @@ -131462,72 +135407,64 @@ }, { "access_level": "List", - "description": "Grants permission to retrieve a list of tags associated with an Amazon EventBridge resource", + "description": "Grants permission to list tags for the specified resource", "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-bus" + "resource_type": "jobRun" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule-on-custom-event-bus" + "resource_type": "jobTemplate" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule-on-default-event-bus" + "resource_type": "managedEndpoint" }, { - "condition_keys": [ - "events:creatorAccount" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "securityConfiguration" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "virtualCluster" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve a list of targets defined for a rule", - "privilege": "ListTargetsByRule", + "description": "Grants permission to list virtual clusters", + "privilege": "ListVirtualClusters", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule-on-custom-event-bus" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "rule-on-default-event-bus" - }, - { - "condition_keys": [ - "events:creatorAccount" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to send custom events to Amazon EventBridge", - "privilege": "PutEvents", + "description": "Grants permission to start a job run", + "privilege": "StartJobRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-bus*" + "resource_type": "virtualCluster*" }, { "condition_keys": [ - "events:detail-type", - "events:source", - "events:eventBusInvocation" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "emr-containers:ExecutionRoleArn", + "emr-containers:JobTemplateArn" ], "dependent_actions": [], "resource_type": "" @@ -131535,55 +135472,39 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to sends custom events to Amazon EventBridge", - "privilege": "PutPartnerEvents", + "access_level": "Tagging", + "description": "Grants permission to tag the specified resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Permissions management", - "description": "Grants permission to use the PutPermission action to grants permission to another AWS account to put events to your default event bus", - "privilege": "PutPermission", - "resource_types": [ + "resource_type": "jobRun" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create or updates rules", - "privilege": "PutRule", - "resource_types": [ + "resource_type": "jobTemplate" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule-on-custom-event-bus" + "resource_type": "managedEndpoint" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule-on-default-event-bus" + "resource_type": "securityConfiguration" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "virtualCluster" }, { "condition_keys": [ - "events:detail.userIdentity.principalId", - "events:detail-type", - "events:source", - "events:detail.service", - "events:detail.eventTypeCode", "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "events:creatorAccount", - "events:ManagedBy" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -131591,224 +135512,361 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to add targets to a rule", - "privilege": "PutTargets", + "access_level": "Tagging", + "description": "Grants permission to untag the specified resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule-on-custom-event-bus" + "resource_type": "jobRun" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule-on-default-event-bus" + "resource_type": "jobTemplate" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "managedEndpoint" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "securityConfiguration" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "virtualCluster" }, { "condition_keys": [ - "events:TargetArn", - "events:creatorAccount", - "events:ManagedBy" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:emr-containers:${Region}:${Account}:/virtualclusters/${VirtualClusterId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "virtualCluster" }, { - "access_level": "Permissions management", - "description": "Grants permission to revoke the permission of another AWS account to put events to your default event bus", - "privilege": "RemovePermission", + "arn": "arn:${Partition}:emr-containers:${Region}:${Account}:/virtualclusters/${VirtualClusterId}/jobruns/${JobRunId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "jobRun" + }, + { + "arn": "arn:${Partition}:emr-containers:${Region}:${Account}:/jobtemplates/${JobTemplateId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "jobTemplate" + }, + { + "arn": "arn:${Partition}:emr-containers:${Region}:${Account}:/virtualclusters/${VirtualClusterId}/endpoints/${EndpointId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "managedEndpoint" + }, + { + "arn": "arn:${Partition}:emr-containers:${Region}:${Account}:/securityconfigurations/${SecurityConfigurationId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "securityConfiguration" + } + ], + "service_name": "Amazon EMR on EKS (EMR Containers)" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the presence of tag keys in the request", + "type": "ArrayOfString" + } + ], + "prefix": "emr-serverless", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to execute interactive workloads on an application", + "privilege": "AccessInteractiveEndpoints", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "application*" } ] }, { "access_level": "Write", - "description": "Grants permission to removes targets from a rule", - "privilege": "RemoveTargets", + "description": "Grants permission to execute interactive workloads on Livy Endpoint enabled on an EMR Serverless Application", + "privilege": "AccessLivyEndpoints", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "rule-on-custom-event-bus" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "rule-on-default-event-bus" - }, - { - "condition_keys": [ - "events:creatorAccount", - "events:ManagedBy" + "dependent_actions": [ + "iam:PassRole" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "application*" } ] }, { "access_level": "Write", - "description": "Grants permission to retrieve credentials from a connection", - "privilege": "RetrieveConnectionCredentials", + "description": "Grants permission to access system profile logs", + "privilege": "AccessSystemProfileLogs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connection*" + "resource_type": "jobRun*" } ] }, { "access_level": "Write", - "description": "Grants permission to start a replay of an archive", - "privilege": "StartReplay", + "description": "Grants permission to cancel a job run", + "privilege": "CancelJobRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "archive*" - }, + "resource_type": "jobRun*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an Application", + "privilege": "CreateApplication", + "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "event-bus*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an application", + "privilege": "DeleteApplication", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "replay*" + "resource_type": "application*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add a tag to an Amazon EventBridge resource", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to get application", + "privilege": "GetApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-bus" - }, + "resource_type": "application*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get job run dashboard", + "privilege": "GetDashboardForJobRun", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule-on-custom-event-bus" - }, + "resource_type": "jobRun*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a job run", + "privilege": "GetJobRun", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule-on-default-event-bus" - }, + "resource_type": "jobRun*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list applications", + "privilege": "ListApplications", + "resource_types": [ { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}", - "events:creatorAccount" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to test whether an event pattern matches the provided event", - "privilege": "TestEventPattern", + "access_level": "List", + "description": "Grants permission to list job run attempts associated with a job run", + "privilege": "ListJobRunAttempts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "jobRun*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove a tag from an Amazon EventBridge resource", - "privilege": "UntagResource", + "access_level": "List", + "description": "Grants permission to list job runs associated with an application", + "privilege": "ListJobRuns", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-bus" - }, + "resource_type": "application*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list tags for the specified resource", + "privilege": "ListTagsForResource", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule-on-custom-event-bus" + "resource_type": "application" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule-on-default-event-bus" - }, + "resource_type": "jobRun" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to Start an application", + "privilege": "StartApplication", + "resource_types": [ { - "condition_keys": [ - "aws:TagKeys", - "events:creatorAccount" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "application*" } ] }, { "access_level": "Write", - "description": "Grants permission to update an api destination", - "privilege": "UpdateApiDestination", + "description": "Grants permission to start a job run", + "privilege": "StartJobRun", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "application*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "api-destination*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update an archive", - "privilege": "UpdateArchive", + "description": "Grants permission to Stop an application", + "privilege": "StopApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "archive*" + "resource_type": "application*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a connection", - "privilege": "UpdateConnection", + "access_level": "Tagging", + "description": "Grants permission to tag the specified resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connection*" + "resource_type": "application" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "jobRun" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update an endpoint", - "privilege": "UpdateEndpoint", + "access_level": "Tagging", + "description": "Grants permission to untag the specified resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "endpoint*" + "resource_type": "application" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "jobRun" }, { "condition_keys": [ - "events:EventBusArn" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -131817,143 +135875,83 @@ }, { "access_level": "Write", - "description": "Grants permission to update event buses", - "privilege": "UpdateEventBus", + "description": "Grants permission to Update an application", + "privilege": "UpdateApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-bus*" + "resource_type": "application*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:events:${Region}::event-source/${EventSourceName}", - "condition_keys": [], - "resource": "event-source" - }, - { - "arn": "arn:${Partition}:events:${Region}:${Account}:event-bus/${EventBusName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "event-bus" - }, - { - "arn": "arn:${Partition}:events:${Region}:${Account}:rule/${RuleName}", + "arn": "arn:${Partition}:emr-serverless:${Region}:${Account}:/applications/${ApplicationId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "rule-on-default-event-bus" + "resource": "application" }, { - "arn": "arn:${Partition}:events:${Region}:${Account}:rule/${EventBusName}/${RuleName}", + "arn": "arn:${Partition}:emr-serverless:${Region}:${Account}:/applications/${ApplicationId}/jobruns/${JobRunId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "rule-on-custom-event-bus" - }, - { - "arn": "arn:${Partition}:events:${Region}:${Account}:archive/${ArchiveName}", - "condition_keys": [], - "resource": "archive" - }, - { - "arn": "arn:${Partition}:events:${Region}:${Account}:replay/${ReplayName}", - "condition_keys": [], - "resource": "replay" - }, - { - "arn": "arn:${Partition}:events:${Region}:${Account}:connection/${ConnectionName}", - "condition_keys": [], - "resource": "connection" - }, - { - "arn": "arn:${Partition}:events:${Region}:${Account}:api-destination/${ApiDestinationName}", - "condition_keys": [], - "resource": "api-destination" - }, - { - "arn": "arn:${Partition}:events:${Region}:${Account}:endpoint/${EndpointName}", - "condition_keys": [], - "resource": "endpoint" - }, - { - "arn": "arn:${Partition}:events:${Region}:${Account}:target/create-snapshot", - "condition_keys": [], - "resource": "create-snapshot" - }, - { - "arn": "arn:${Partition}:events:${Region}:${Account}:target/reboot-instance", - "condition_keys": [], - "resource": "reboot-instance" - }, - { - "arn": "arn:${Partition}:events:${Region}:${Account}:target/stop-instance", - "condition_keys": [], - "resource": "stop-instance" - }, - { - "arn": "arn:${Partition}:events:${Region}:${Account}:target/terminate-instance", - "condition_keys": [], - "resource": "terminate-instance" + "resource": "jobRun" } ], - "service_name": "Amazon EventBridge" + "service_name": "Amazon EMR Serverless" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed the request on behalf of the IAM principal", + "description": "Filters access by a key that is present in the request the user makes to the entity resolution service", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource that make the request on behalf of the IAM principal", + "description": "Filters access by a tag key and value pair", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request on behalf of the IAM principal", + "description": "Filters access by the list of all the tag key names present in the request the user makes to the entity resolution service", "type": "ArrayOfString" } ], - "prefix": "evidently", + "prefix": "entityresolution", "privileges": [ { - "access_level": "Write", - "description": "Grants permission to send a batched evaluate feature request", - "privilege": "BatchEvaluateFeature", + "access_level": "Permissions management", + "description": "Grants permission to give an AWS service or another account permission to use an AWS Entity Resolution resources", + "privilege": "AddPolicyStatement", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Feature*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create an experiment", - "privilege": "CreateExperiment", + "description": "Grants permission to batch delete unique Id", + "privilege": "BatchDeleteUniqueId", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "MatchingWorkflow*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a feature", - "privilege": "CreateFeature", + "description": "Grants permission to create a idmapping workflow", + "privilege": "CreateIdMappingWorkflow", "resource_types": [ { "condition_keys": [ @@ -131967,8 +135965,8 @@ }, { "access_level": "Write", - "description": "Grants permission to create a launch", - "privilege": "CreateLaunch", + "description": "Grants permission to create a IdNamespace", + "privilege": "CreateIdNamespace", "resource_types": [ { "condition_keys": [ @@ -131982,26 +135980,23 @@ }, { "access_level": "Write", - "description": "Grants permission to create a project", - "privilege": "CreateProject", + "description": "Grants permission to create a matching workflow", + "privilege": "CreateMatchingWorkflow", "resource_types": [ { "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys" ], - "dependent_actions": [ - "iam:CreateServiceLinkedRole", - "iam:GetRole" - ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a segment", - "privilege": "CreateSegment", + "description": "Grants permission to create a schema mapping", + "privilege": "CreateSchemaMapping", "resource_types": [ { "condition_keys": [ @@ -132015,176 +136010,200 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an experiment", - "privilege": "DeleteExperiment", + "description": "Grants permission to delete a idmapping workflow", + "privilege": "DeleteIdMappingWorkflow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Experiment*" + "resource_type": "IdMappingWorkflow*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a feature", - "privilege": "DeleteFeature", + "description": "Grants permission to delete a IdNamespace", + "privilege": "DeleteIdNamespace", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Feature*" + "resource_type": "IdNamespace*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a launch", - "privilege": "DeleteLaunch", + "description": "Grants permission to delete a matching workflow", + "privilege": "DeleteMatchingWorkflow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Launch*" + "resource_type": "MatchingWorkflow*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a project", - "privilege": "DeleteProject", + "access_level": "Permissions management", + "description": "Grants permission to delete permission given to an AWS service or another account permission to use an AWS Entity Resolution resources", + "privilege": "DeletePolicyStatement", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Project*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a segment", - "privilege": "DeleteSegment", + "description": "Grants permission to delete a schema mapping", + "privilege": "DeleteSchemaMapping", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Segment*" + "resource_type": "SchemaMapping*" } ] }, { "access_level": "Write", - "description": "Grants permission to send an evaluate feature request", - "privilege": "EvaluateFeature", + "description": "Grants permission to generate match Id", + "privilege": "GenerateMatchId", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Feature*" + "resource_type": "MatchingWorkflow*" } ] }, { "access_level": "Read", - "description": "Grants permission to get experiment details", - "privilege": "GetExperiment", + "description": "Grants permission to get a idmapping job", + "privilege": "GetIdMappingJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Experiment*" + "resource_type": "IdMappingWorkflow*" } ] }, { "access_level": "Read", - "description": "Grants permission to get experiment result", - "privilege": "GetExperimentResults", + "description": "Grants permission to get a idmapping workflow", + "privilege": "GetIdMappingWorkflow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Experiment*" + "resource_type": "IdMappingWorkflow*" } ] }, { "access_level": "Read", - "description": "Grants permission to get feature details", - "privilege": "GetFeature", + "description": "Grants permission to get a IdNamespace", + "privilege": "GetIdNamespace", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Feature*" + "resource_type": "IdNamespace*" } ] }, { "access_level": "Read", - "description": "Grants permission to get launch details", - "privilege": "GetLaunch", + "description": "Grants permission to get match Id", + "privilege": "GetMatchId", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Launch*" + "resource_type": "MatchingWorkflow*" } ] }, { "access_level": "Read", - "description": "Grants permission to get project details", - "privilege": "GetProject", + "description": "Grants permission to get a matching job", + "privilege": "GetMatchingJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "MatchingWorkflow*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a matching workflow", + "privilege": "GetMatchingWorkflow", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "MatchingWorkflow*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a resource policy for an AWS Entity Resolution resources", + "privilege": "GetPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Project*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get segment details", - "privilege": "GetSegment", + "description": "Grants permission to get provider service", + "privilege": "GetProviderService", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Segment*" + "resource_type": "ProviderService*" } ] }, { "access_level": "Read", - "description": "Grants permission to list experiments", - "privilege": "ListExperiments", + "description": "Grants permission to get a schema mapping", + "privilege": "GetSchemaMapping", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "SchemaMapping*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list features", - "privilege": "ListFeatures", + "access_level": "List", + "description": "Grants permission to list idmapping jobs", + "privilege": "ListIdMappingJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "IdMappingWorkflow*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list launches", - "privilege": "ListLaunches", + "access_level": "List", + "description": "Grants permission to list idmapping workflows", + "privilege": "ListIdMappingWorkflows", "resource_types": [ { "condition_keys": [], @@ -132194,9 +136213,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list projects", - "privilege": "ListProjects", + "access_level": "List", + "description": "Grants permission to list IdNamespaces", + "privilege": "ListIdNamespaces", "resource_types": [ { "condition_keys": [], @@ -132206,21 +136225,21 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list resources referencing a segment", - "privilege": "ListSegmentReferences", + "access_level": "List", + "description": "Grants permission to list matching jobs", + "privilege": "ListMatchingJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "MatchingWorkflow*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list segments", - "privilege": "ListSegments", + "access_level": "List", + "description": "Grants permission to list matching workflows", + "privilege": "ListMatchingWorkflows", "resource_types": [ { "condition_keys": [], @@ -132230,9 +136249,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list tags for resources", - "privilege": "ListTagsForResource", + "access_level": "List", + "description": "Grants permission to list provider service", + "privilege": "ListProviderServices", "resource_types": [ { "condition_keys": [], @@ -132242,94 +136261,94 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to send performance events", - "privilege": "PutProjectEvents", + "access_level": "List", + "description": "Grants permission to list schema mappings", + "privilege": "ListSchemaMappings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Project*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to start an experiment", - "privilege": "StartExperiment", + "access_level": "Read", + "description": "Grants permission to List tags for a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Experiment*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to start a launch", - "privilege": "StartLaunch", + "access_level": "Permissions management", + "description": "Grants permission to put a resource policy for an AWS Entity Resolution resources", + "privilege": "PutPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Launch*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to stop an experiment", - "privilege": "StopExperiment", + "description": "Grants permission to start a idmapping job", + "privilege": "StartIdMappingJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Experiment*" + "resource_type": "IdMappingWorkflow*" } ] }, { "access_level": "Write", - "description": "Grants permission to stop a launch", - "privilege": "StopLaunch", + "description": "Grants permission to start a matching job", + "privilege": "StartMatchingJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Launch*" + "resource_type": "MatchingWorkflow*" } ] }, { "access_level": "Tagging", - "description": "Grants permission to tag resources", + "description": "Grants permission to adds tags to a resource", "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Experiment" + "resource_type": "IdMappingWorkflow" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Feature" + "resource_type": "IdNamespace" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Launch" + "resource_type": "MatchingWorkflow" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Project" + "resource_type": "ProviderService" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Segment" + "resource_type": "SchemaMapping" }, { "condition_keys": [ @@ -132341,47 +136360,35 @@ } ] }, - { - "access_level": "Read", - "description": "Grants permission to test a segment pattern", - "privilege": "TestSegmentPattern", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, { "access_level": "Tagging", - "description": "Grants permission to untag resources", + "description": "Grants permission to untag a resource", "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Experiment" + "resource_type": "IdMappingWorkflow" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Feature" + "resource_type": "IdNamespace" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Launch" + "resource_type": "MatchingWorkflow" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Project" + "resource_type": "ProviderService" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Segment" + "resource_type": "SchemaMapping" }, { "condition_keys": [ @@ -132394,256 +136401,303 @@ }, { "access_level": "Write", - "description": "Grants permission to update experiment", - "privilege": "UpdateExperiment", + "description": "Grants permission to update a idmapping workflow", + "privilege": "UpdateIdMappingWorkflow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Experiment*" + "resource_type": "IdMappingWorkflow*" } ] }, { "access_level": "Write", - "description": "Grants permission to update feature", - "privilege": "UpdateFeature", + "description": "Grants permission to update a IdNamespace", + "privilege": "UpdateIdNamespace", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Feature*" + "resource_type": "IdNamespace*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a launch", - "privilege": "UpdateLaunch", + "description": "Grants permission to update a matching workflow", + "privilege": "UpdateMatchingWorkflow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Launch*" + "resource_type": "MatchingWorkflow*" } ] }, { "access_level": "Write", - "description": "Grants permission to update project", - "privilege": "UpdateProject", + "description": "Grants permission to update a schema mapping", + "privilege": "UpdateSchemaMapping", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:CreateServiceLinkedRole", - "iam:GetRole" - ], - "resource_type": "Project*" + "dependent_actions": [], + "resource_type": "SchemaMapping*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update project data delivery", - "privilege": "UpdateProjectDataDelivery", + "access_level": "Permissions management", + "description": "Grants permission to give an AWS service or another account permission to use IdNamespace within a workflow", + "privilege": "UseIdNamespace", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Project*" + "resource_type": "" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to give an AWS service or another account permission to use workflow within a IdNamespace", + "privilege": "UseWorkflow", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" } ] } ], "resources": [ { - "arn": "arn:${Partition}:evidently:${Region}:${Account}:project/${ProjectName}", + "arn": "arn:${Partition}:entityresolution:${Region}:${Account}:matchingworkflow/${WorkflowName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "Project" + "resource": "MatchingWorkflow" }, { - "arn": "arn:${Partition}:evidently:${Region}:${Account}:project/${ProjectName}/feature/${FeatureName}", + "arn": "arn:${Partition}:entityresolution:${Region}:${Account}:schemamapping/${SchemaName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "Feature" + "resource": "SchemaMapping" }, { - "arn": "arn:${Partition}:evidently:${Region}:${Account}:project/${ProjectName}/experiment/${ExperimentName}", + "arn": "arn:${Partition}:entityresolution:${Region}:${Account}:idmappingworkflow/${WorkflowName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "Experiment" + "resource": "IdMappingWorkflow" }, { - "arn": "arn:${Partition}:evidently:${Region}:${Account}:project/${ProjectName}/launch/${LaunchName}", + "arn": "arn:${Partition}:entityresolution:${Region}:${Account}:providerservice/${ProviderName}/${ProviderServiceName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "Launch" + "resource": "ProviderService" }, { - "arn": "arn:${Partition}:evidently:${Region}:${Account}:segment/${SegmentName}", + "arn": "arn:${Partition}:entityresolution:${Region}:${Account}:idnamespace/${IdNamespaceName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "Segment" + "resource": "IdNamespace" } ], - "service_name": "Amazon CloudWatch Evidently" + "service_name": "AWS Entity Resolution" }, { "conditions": [ { - "condition": "execute-api:viaDomainArn", - "description": "Filters access by the domain name ARN the API is called from", + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access based on the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access based on the tags associated with the resource", "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access based on the tag keys that are passed in the request", + "type": "ArrayOfString" } ], - "prefix": "execute-api", + "prefix": "es", "privileges": [ { "access_level": "Write", - "description": "Used to invalidate API cache upon a client request", - "privilege": "InvalidateCache", + "description": "Grants permission to the destination domain owner to accept an inbound cross-cluster search connection request", + "privilege": "AcceptInboundConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "execute-api-general*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Used to invoke an API upon a client request", - "privilege": "Invoke", + "description": "Grants permission to the destination domain owner to accept an inbound cross-cluster search connection request. This permission is deprecated. Use AcceptInboundConnection instead", + "privilege": "AcceptInboundCrossClusterSearchConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "execute-api-domain" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to add the data source for the OpenSearch Service domain", + "privilege": "AddDataSource", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "execute-api-general" + "resource_type": "domain*" } ] }, { "access_level": "Write", - "description": "ManageConnections controls access to the @connections API", - "privilege": "ManageConnections", + "description": "Grants permission to add the data source for the provided OpenSearch arns", + "privilege": "AddDirectQueryDataSource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "execute-api-general*" + "resource_type": "datasource*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:execute-api:${Region}:${Account}:${ApiId}/${Stage}/${Method}/${ApiSpecificResourcePath}", - "condition_keys": [ - "execute-api:viaDomainArn" - ], - "resource": "execute-api-general" }, { - "arn": "arn:${Partition}:execute-api:${Region}:${Account}:/domainnames/${DomainName}+${DomainIdentifier}", - "condition_keys": [], - "resource": "execute-api-domain" - } - ], - "service_name": "Amazon API Gateway" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request", - "type": "String" + "access_level": "Tagging", + "description": "Grants permission to attach resource tags to an OpenSearch Service domain, data source, or application", + "privilege": "AddTags", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "datasource*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tag key-value pairs attached to the resource", - "type": "String" + "access_level": "Write", + "description": "Grants permission to associate a package with an OpenSearch Service domain", + "privilege": "AssociatePackage", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain*" + } + ] }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the presence of tag keys in the request", - "type": "ArrayOfString" - } - ], - "prefix": "finspace", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to connect to a kdb cluster", - "privilege": "ConnectKxCluster", + "description": "Grants permission to associate multiple packages with an OpenSearch Service domain", + "privilege": "AssociatePackages", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxCluster*" + "resource_type": "domain*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a FinSpace environment", - "privilege": "CreateEnvironment", + "description": "Grants permission to provide access to an Amazon OpenSearch Service domain through the use of an interface VPC endpoint", + "privilege": "AuthorizeVpcEndpointAccess", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to cancel a change on an OpenSearch Service domain", + "privilege": "CancelDomainConfigChange", + "resource_types": [ { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "domain*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a changeset for a kdb database", - "privilege": "CreateKxChangeset", + "description": "Grants permission to cancel a service software update of a domain. This permission is deprecated. Use CancelServiceSoftwareUpdate instead", + "privilege": "CancelElasticsearchServiceSoftwareUpdate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxDatabase*" + "resource_type": "domain*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a cluster in a managed kdb environment", - "privilege": "CreateKxCluster", + "description": "Grants permission to cancel a service software update of a domain", + "privilege": "CancelServiceSoftwareUpdate", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:DescribeSubnets", - "finspace:MountKxDatabase" - ], - "resource_type": "kxCluster*" - }, + "dependent_actions": [], + "resource_type": "domain*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an OpenSearch Application", + "privilege": "CreateApplication", + "resource_types": [ { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -132652,18 +136706,18 @@ }, { "access_level": "Write", - "description": "Grants permission to create a kdb database in a managed kdb environment", - "privilege": "CreateKxDatabase", + "description": "Grants permission to create an Amazon OpenSearch Service domain", + "privilege": "CreateDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxDatabase*" + "resource_type": "domain" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -132672,18 +136726,18 @@ }, { "access_level": "Write", - "description": "Grants permission to create a dataview in a managed kdb environment", - "privilege": "CreateKxDataview", + "description": "Grants permission to create an OpenSearch Service domain. This permission is deprecated. Use CreateDomain instead", + "privilege": "CreateElasticsearchDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxDataview*" + "resource_type": "domain" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -132692,14 +136746,11 @@ }, { "access_level": "Write", - "description": "Grants permission to create a managed kdb environment", - "privilege": "CreateKxEnvironment", + "description": "Grants permission to create the service-linked role required for OpenSearch Service domains that use VPC access. This permission is deprecated. OpenSearch Service creates the service-linked role for you", + "privilege": "CreateElasticsearchServiceRole", "resource_types": [ { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -132707,39 +136758,35 @@ }, { "access_level": "Write", - "description": "Grants permission to create a scaling group in a managed kdb environment", - "privilege": "CreateKxScalingGroup", + "description": "Grants permission to create a new cross-cluster search connection from a source domain to a destination domain", + "privilege": "CreateOutboundConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxScalingGroup*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "domain*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a user in a managed kdb environment", - "privilege": "CreateKxUser", + "description": "Grants permission to create a new cross-cluster search connection from a source domain to a destination domain. This permission is deprecated. Use CreateOutboundConnection instead", + "privilege": "CreateOutboundCrossClusterSearchConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxEnvironment*" - }, + "resource_type": "domain*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to add a package for use with OpenSearch Service domains", + "privilege": "CreatePackage", + "resource_types": [ { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -132747,19 +136794,23 @@ }, { "access_level": "Write", - "description": "Grants permission to create a volume in a managed kdb environment", - "privilege": "CreateKxVolume", + "description": "Grants permission to create the service-linked role required for Amazon OpenSearch Service domains that use VPC access", + "privilege": "CreateServiceRole", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxVolume*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an Amazon OpenSearch Service-managed VPC endpoint", + "privilege": "CreateVpcEndpoint", + "resource_types": [ { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -132767,364 +136818,380 @@ }, { "access_level": "Write", - "description": "Grants permission to create a FinSpace user", - "privilege": "CreateUser", + "description": "Grants permission to delete an OpenSearch Application", + "privilege": "DeleteApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" - }, + "resource_type": "application*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the data source for the OpenSearch Service domain", + "privilege": "DeleteDataSource", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" - }, + "resource_type": "domain*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the data source for the provided OpenSearch arns", + "privilege": "DeleteDirectQueryDataSource", + "resource_types": [ { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "datasource*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a FinSpace environment", - "privilege": "DeleteEnvironment", + "description": "Grants permission to delete an Amazon OpenSearch Service domain and all of its data", + "privilege": "DeleteDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "domain*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a kdb cluster", - "privilege": "DeleteKxCluster", + "description": "Grants permission to delete an OpenSearch Service domain and all of its data. This permission is deprecated. Use DeleteDomain instead", + "privilege": "DeleteElasticsearchDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxCluster*" + "resource_type": "domain*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a node from a kdb cluster", - "privilege": "DeleteKxClusterNode", + "description": "Grants permission to delete the service-linked role required for OpenSearch Service domains that use VPC access. This permission is deprecated. Use the IAM API to delete service-linked roles", + "privilege": "DeleteElasticsearchServiceRole", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxCluster*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a kdb database", - "privilege": "DeleteKxDatabase", + "description": "Grants permission to the destination domain owner to delete an existing inbound cross-cluster search connection", + "privilege": "DeleteInboundConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxDatabase*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a dataview in a managed kdb environment", - "privilege": "DeleteKxDataview", + "description": "Grants permission to the destination domain owner to delete an existing inbound cross-cluster search connection. This permission is deprecated. Use DeleteInboundConnection instead", + "privilege": "DeleteInboundCrossClusterSearchConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxDataview*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a managed kdb environment", - "privilege": "DeleteKxEnvironment", + "description": "Grants permission to the source domain owner to delete an existing outbound cross-cluster search connection", + "privilege": "DeleteOutboundConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxEnvironment*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a scaling group in a managed kdb environment", - "privilege": "DeleteKxScalingGroup", + "description": "Grants permission to the source domain owner to delete an existing outbound cross-cluster search connection. This permission is deprecated. Use DeleteOutboundConnection instead", + "privilege": "DeleteOutboundCrossClusterSearchConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxScalingGroup*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a kdb user", - "privilege": "DeleteKxUser", + "description": "Grants permission to delete a package from OpenSearch Service. The package cannot be associated with any domains", + "privilege": "DeletePackage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxUser*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a volume in a managed kdb environment", - "privilege": "DeleteKxVolume", + "description": "Grants permission to delete an Amazon OpenSearch Service-managed interface VPC endpoint", + "privilege": "DeleteVpcEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxVolume*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a FinSpace environment", - "privilege": "GetEnvironment", + "description": "Grants permission to view a description of the domain configuration for the specified OpenSearch Service domain, including the domain ID, service endpoint, and ARN", + "privilege": "DescribeDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "domain*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a changeset for a kdb database", - "privilege": "GetKxChangeset", + "description": "Grants permission to view the Auto-Tune configuration of the domain for the specified OpenSearch Service domain, including the Auto-Tune state and maintenance schedules", + "privilege": "DescribeDomainAutoTunes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxDatabase*" + "resource_type": "domain*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a cluster in a managed kdb environment", - "privilege": "GetKxCluster", + "description": "Grants permission to view detail stage progress of an OpenSearch Service domain", + "privilege": "DescribeDomainChangeProgress", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxCluster*" + "resource_type": "domain*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve a connection string for kdb clusters", - "privilege": "GetKxConnectionString", + "description": "Grants permission to view a description of the configuration options and status of an OpenSearch Service domain", + "privilege": "DescribeDomainConfig", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "finspace:ConnectKxCluster" - ], - "resource_type": "kxCluster*" + "dependent_actions": [], + "resource_type": "domain*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a kdb database", - "privilege": "GetKxDatabase", + "description": "Grants permission to view information about domain and node health, the standby Availability Zone, number of nodes per Availability Zone, and shard count per node", + "privilege": "DescribeDomainHealth", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxDatabase*" + "resource_type": "domain*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a databiew in a managed kdb environment", - "privilege": "GetKxDataview", + "description": "Grants permission to view information about nodes configured for the domain and their configurations- the node id, type of node, status of node, Availability Zone, instance type and storage", + "privilege": "DescribeDomainNodes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxDataview*" + "resource_type": "domain*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a managed kdb environment", - "privilege": "GetKxEnvironment", + "access_level": "List", + "description": "Grants permission to view a description of the domain configuration for up to five specified OpenSearch Service domains", + "privilege": "DescribeDomains", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxEnvironment*" + "resource_type": "domain*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a scaling group in a managed kdb environment", - "privilege": "GetKxScalingGroup", + "description": "Grants permission to describe the status of a pre-update validation check on an OpenSearch Service domain", + "privilege": "DescribeDryRunProgress", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxScalingGroup*" + "resource_type": "domain*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a kdb user", - "privilege": "GetKxUser", + "description": "Grants permission to view a description of the domain configuration for the specified OpenSearch Service domain, including the domain ID, service endpoint, and ARN. This permission is deprecated. Use DescribeDomain instead", + "privilege": "DescribeElasticsearchDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxUser*" + "resource_type": "domain*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a volume in a managed kdb environment", - "privilege": "GetKxVolume", + "description": "Grants permission to view a description of the configuration and status of an OpenSearch Service domain. This permission is deprecated. Use DescribeDomainConfig instead", + "privilege": "DescribeElasticsearchDomainConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxVolume*" + "resource_type": "domain*" } ] }, { - "access_level": "Read", - "description": "Grants permission to request status of the loading of sample data bundle", - "privilege": "GetLoadSampleDataSetGroupIntoEnvironmentStatus", + "access_level": "List", + "description": "Grants permission to view a description of the domain configuration for up to five specified Amazon OpenSearch domains. This permission is deprecated. Use DescribeDomains instead", + "privilege": "DescribeElasticsearchDomains", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "domain*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a FinSpace user", - "privilege": "GetUser", + "access_level": "List", + "description": "Grants permission to view the instance count, storage, and master node limits for a given OpenSearch version and instance type. This permission is deprecated. Use DescribeInstanceTypeLimits instead", + "privilege": "DescribeElasticsearchInstanceTypeLimits", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all the inbound cross-cluster search connections for a destination domain", + "privilege": "DescribeInboundConnections", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list FinSpace environments in the AWS account", - "privilege": "ListEnvironments", + "description": "Grants permission to list all the inbound cross-cluster search connections for a destination domain. This permission is deprecated. Use DescribeInboundConnections instead", + "privilege": "DescribeInboundCrossClusterSearchConnections", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list changesets for a kdb database", - "privilege": "ListKxChangesets", + "description": "Grants permission to view the instance count, storage, and master node limits for a given engine version and instance type", + "privilege": "DescribeInstanceTypeLimits", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxDatabase*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list cluster nodes in a managed kdb environment", - "privilege": "ListKxClusterNodes", + "description": "Grants permission to list all the outbound cross-cluster search connections for a source domain", + "privilege": "DescribeOutboundConnections", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxCluster*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list clusters in a managed kdb environment", - "privilege": "ListKxClusters", + "description": "Grants permission to list all the outbound cross-cluster search connections for a source domain. This permission is deprecated. Use DescribeOutboundConnections instead", + "privilege": "DescribeOutboundCrossClusterSearchConnections", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxEnvironment*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list kdb databases in a managed kdb environment", - "privilege": "ListKxDatabases", + "access_level": "Read", + "description": "Grants permission to describe all packages available to OpenSearch Service domains", + "privilege": "DescribePackages", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxEnvironment*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list dataviews in a database", - "privilege": "ListKxDataviews", + "description": "Grants permission to fetch Reserved Instance offerings for Amazon OpenSearch Service. This permission is deprecated. Use DescribeReservedInstanceOfferings instead", + "privilege": "DescribeReservedElasticsearchInstanceOfferings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxDatabase*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list managed kdb environments", - "privilege": "ListKxEnvironments", + "description": "Grants permission to fetch OpenSearch Service Reserved Instances that have already been purchased. This permission is deprecated. Use DescribeReservedInstances instead", + "privilege": "DescribeReservedElasticsearchInstances", "resource_types": [ { "condition_keys": [], @@ -133135,836 +137202,942 @@ }, { "access_level": "List", - "description": "Grants permission to list scaling groups in a managed kdb environment", - "privilege": "ListKxScalingGroups", + "description": "Grants permission to fetch Reserved Instance offerings for OpenSearch Service", + "privilege": "DescribeReservedInstanceOfferings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxEnvironment*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list users in a managed kdb environment", - "privilege": "ListKxUsers", + "description": "Grants permission to fetch OpenSearch Service Reserved Instances that have already been purchased", + "privilege": "DescribeReservedInstances", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxEnvironment*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list volumes in a managed kdb environment", - "privilege": "ListKxVolumes", + "description": "Grants permission to describe one or more Amazon OpenSearch Service-managed VPC endpoints", + "privilege": "DescribeVpcEndpoints", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxEnvironment*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to return a list of tags for a resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to disassociate a package from the specified OpenSearch Service domain", + "privilege": "DissociatePackage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" - }, + "resource_type": "domain*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disassociate multiple packages from the specified OpenSearch Service domain", + "privilege": "DissociatePackages", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxCluster*" - }, + "resource_type": "domain*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to send cross-cluster requests to a destination domain", + "privilege": "ESCrossClusterGet", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxDatabase*" - }, + "resource_type": "domain" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to send HTTP DELETE requests to the OpenSearch APIs", + "privilege": "ESHttpDelete", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxDataview*" - }, + "resource_type": "domain" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to send HTTP GET requests to the OpenSearch APIs", + "privilege": "ESHttpGet", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxEnvironment*" - }, + "resource_type": "domain" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to send HTTP HEAD requests to the OpenSearch APIs", + "privilege": "ESHttpHead", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxScalingGroup*" - }, + "resource_type": "domain" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to send HTTP PATCH requests to the OpenSearch APIs", + "privilege": "ESHttpPatch", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxUser*" - }, + "resource_type": "domain" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to send HTTP POST requests to the OpenSearch APIs", + "privilege": "ESHttpPost", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxVolume*" + "resource_type": "domain" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to send HTTP PUT requests to the OpenSearch APIs", + "privilege": "ESHttpPut", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get information about an OpenSearch Application", + "privilege": "GetApplication", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" } ] }, { "access_level": "List", - "description": "Grants permission to list FinSpace users in an environment", - "privilege": "ListUsers", + "description": "Grants permission to fetch a list of compatible OpenSearch and Elasticsearch versions to which an OpenSearch Service domain can be upgraded. This permission is deprecated. Use GetCompatibleVersions instead", + "privilege": "GetCompatibleElasticsearchVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" - }, + "resource_type": "domain*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to fetch list of compatible engine versions to which an OpenSearch Service domain can be upgraded", + "privilege": "GetCompatibleVersions", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "domain*" } ] }, { - "access_level": "Write", - "description": "Grants permission to load sample data bundle into your FinSpace environment", - "privilege": "LoadSampleDataSetGroupIntoEnvironment", + "access_level": "Read", + "description": "Grants permission to get the data source for the OpenSearch Service domain", + "privilege": "GetDataSource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "domain*" } ] }, { - "access_level": "Write", - "description": "Grants permission to mount a database to a kdb cluster", - "privilege": "MountKxDatabase", + "access_level": "Read", + "description": "Grants permission to get the data source for the provided OpenSearch arns", + "privilege": "GetDirectQueryDataSource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxDatabase*" + "resource_type": "datasource*" } ] }, { - "access_level": "Write", - "description": "Grants permission to reset the password for a FinSpace user", - "privilege": "ResetUserPassword", + "access_level": "Read", + "description": "Grants permission to retrieve the status of maintenance action for the node", + "privilege": "GetDomainMaintenanceStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" - }, + "resource_type": "domain*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to fetch the version history for a package", + "privilege": "GetPackageVersionHistory", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag a resource", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to fetch the upgrade history of a given OpenSearch Service domain", + "privilege": "GetUpgradeHistory", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment" - }, + "resource_type": "domain*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to fetch the upgrade status of a given OpenSearch Service domain", + "privilege": "GetUpgradeStatus", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxCluster" - }, + "resource_type": "domain*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list OpenSearch Applications", + "privilege": "ListApplications", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxDatabase" - }, + "resource_type": "application*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve a list of data source for the OpenSearch Service domain", + "privilege": "ListDataSources", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxDataview" - }, + "resource_type": "domain*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve a list of data source for the provided OpenSearch arns", + "privilege": "ListDirectQueryDataSources", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxEnvironment" - }, + "resource_type": "datasource*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve a list of maintenance actions for the OpenSearch Service domain", + "privilege": "ListDomainMaintenances", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxScalingGroup" - }, + "resource_type": "domain*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to display the names of all OpenSearch Service domains that the current user owns", + "privilege": "ListDomainNames", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxUser" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all OpenSearch Service domains that a package is associated with", + "privilege": "ListDomainsForPackage", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxVolume" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all instance types and available features for a given OpenSearch version. This permission is deprecated. Use ListInstanceTypeDetails instead", + "privilege": "ListElasticsearchInstanceTypeDetails", + "resource_types": [ { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag a resource", - "privilege": "UntagResource", + "access_level": "List", + "description": "Grants permission to list all EC2 instance types that are supported for a given OpenSearch version", + "privilege": "ListElasticsearchInstanceTypes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all supported OpenSearch versions on Amazon OpenSearch Service. This permission is deprecated. Use ListVersions instead", + "privilege": "ListElasticsearchVersions", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxCluster" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all instance types and available features for a given OpenSearch or Elasticsearch version", + "privilege": "ListInstanceTypeDetails", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxDatabase" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all packages associated with the OpenSearch Service domain", + "privilege": "ListPackagesForDomain", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxDataview" - }, + "resource_type": "domain*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve a list of configuration changes that are scheduled for a OpenSearch Service domain", + "privilege": "ListScheduledActions", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxEnvironment" - }, + "resource_type": "domain*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to display all resource tags for an OpenSearch Service domain, data source, or application", + "privilege": "ListTags", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxScalingGroup" + "resource_type": "application*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxUser" + "resource_type": "datasource*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxVolume" - }, + "resource_type": "domain*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all supported OpenSearch and Elasticsearch versions in Amazon OpenSearch Service", + "privilege": "ListVersions", + "resource_types": [ { - "condition_keys": [ - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a FinSpace environment", - "privilege": "UpdateEnvironment", + "access_level": "List", + "description": "Grants permission to retrieve information about each AWS principal that is allowed to access a given Amazon OpenSearch Service domain through the use of an interface VPC endpoint", + "privilege": "ListVpcEndpointAccess", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update code configuration for a cluster in a managed kdb environment", - "privilege": "UpdateKxClusterCodeConfiguration", + "access_level": "List", + "description": "Grants permission to retrieve all Amazon OpenSearch Service-managed VPC endpoints in the current AWS account and Region", + "privilege": "ListVpcEndpoints", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxCluster*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update databases for a cluster in a managed kdb environment", - "privilege": "UpdateKxClusterDatabases", + "access_level": "List", + "description": "Grants permission to retrieve all Amazon OpenSearch Service-managed VPC endpoints associated with a particular domain", + "privilege": "ListVpcEndpointsForDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxCluster*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a kdb database", - "privilege": "UpdateKxDatabase", + "description": "Grants permission to purchase OpenSearch Service Reserved Instances. This permission is deprecated. Use PurchaseReservedInstanceOffering instead", + "privilege": "PurchaseReservedElasticsearchInstanceOffering", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxDatabase*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a dataview in a managed kdb environment", - "privilege": "UpdateKxDataview", + "description": "Grants permission to purchase OpenSearch reserved instances", + "privilege": "PurchaseReservedInstanceOffering", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxDataview*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a managed kdb environment", - "privilege": "UpdateKxEnvironment", + "description": "Grants permission to the destination domain owner to reject an inbound cross-cluster search connection request", + "privilege": "RejectInboundConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxEnvironment*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the network for a managed kdb environment", - "privilege": "UpdateKxEnvironmentNetwork", + "description": "Grants permission to the destination domain owner to reject an inbound cross-cluster search connection request. This permission is deprecated. Use RejectInboundConnection instead", + "privilege": "RejectInboundCrossClusterSearchConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxEnvironment*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a kdb user", - "privilege": "UpdateKxUser", + "access_level": "Tagging", + "description": "Grants permission to remove resource tags from an OpenSearch Service domain, data source, or application", + "privilege": "RemoveTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxUser*" + "resource_type": "application*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "datasource*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain*" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a volume in a managed kdb environment", - "privilege": "UpdateKxVolume", + "description": "Grants permission to revoke access to an Amazon OpenSearch Service domain that was provided through an interface VPC endpoint", + "privilege": "RevokeVpcEndpointAccess", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxVolume*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a FinSpace user", - "privilege": "UpdateUser", + "description": "Grants permission to initiate the maintenance on the node", + "privilege": "StartDomainMaintenance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "user*" + "resource_type": "domain*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:finspace:${Region}:${Account}:environment/${EnvironmentId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "environment" - }, - { - "arn": "arn:${Partition}:finspace:${Region}:${Account}:user/${UserId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "user" - }, - { - "arn": "arn:${Partition}:finspace:${Region}:${Account}:kxEnvironment/${EnvironmentId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "kxEnvironment" - }, - { - "arn": "arn:${Partition}:finspace:${Region}:${Account}:kxEnvironment/${EnvironmentId}/kxUser/${UserName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "kxUser" - }, - { - "arn": "arn:${Partition}:finspace:${Region}:${Account}:kxEnvironment/${EnvironmentId}/kxCluster/${KxCluster}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "kxCluster" - }, - { - "arn": "arn:${Partition}:finspace:${Region}:${Account}:kxEnvironment/${EnvironmentId}/kxDatabase/${KxDatabase}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "kxDatabase" - }, - { - "arn": "arn:${Partition}:finspace:${Region}:${Account}:kxEnvironment/${EnvironmentId}/kxScalingGroup/${KxScalingGroup}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "kxScalingGroup" - }, - { - "arn": "arn:${Partition}:finspace:${Region}:${Account}:kxEnvironment/${EnvironmentId}/kxDatabase/${KxDatabase}/kxDataview/${KxDataview}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "kxDataview" }, { - "arn": "arn:${Partition}:finspace:${Region}:${Account}:kxEnvironment/${EnvironmentId}/kxVolume/${KxVolume}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "kxVolume" - } - ], - "service_name": "Amazon FinSpace" - }, - { - "conditions": [], - "prefix": "finspace-api", - "privileges": [ - { - "access_level": "Read", - "description": "Grants permission to retrieve FinSpace programmatic access credentials", - "privilege": "GetProgrammaticAccessCredentials", + "access_level": "Write", + "description": "Grants permission to start a service software update of a domain. This permission is deprecated. Use StartServiceSoftwareUpdate instead", + "privilege": "StartElasticsearchServiceSoftwareUpdate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "credential*" + "resource_type": "domain*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:finspace-api:${Region}:${Account}:/credentials/programmatic", - "condition_keys": [], - "resource": "credential" - } - ], - "service_name": "Amazon FinSpace API" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", - "type": "String" }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", - "type": "ArrayOfString" - } - ], - "prefix": "firehose", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to create a delivery stream", - "privilege": "CreateDeliveryStream", + "description": "Grants permission to start a service software update of a domain", + "privilege": "StartServiceSoftwareUpdate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deliverystream*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "domain*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a delivery stream and its data", - "privilege": "DeleteDeliveryStream", + "description": "Grants permission to update an OpenSearch Application", + "privilege": "UpdateApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deliverystream*" + "resource_type": "application*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe the specified delivery stream and gets the status", - "privilege": "DescribeDeliveryStream", + "access_level": "Write", + "description": "Grants permission to update the data source for the OpenSearch Service domain", + "privilege": "UpdateDataSource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deliverystream*" + "resource_type": "domain*" } ] }, { - "access_level": "List", - "description": "Grants permission to list your delivery streams", - "privilege": "ListDeliveryStreams", + "access_level": "Write", + "description": "Grants permission to update the data source for the provided OpenSearch arns", + "privilege": "UpdateDirectQueryDataSource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "datasource*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the tags for the specified delivery stream", - "privilege": "ListTagsForDeliveryStream", + "access_level": "Write", + "description": "Grants permission to modify the configuration of an OpenSearch Service domain, such as the instance type or number of instances", + "privilege": "UpdateDomainConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deliverystream*" + "resource_type": "domain*" } ] }, { "access_level": "Write", - "description": "Grants permission to write a single data record into an Amazon Kinesis Firehose delivery stream", - "privilege": "PutRecord", + "description": "Grants permission to modify the configuration of an OpenSearch Service domain, such as the instance type or number of instances. This permission is deprecated. Use UpdateDomainConfig instead", + "privilege": "UpdateElasticsearchDomainConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deliverystream*" + "resource_type": "domain*" } ] }, { "access_level": "Write", - "description": "Grants permission to write multiple data records into a delivery stream in a single call, which can achieve higher throughput per producer than when writing single records", - "privilege": "PutRecordBatch", + "description": "Grants permission to update a package for use with OpenSearch Service domains", + "privilege": "UpdatePackage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deliverystream*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to enable server-side encryption (SSE) for the delivery stream", - "privilege": "StartDeliveryStreamEncryption", + "description": "Grants permission to update scope a package", + "privilege": "UpdatePackageScope", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deliverystream*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to disable the specified destination of the specified delivery stream", - "privilege": "StopDeliveryStreamEncryption", + "description": "Grants permission to reschedule a planned OpenSearch Service domain configuration change for a later time", + "privilege": "UpdateScheduledAction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deliverystream*" + "resource_type": "domain*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add or update tags for the specified delivery stream", - "privilege": "TagDeliveryStream", + "access_level": "Write", + "description": "Grants permission to modify an Amazon OpenSearch Service-managed interface VPC endpoint", + "privilege": "UpdateVpcEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deliverystream*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from the specified delivery stream", - "privilege": "UntagDeliveryStream", + "access_level": "Write", + "description": "Grants permission to initiate upgrade of an OpenSearch Service domain to a given version", + "privilege": "UpgradeDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deliverystream*" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "domain*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the specified destination of the specified delivery stream", - "privilege": "UpdateDestination", + "description": "Grants permission to initiate upgrade of an OpenSearch Service domain to a specified version. This permission is deprecated. Use UpgradeDomain instead", + "privilege": "UpgradeElasticsearchDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deliverystream*" + "resource_type": "domain*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:firehose:${Region}:${Account}:deliverystream/${DeliveryStreamName}", + "arn": "arn:${Partition}:es:${Region}:${Account}:domain/${DomainName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "deliverystream" + "resource": "domain" + }, + { + "arn": "arn:${Partition}:opensearch:${Region}:${Account}:application/${AppId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "application" + }, + { + "arn": "arn:${Partition}:iam::${Account}:role/aws-service-role/es.amazonaws.com/AWSServiceRoleForAmazonOpenSearchService", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "es_role" + }, + { + "arn": "arn:${Partition}:iam::${Account}:role/aws-service-role/opensearchservice.amazonaws.com/AWSServiceRoleForAmazonOpenSearchService", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "opensearchservice_role" + }, + { + "arn": "arn:${Partition}:opensearch:${Region}:${Account}:datasource/${DataSourceName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "datasource" } ], - "service_name": "Amazon Kinesis Firehose" + "service_name": "Amazon OpenSearch Service" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by a tag key and value pair that is allowed in the request", + "description": "Filters access by the allowed set of values for each of the tags to event bus and rule actions", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by a tag key and value pair of a resource", + "description": "Filters access by tag-value associated with the resource to event bus and rule actions", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by a list of tag keys that are allowed in the request", + "description": "Filters access by the tags in the request to event bus and rule actions", "type": "ArrayOfString" }, { - "condition": "fis:Operations", - "description": "Filters access by the list of operations on the AWS service that is being affected by the AWS FIS action", - "type": "ArrayOfString" + "condition": "events:EventBusArn", + "description": "Filters access by the ARN of the event buses that can be associated with an endpoint to CreateEndpoint and UpdateEndpoint actions", + "type": "ArrayOfARN" }, { - "condition": "fis:Percentage", - "description": "Filters access by the percentage of calls being affected by the AWS FIS action", - "type": "Numeric" + "condition": "events:ManagedBy", + "description": "Filters access by AWS services. If a rule is created by an AWS service on your behalf, the value is the principal name of the service that created the rule", + "type": "String" }, { - "condition": "fis:Service", - "description": "Filters access by the AWS service that is being affected by the AWS FIS action", + "condition": "events:TargetArn", + "description": "Filters access by the ARN of a target that can be put to a rule to PutTargets actions. TargetARN doesn't include DeadLetterConfigArn", + "type": "ArrayOfARN" + }, + { + "condition": "events:creatorAccount", + "description": "Filters access by the account the rule was created in to rule actions", "type": "String" }, { - "condition": "fis:Targets", - "description": "Filters access by the list of resource ARNs being targeted by the AWS FIS action", + "condition": "events:detail-type", + "description": "Filters access by the literal string of the detail-type of the event to PutEvents and PutRule actions", + "type": "String" + }, + { + "condition": "events:detail.eventTypeCode", + "description": "Filters access by the literal string for the detail.eventTypeCode field of the event to PutRule actions", + "type": "String" + }, + { + "condition": "events:detail.service", + "description": "Filters access by the literal string for the detail.service field of the event to PutRule actions", + "type": "String" + }, + { + "condition": "events:detail.userIdentity.principalId", + "description": "Filters access by the literal string for the detail.useridentity.principalid field of the event to PutRule actions", + "type": "String" + }, + { + "condition": "events:eventBusInvocation", + "description": "Filters access by whether the event was generated via API or cross-account bus invocation to PutEvents actions", + "type": "String" + }, + { + "condition": "events:source", + "description": "Filters access by the AWS service or AWS partner event source that generated the event to PutEvents and PutRule actions. Matches the literal string of the source field of the event", "type": "ArrayOfString" } ], - "prefix": "fis", + "prefix": "events", "privileges": [ { "access_level": "Write", - "description": "Grants permission to create an AWS FIS experiment template", - "privilege": "CreateExperimentTemplate", + "description": "Grants permission to activate partner event sources", + "privilege": "ActivateEventSource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "action*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "experiment-template*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "event-source*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an AWS FIS target account configuration", - "privilege": "CreateTargetAccountConfiguration", + "description": "Grants permission to configure vended log delivery for EventBridge", + "privilege": "AllowVendedLogDeliveryForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment-template*" + "resource_type": "event-bus*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the AWS FIS experiment template", - "privilege": "DeleteExperimentTemplate", + "description": "Grants permission to cancel a replay", + "privilege": "CancelReplay", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment-template*" + "resource_type": "replay*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an AWS FIS target account configuration", - "privilege": "DeleteTargetAccountConfiguration", + "description": "Grants permission to create a new api destination", + "privilege": "CreateApiDestination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment-template*" + "resource_type": "api-destination*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connection*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve an AWS FIS action", - "privilege": "GetAction", + "access_level": "Write", + "description": "Grants permission to create a new archive", + "privilege": "CreateArchive", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "action*" + "resource_type": "archive*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve an AWS FIS experiment", - "privilege": "GetExperiment", - "resource_types": [ + "resource_type": "event-bus*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment*" + "resource_type": "alias" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "key" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve an AWS FIS target account configuration for an AWS FIS experiment", - "privilege": "GetExperimentTargetAccountConfiguration", + "access_level": "Write", + "description": "Grants permission to create a new connection", + "privilege": "CreateConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment*" + "resource_type": "connection*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve an AWS FIS Experiment Template", - "privilege": "GetExperimentTemplate", + "access_level": "Write", + "description": "Grants permission to create an endpoint", + "privilege": "CreateEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment-template*" + "resource_type": "endpoint*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "events:EventBusArn" ], "dependent_actions": [], "resource_type": "" @@ -133972,276 +138145,277 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get information about the safety lever", - "privilege": "GetSafetyLever", + "access_level": "Write", + "description": "Grants permission to create event buses", + "privilege": "CreateEventBus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "safety-lever*" + "resource_type": "event-bus*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve an AWS FIS target account configuration for an AWS FIS experiment template", - "privilege": "GetTargetAccountConfiguration", + "access_level": "Write", + "description": "Grants permission to create partner event sources", + "privilege": "CreatePartnerEventSource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment-template*" + "resource_type": "event-source*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about the specified resource type", - "privilege": "GetTargetResourceType", + "access_level": "Write", + "description": "Grants permission to deactivate event sources", + "privilege": "DeactivateEventSource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "event-source*" } ] }, { "access_level": "Write", - "description": "Grants permission to inject an API internal error on the provided AWS service from an FIS Experiment", - "privilege": "InjectApiInternalError", + "description": "Grants permission to deauthorize a connection, deleting its stored authorization secrets", + "privilege": "DeauthorizeConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment*" - }, - { - "condition_keys": [ - "fis:Service", - "fis:Operations", - "fis:Percentage", - "fis:Targets" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "connection*" } ] }, { "access_level": "Write", - "description": "Grants permission to inject an API throttle error on the provided AWS service from an FIS Experiment", - "privilege": "InjectApiThrottleError", + "description": "Grants permission to delete an api destination", + "privilege": "DeleteApiDestination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment*" - }, - { - "condition_keys": [ - "fis:Service", - "fis:Operations", - "fis:Percentage", - "fis:Targets" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "api-destination*" } ] }, { "access_level": "Write", - "description": "Grants permission to inject an API unavailable error on the provided AWS service from an FIS Experiment", - "privilege": "InjectApiUnavailableError", + "description": "Grants permission to delete an archive", + "privilege": "DeleteArchive", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment*" - }, - { - "condition_keys": [ - "fis:Service", - "fis:Operations", - "fis:Percentage", - "fis:Targets" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "archive*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all available AWS FIS actions", - "privilege": "ListActions", + "access_level": "Write", + "description": "Grants permission to delete a connection", + "privilege": "DeleteConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "connection*" } ] }, { - "access_level": "List", - "description": "Grants permission to list resolved targets for AWS FIS experiments", - "privilege": "ListExperimentResolvedTargets", + "access_level": "Write", + "description": "Grants permission to delete an endpoint", + "privilege": "DeleteEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment*" + "resource_type": "endpoint*" } ] }, { - "access_level": "List", - "description": "Grants permission to list target account configurations for AWS FIS experiments", - "privilege": "ListExperimentTargetAccountConfigurations", + "access_level": "Write", + "description": "Grants permission to delete event buses", + "privilege": "DeleteEventBus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment*" + "resource_type": "event-bus*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all available AWS FIS experiment templates", - "privilege": "ListExperimentTemplates", + "access_level": "Write", + "description": "Grants permission to delete partner event sources", + "privilege": "DeletePartnerEventSource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "event-source*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all available AWS FIS experiments", - "privilege": "ListExperiments", + "access_level": "Write", + "description": "Grants permission to delete rules", + "privilege": "DeleteRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "rule-on-custom-event-bus" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rule-on-default-event-bus" + }, + { + "condition_keys": [ + "events:creatorAccount", + "events:ManagedBy" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to list the tags for an AWS FIS resource", - "privilege": "ListTagsForResource", + "description": "Grants permission to retrieve details about an api destination", + "privilege": "DescribeApiDestination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "action" + "resource_type": "api-destination*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment" - }, + "resource_type": "connection*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve details about an archive", + "privilege": "DescribeArchive", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment-template" + "resource_type": "archive*" } ] }, { - "access_level": "List", - "description": "Grants permission to list target account configurations for AWS FIS experiment templates", - "privilege": "ListTargetAccountConfigurations", + "access_level": "Read", + "description": "Grants permission to retrieve details about a conection", + "privilege": "DescribeConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment-template*" + "resource_type": "connection*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the resource types", - "privilege": "ListTargetResourceTypes", + "access_level": "Read", + "description": "Grants permission to retrieve details about an endpoint", + "privilege": "DescribeEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "endpoint*" } ] }, { - "access_level": "Write", - "description": "Grants permission to run an AWS FIS experiment", - "privilege": "StartExperiment", + "access_level": "Read", + "description": "Grants permission to retrieve details about event buses", + "privilege": "DescribeEventBus", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "iam:CreateServiceLinkedRole" - ], - "resource_type": "experiment*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment-template*" - }, + "resource_type": "event-bus" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve details about event sources", + "privilege": "DescribeEventSource", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "event-source*" } ] }, { - "access_level": "Write", - "description": "Grants permission to stop an AWS FIS experiment", - "privilege": "StopExperiment", + "access_level": "Read", + "description": "Grants permission to retrieve details about partner event sources", + "privilege": "DescribePartnerEventSource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment*" + "resource_type": "event-source*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag AWS FIS resources", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to retrieve the details of a replay", + "privilege": "DescribeReplay", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "action" - }, + "resource_type": "replay*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve details about rules", + "privilege": "DescribeRule", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment" + "resource_type": "rule-on-custom-event-bus" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment-template" + "resource_type": "rule-on-default-event-bus" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "events:creatorAccount" ], "dependent_actions": [], "resource_type": "" @@ -134249,28 +138423,24 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag AWS FIS resources", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to disable rules", + "privilege": "DisableRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "action" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "experiment" + "resource_type": "rule-on-custom-event-bus" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment-template" + "resource_type": "rule-on-default-event-bus" }, { "condition_keys": [ - "aws:TagKeys" + "events:creatorAccount", + "events:ManagedBy" ], "dependent_actions": [], "resource_type": "" @@ -134279,23 +138449,23 @@ }, { "access_level": "Write", - "description": "Grants permission to update the specified AWS FIS experiment template", - "privilege": "UpdateExperimentTemplate", + "description": "Grants permission to enable rules", + "privilege": "EnableRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment-template*" + "resource_type": "rule-on-custom-event-bus" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "action" + "resource_type": "rule-on-default-event-bus" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "events:creatorAccount", + "events:ManagedBy" ], "dependent_actions": [], "resource_type": "" @@ -134304,149 +138474,171 @@ }, { "access_level": "Write", - "description": "Grants permission to update the state of the safety lever", - "privilege": "UpdateSafetyLeverState", + "description": "Grants permission to invoke an api destination", + "privilege": "InvokeApiDestination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "safety-lever*" + "resource_type": "api-destination*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update an AWS FIS target account configuration", - "privilege": "UpdateTargetAccountConfiguration", + "access_level": "List", + "description": "Grants permission to retrieve a list of api destinations", + "privilege": "ListApiDestinations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment-template*" + "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:fis:${Region}:${Account}:action/${Id}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "action" - }, - { - "arn": "arn:${Partition}:fis:${Region}:${Account}:experiment/${Id}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "experiment" - }, - { - "arn": "arn:${Partition}:fis:${Region}:${Account}:experiment-template/${Id}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "experiment-template" }, { - "arn": "arn:${Partition}:fis:${Region}:${Account}:safety-lever/${Id}", - "condition_keys": [], - "resource": "safety-lever" - } - ], - "service_name": "AWS Fault Injection Service" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by a tag key and value pair that is allowed in the request", - "type": "String" + "access_level": "List", + "description": "Grants permission to retrieve a list of archives", + "privilege": "ListArchives", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by a tag key and value pair of a resource", - "type": "String" + "access_level": "List", + "description": "Grants permission to retrieve a list of connections", + "privilege": "ListConnections", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "aws:TagKeys", - "description": "Filters access by a list of tag keys that are allowed in the request", - "type": "ArrayOfString" + "access_level": "List", + "description": "Grants permission to retrieve a list of endpoints", + "privilege": "ListEndpoints", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "fis:Operations", - "description": "Filters access by the list of operations on the AWS service that is being affected by the AWS FIS action", - "type": "ArrayOfString" + "access_level": "List", + "description": "Grants permission to retrieve a list of the event buses in your account", + "privilege": "ListEventBuses", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "fis:Percentage", - "description": "Filters access by the percentage of calls being affected by the AWS FIS action", - "type": "Numeric" + "access_level": "List", + "description": "Grants permission to to retrieve a list of event sources shared with this account", + "privilege": "ListEventSources", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "fis:Service", - "description": "Filters access by the AWS service that is being affected by the AWS FIS action", - "type": "String" + "access_level": "List", + "description": "Grants permission to retrieve a list of AWS account IDs associated with an event source", + "privilege": "ListPartnerEventSourceAccounts", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "event-source*" + } + ] }, { - "condition": "fis:Targets", - "description": "Filters access by the list of resource ARNs being targeted by the AWS FIS action", - "type": "ArrayOfString" - } - ], - "prefix": "fis", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to create an AWS FIS experiment template", - "privilege": "CreateExperimentTemplate", + "access_level": "List", + "description": "Grants permission to retrieve a list partner event sources", + "privilege": "ListPartnerEventSources", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "action*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve a list of replays", + "privilege": "ListReplays", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment-template*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve a list of the names of the rules associated with a target", + "privilege": "ListRuleNamesByTarget", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the AWS FIS experiment template", - "privilege": "DeleteExperimentTemplate", + "access_level": "List", + "description": "Grants permission to retrieve a list of the Amazon EventBridge rules in the account", + "privilege": "ListRules", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment-template*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve an AWS FIS action", - "privilege": "GetAction", + "access_level": "List", + "description": "Grants permission to retrieve a list of tags associated with an Amazon EventBridge resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "action*" + "resource_type": "event-bus" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rule-on-custom-event-bus" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rule-on-default-event-bus" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "events:creatorAccount" ], "dependent_actions": [], "resource_type": "" @@ -134454,18 +138646,23 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve an AWS FIS experiment", - "privilege": "GetExperiment", + "access_level": "List", + "description": "Grants permission to retrieve a list of targets defined for a rule", + "privilege": "ListTargetsByRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment*" + "resource_type": "rule-on-custom-event-bus" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rule-on-default-event-bus" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "events:creatorAccount" ], "dependent_actions": [], "resource_type": "" @@ -134473,18 +138670,20 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve an AWS FIS Experiment Template", - "privilege": "GetExperimentTemplate", + "access_level": "Write", + "description": "Grants permission to send custom events to Amazon EventBridge", + "privilege": "PutEvents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment-template*" + "resource_type": "event-bus*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "events:detail-type", + "events:source", + "events:eventBusInvocation" ], "dependent_actions": [], "resource_type": "" @@ -134492,9 +138691,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get information about the specified resource type", - "privilege": "GetTargetResourceType", + "access_level": "Write", + "description": "Grants permission to sends custom events to Amazon EventBridge", + "privilege": "PutPartnerEvents", "resource_types": [ { "condition_keys": [], @@ -134504,43 +138703,43 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to inject an API internal error on the provided AWS service from an FIS Experiment", - "privilege": "InjectApiInternalError", + "access_level": "Permissions management", + "description": "Grants permission to use the PutPermission action to grants permission to another AWS account to put events to your default event bus", + "privilege": "PutPermission", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment*" - }, - { - "condition_keys": [ - "fis:Service", - "fis:Operations", - "fis:Percentage", - "fis:Targets" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to inject an API throttle error on the provided AWS service from an FIS Experiment", - "privilege": "InjectApiThrottleError", + "description": "Grants permission to create or updates rules", + "privilege": "PutRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment*" + "resource_type": "rule-on-custom-event-bus" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rule-on-default-event-bus" }, { "condition_keys": [ - "fis:Service", - "fis:Operations", - "fis:Percentage", - "fis:Targets" + "events:detail.userIdentity.principalId", + "events:detail-type", + "events:source", + "events:detail.service", + "events:detail.eventTypeCode", + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "events:creatorAccount", + "events:ManagedBy" ], "dependent_actions": [], "resource_type": "" @@ -134549,20 +138748,24 @@ }, { "access_level": "Write", - "description": "Grants permission to inject an API unavailable error on the provided AWS service from an FIS Experiment", - "privilege": "InjectApiUnavailableError", + "description": "Grants permission to add targets to a rule", + "privilege": "PutTargets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment*" + "resource_type": "rule-on-custom-event-bus" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rule-on-default-event-bus" }, { "condition_keys": [ - "fis:Service", - "fis:Operations", - "fis:Percentage", - "fis:Targets" + "events:TargetArn", + "events:creatorAccount", + "events:ManagedBy" ], "dependent_actions": [], "resource_type": "" @@ -134570,9 +138773,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all available AWS FIS actions", - "privilege": "ListActions", + "access_level": "Permissions management", + "description": "Grants permission to revoke the permission of another AWS account to put events to your default event bus", + "privilege": "RemovePermission", "resource_types": [ { "condition_keys": [], @@ -134582,84 +138785,89 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all available AWS FIS experiment templates", - "privilege": "ListExperimentTemplates", + "access_level": "Write", + "description": "Grants permission to removes targets from a rule", + "privilege": "RemoveTargets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "rule-on-custom-event-bus" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rule-on-default-event-bus" + }, + { + "condition_keys": [ + "events:creatorAccount", + "events:ManagedBy" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all available AWS FIS experiments", - "privilege": "ListExperiments", + "access_level": "Write", + "description": "Grants permission to retrieve credentials from a connection", + "privilege": "RetrieveConnectionCredentials", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "connection*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list the tags for an AWS FIS resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to start a replay of an archive", + "privilege": "StartReplay", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "action" + "resource_type": "archive*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment" + "resource_type": "event-bus*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment-template" + "resource_type": "replay*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the resource types", - "privilege": "ListTargetResourceTypes", + "access_level": "Tagging", + "description": "Grants permission to add a tag to an Amazon EventBridge resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to run an AWS FIS experiment", - "privilege": "StartExperiment", - "resource_types": [ + "resource_type": "event-bus" + }, { "condition_keys": [], - "dependent_actions": [ - "iam:CreateServiceLinkedRole" - ], - "resource_type": "experiment*" + "dependent_actions": [], + "resource_type": "rule-on-custom-event-bus" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment-template*" + "resource_type": "rule-on-default-event-bus" }, { "condition_keys": [ + "aws:TagKeys", "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "events:creatorAccount" ], "dependent_actions": [], "resource_type": "" @@ -134667,41 +138875,41 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to stop an AWS FIS experiment", - "privilege": "StopExperiment", + "access_level": "Read", + "description": "Grants permission to test whether an event pattern matches the provided event", + "privilege": "TestEventPattern", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment*" + "resource_type": "" } ] }, { "access_level": "Tagging", - "description": "Grants permission to tag AWS FIS resources", - "privilege": "TagResource", + "description": "Grants permission to remove a tag from an Amazon EventBridge resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "action" + "resource_type": "event-bus" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment" + "resource_type": "rule-on-custom-event-bus" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment-template" + "resource_type": "rule-on-default-event-bus" }, { "condition_keys": [ "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "events:creatorAccount" ], "dependent_actions": [], "resource_type": "" @@ -134709,125 +138917,210 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag AWS FIS resources", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to update an api destination", + "privilege": "UpdateApiDestination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "action" - }, + "resource_type": "api-destination*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update an archive", + "privilege": "UpdateArchive", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment" + "resource_type": "archive*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment-template" + "resource_type": "alias" }, { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "key" } ] }, { "access_level": "Write", - "description": "Grants permission to update the specified AWS FIS experiment template", - "privilege": "UpdateExperimentTemplate", + "description": "Grants permission to update a connection", + "privilege": "UpdateConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment-template*" - }, + "resource_type": "connection*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update an endpoint", + "privilege": "UpdateEndpoint", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "action" + "resource_type": "endpoint*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "events:EventBusArn" ], "dependent_actions": [], "resource_type": "" } ] + }, + { + "access_level": "Write", + "description": "Grants permission to update event buses", + "privilege": "UpdateEventBus", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "event-bus*" + } + ] } ], "resources": [ { - "arn": "arn:${Partition}:fis:${Region}:${Account}:action/${Id}", + "arn": "arn:${Partition}:events:${Region}::event-source/${EventSourceName}", + "condition_keys": [], + "resource": "event-source" + }, + { + "arn": "arn:${Partition}:events:${Region}:${Account}:event-bus/${EventBusName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "action" + "resource": "event-bus" }, { - "arn": "arn:${Partition}:fis:${Region}:${Account}:experiment/${Id}", + "arn": "arn:${Partition}:events:${Region}:${Account}:rule/${RuleName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "experiment" + "resource": "rule-on-default-event-bus" }, { - "arn": "arn:${Partition}:fis:${Region}:${Account}:experiment-template/${Id}", + "arn": "arn:${Partition}:events:${Region}:${Account}:rule/${EventBusName}/${RuleName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "experiment-template" + "resource": "rule-on-custom-event-bus" + }, + { + "arn": "arn:${Partition}:events:${Region}:${Account}:archive/${ArchiveName}", + "condition_keys": [], + "resource": "archive" + }, + { + "arn": "arn:${Partition}:events:${Region}:${Account}:replay/${ReplayName}", + "condition_keys": [], + "resource": "replay" + }, + { + "arn": "arn:${Partition}:events:${Region}:${Account}:connection/${ConnectionName}", + "condition_keys": [], + "resource": "connection" + }, + { + "arn": "arn:${Partition}:events:${Region}:${Account}:api-destination/${ApiDestinationName}", + "condition_keys": [], + "resource": "api-destination" + }, + { + "arn": "arn:${Partition}:events:${Region}:${Account}:endpoint/${EndpointName}", + "condition_keys": [], + "resource": "endpoint" + }, + { + "arn": "arn:${Partition}:events:${Region}:${Account}:target/create-snapshot", + "condition_keys": [], + "resource": "create-snapshot" + }, + { + "arn": "arn:${Partition}:events:${Region}:${Account}:target/reboot-instance", + "condition_keys": [], + "resource": "reboot-instance" + }, + { + "arn": "arn:${Partition}:events:${Region}:${Account}:target/stop-instance", + "condition_keys": [], + "resource": "stop-instance" + }, + { + "arn": "arn:${Partition}:events:${Region}:${Account}:target/terminate-instance", + "condition_keys": [], + "resource": "terminate-instance" + }, + { + "arn": "arn:${Partition}:kms:${Region}:${Account}:alias/${Alias}", + "condition_keys": [], + "resource": "alias" + }, + { + "arn": "arn:${Partition}:kms:${Region}:${Account}:key/${KeyId}", + "condition_keys": [], + "resource": "key" } ], - "service_name": "AWS Fault Injection Simulator" + "service_name": "Amazon EventBridge" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request", + "description": "Filters access by the tags that are passed the request on behalf of the IAM principal", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tag key-value pairs attached to the resource", + "description": "Filters access by the tags associated with the resource that make the request on behalf of the IAM principal", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by the the presence of tag keys in the request", + "description": "Filters access by the tag keys that are passed in the request on behalf of the IAM principal", "type": "ArrayOfString" } ], - "prefix": "fms", + "prefix": "evidently", "privileges": [ { "access_level": "Write", - "description": "Grants permission to set the AWS Firewall Manager administrator account and enables the service in all organization accounts", - "privilege": "AssociateAdminAccount", + "description": "Grants permission to send a batched evaluate feature request", + "privilege": "BatchEvaluateFeature", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Feature*" } ] }, { "access_level": "Write", - "description": "Grants permission to set the Firewall Manager administrator as a tenant administrator of a third-party firewall service", - "privilege": "AssociateThirdPartyFirewall", + "description": "Grants permission to create an experiment", + "privilege": "CreateExperiment", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -134835,65 +139128,61 @@ }, { "access_level": "Write", - "description": "Grants permission to associate resources to an AWS Firewall Manager resource set", - "privilege": "BatchAssociateResource", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "resource-set*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to disassociate resources from an AWS Firewall Manager resource set", - "privilege": "BatchDisassociateResource", + "description": "Grants permission to create a feature", + "privilege": "CreateFeature", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "resource-set*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to permanently deletes an AWS Firewall Manager applications list", - "privilege": "DeleteAppsList", + "description": "Grants permission to create a launch", + "privilege": "CreateLaunch", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "applications-list*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an AWS Firewall Manager association with the IAM role and the Amazon Simple Notification Service (SNS) topic that is used to notify the FM administrator about major FM events and errors across the organization", - "privilege": "DeleteNotificationChannel", + "description": "Grants permission to create a project", + "privilege": "CreateProject", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "iam:CreateServiceLinkedRole", + "iam:GetRole" + ], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to permanently delete an AWS Firewall Manager policy", - "privilege": "DeletePolicy", + "description": "Grants permission to create a segment", + "privilege": "CreateSegment", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "policy*" - }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -134902,171 +139191,164 @@ }, { "access_level": "Write", - "description": "Grants permission to permanently deletes an AWS Firewall Manager protocols list", - "privilege": "DeleteProtocolsList", + "description": "Grants permission to delete an experiment", + "privilege": "DeleteExperiment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "protocols-list*" + "resource_type": "Experiment*" } ] }, { "access_level": "Write", - "description": "Grants permission to permanently delete an AWS Firewall Manager resource set", - "privilege": "DeleteResourceSet", + "description": "Grants permission to delete a feature", + "privilege": "DeleteFeature", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "resource-set*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "Feature*" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate the account that has been set as the AWS Firewall Manager administrator account and and disables the service in all organization accounts", - "privilege": "DisassociateAdminAccount", + "description": "Grants permission to delete a launch", + "privilege": "DeleteLaunch", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Launch*" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate a Firewall Manager administrator from a third-party firewall tenant", - "privilege": "DisassociateThirdPartyFirewall", + "description": "Grants permission to delete a project", + "privilege": "DeleteProject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Project*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return the AWS Organizations account that is associated with AWS Firewall Manager as the AWS Firewall Manager administrator", - "privilege": "GetAdminAccount", + "access_level": "Write", + "description": "Grants permission to delete a segment", + "privilege": "DeleteSegment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Segment*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return information about the specified account's administrative scope", - "privilege": "GetAdminScope", + "access_level": "Write", + "description": "Grants permission to send an evaluate feature request", + "privilege": "EvaluateFeature", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Feature*" } ] }, { "access_level": "Read", - "description": "Grants permission to return information about the specified AWS Firewall Manager applications list", - "privilege": "GetAppsList", + "description": "Grants permission to get experiment details", + "privilege": "GetExperiment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "applications-list*" + "resource_type": "Experiment*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve detailed compliance information about the specified member account. Details include resources that are in and out of compliance with the specified policy", - "privilege": "GetComplianceDetail", + "description": "Grants permission to get experiment result", + "privilege": "GetExperimentResults", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" + "resource_type": "Experiment*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve information about the Amazon Simple Notification Service (SNS) topic that is used to record AWS Firewall Manager SNS logs", - "privilege": "GetNotificationChannel", + "description": "Grants permission to get feature details", + "privilege": "GetFeature", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Feature*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve information about the specified AWS Firewall Manager policy", - "privilege": "GetPolicy", + "description": "Grants permission to get launch details", + "privilege": "GetLaunch", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" + "resource_type": "Launch*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve policy-level attack summary information in the event of a potential DDoS attack", - "privilege": "GetProtectionStatus", + "description": "Grants permission to get project details", + "privilege": "GetProject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" + "resource_type": "Project*" } ] }, { "access_level": "Read", - "description": "Grants permission to return information about the specified AWS Firewall Manager protocols list", - "privilege": "GetProtocolsList", + "description": "Grants permission to get segment details", + "privilege": "GetSegment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "protocols-list*" + "resource_type": "Segment*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve information about the specified AWS Firewall Manager resource set", - "privilege": "GetResourceSet", + "description": "Grants permission to list experiments", + "privilege": "ListExperiments", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "resource-set*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the onboarding status of a Firewall Manager administrator account to third-party firewall vendor tenant", - "privilege": "GetThirdPartyFirewallAssociationStatus", + "description": "Grants permission to list features", + "privilege": "ListFeatures", "resource_types": [ { "condition_keys": [], @@ -135077,20 +139359,8 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve violations for a resource based on the specified AWS Firewall Manager policy and AWS account", - "privilege": "GetViolationDetails", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "policy*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to return a AdminAccounts object that lists the Firewall Manager administrators within the organization that are onboarded to Firewall Manager by AssociateAdminAccount", - "privilege": "ListAdminAccountsForOrganization", + "description": "Grants permission to list launches", + "privilege": "ListLaunches", "resource_types": [ { "condition_keys": [], @@ -135100,9 +139370,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the accounts that are managing the specified AWS Organizations member account", - "privilege": "ListAdminsManagingAccount", + "access_level": "Read", + "description": "Grants permission to list projects", + "privilege": "ListProjects", "resource_types": [ { "condition_keys": [], @@ -135112,9 +139382,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to return an array of AppsListDataSummary objects", - "privilege": "ListAppsLists", + "access_level": "Read", + "description": "Grants permission to list resources referencing a segment", + "privilege": "ListSegmentReferences", "resource_types": [ { "condition_keys": [], @@ -135124,21 +139394,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to retrieve an array of PolicyComplianceStatus objects in the response. Use PolicyComplianceStatus to get a summary of which member accounts are protected by the specified policy", - "privilege": "ListComplianceStatus", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "policy*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to retrieve an array of resources in the organization's accounts that are available to be associated with a resource set", - "privilege": "ListDiscoveredResources", + "access_level": "Read", + "description": "Grants permission to list segments", + "privilege": "ListSegments", "resource_types": [ { "condition_keys": [], @@ -135148,9 +139406,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to retrieve an array of member account ids if the caller is FMS admin account", - "privilege": "ListMemberAccounts", + "access_level": "Read", + "description": "Grants permission to list tags for resources", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], @@ -135160,130 +139418,94 @@ ] }, { - "access_level": "List", - "description": "Grants permission to retrieve an array of PolicySummary objects in the response", - "privilege": "ListPolicies", + "access_level": "Write", + "description": "Grants permission to send performance events", + "privilege": "PutProjectEvents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Project*" } ] }, { - "access_level": "List", - "description": "Grants permission to return an array of ProtocolsListDataSummary objects", - "privilege": "ListProtocolsLists", + "access_level": "Write", + "description": "Grants permission to start an experiment", + "privilege": "StartExperiment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Experiment*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve an array of resources that are currently associated to a resource set", - "privilege": "ListResourceSetResources", + "access_level": "Write", + "description": "Grants permission to start a launch", + "privilege": "StartLaunch", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "resource-set*" + "resource_type": "Launch*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve an array of ResourceSetSummary objects", - "privilege": "ListResourceSets", + "access_level": "Write", + "description": "Grants permission to stop an experiment", + "privilege": "StopExperiment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Experiment*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list Tags for a given resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to stop a launch", + "privilege": "StopLaunch", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" + "resource_type": "Launch*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of all of the third-party firewall policies that are associated with the third-party firewall administrator's account", - "privilege": "ListThirdPartyFirewallFirewallPolicies", + "access_level": "Tagging", + "description": "Grants permission to tag resources", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create or update an Firewall Manager administrator account", - "privilege": "PutAdminAccount", - "resource_types": [ + "resource_type": "Experiment" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create an AWS Firewall Manager applications list", - "privilege": "PutAppsList", - "resource_types": [ + "resource_type": "Feature" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "applications-list*" + "resource_type": "Launch" }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to designate the IAM role and Amazon Simple Notification Service (SNS) topic that AWS Firewall Manager (FM) could use to notify the FM administrator about major FM events and errors across the organization", - "privilege": "PutNotificationChannel", - "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create an AWS Firewall Manager policy", - "privilege": "PutPolicy", - "resource_types": [ + "resource_type": "Project" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" + "resource_type": "Segment" }, { "condition_keys": [ @@ -135296,73 +139518,49 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to creates an AWS Firewall Manager protocols list", - "privilege": "PutProtocolsList", + "access_level": "Read", + "description": "Grants permission to test a segment pattern", + "privilege": "TestSegmentPattern", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "protocols-list*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an AWS Firewall Manager resource set", - "privilege": "PutResourceSet", + "access_level": "Tagging", + "description": "Grants permission to untag resources", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "resource-set*" + "resource_type": "Experiment" }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to add a Tag to a given resource", - "privilege": "TagResource", - "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "applications-list" + "resource_type": "Feature" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy" + "resource_type": "Launch" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "protocols-list" + "resource_type": "Project" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "resource-set" + "resource_type": "Segment" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -135371,117 +139569,145 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove a Tag from a given resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to update experiment", + "privilege": "UpdateExperiment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "applications-list" - }, + "resource_type": "Experiment*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update feature", + "privilege": "UpdateFeature", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy" - }, + "resource_type": "Feature*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a launch", + "privilege": "UpdateLaunch", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "protocols-list" - }, + "resource_type": "Launch*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update project", + "privilege": "UpdateProject", + "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "resource-set" - }, - { - "condition_keys": [ - "aws:TagKeys" + "dependent_actions": [ + "iam:CreateServiceLinkedRole", + "iam:GetRole" ], + "resource_type": "Project*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update project data delivery", + "privilege": "UpdateProjectDataDelivery", + "resource_types": [ + { + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Project*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:fms:${Region}:${Account}:policy/${Id}", + "arn": "arn:${Partition}:evidently:${Region}:${Account}:project/${ProjectName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "policy" + "resource": "Project" }, { - "arn": "arn:${Partition}:fms:${Region}:${Account}:applications-list/${Id}", + "arn": "arn:${Partition}:evidently:${Region}:${Account}:project/${ProjectName}/feature/${FeatureName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "applications-list" + "resource": "Feature" }, { - "arn": "arn:${Partition}:fms:${Region}:${Account}:protocols-list/${Id}", + "arn": "arn:${Partition}:evidently:${Region}:${Account}:project/${ProjectName}/experiment/${ExperimentName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "protocols-list" + "resource": "Experiment" }, { - "arn": "arn:${Partition}:fms:${Region}:${Account}:resource-set/${Id}", + "arn": "arn:${Partition}:evidently:${Region}:${Account}:project/${ProjectName}/launch/${LaunchName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "resource-set" + "resource": "Launch" + }, + { + "arn": "arn:${Partition}:evidently:${Region}:${Account}:segment/${SegmentName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Segment" } ], - "service_name": "AWS Firewall Manager" + "service_name": "Amazon CloudWatch Evidently" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", + "description": "Filters access by a tag key and value pair that is allowed in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", + "description": "Filters access by a tag key and value pair of a resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", + "description": "Filters access by a list of tag keys that are allowed in the request", "type": "ArrayOfString" } ], - "prefix": "forecast", + "prefix": "evs", "privileges": [ { "access_level": "Write", - "description": "Grants permission to create an auto predictor", - "privilege": "CreateAutoPredictor", + "description": "Grants permission to associate an Elastic IP address (EIP) with a public VLAN in an Amazon EVS environment", + "privilege": "AssociateEipToVlan", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "environment*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a dataset", - "privilege": "CreateDataset", + "description": "Grants permission to create an Amazon EVS environment", + "privilege": "CreateEnvironment", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "dataset*" - }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -135494,197 +139720,126 @@ }, { "access_level": "Write", - "description": "Grants permission to create a dataset group", - "privilege": "CreateDatasetGroup", + "description": "Grants permission to add host to an Amazon EVS environment", + "privilege": "CreateEnvironmentHost", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datasetGroup*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "environment*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a dataset import job", - "privilege": "CreateDatasetImportJob", + "description": "Grants permission to delete an Amazon EVS environment", + "privilege": "DeleteEnvironment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datasetImportJob*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "environment*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an explainability", - "privilege": "CreateExplainability", + "description": "Grants permission to delete a host from an Amazon EVS environment", + "privilege": "DeleteEnvironmentHost", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "forecast*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "environment*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an explainability export using an explainability resource", - "privilege": "CreateExplainabilityExport", + "description": "Grants permission to disassociate an Elastic IP address (EIP) from a public VLAN in an Amazon EVS environment", + "privilege": "DisassociateEipFromVlan", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "explainability*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "environment*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a forecast", - "privilege": "CreateForecast", + "access_level": "Read", + "description": "Grants permission to get an Amazon EVS environment", + "privilege": "GetEnvironment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "predictor*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "environment*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an endpoint using a Predictor resource", - "privilege": "CreateForecastEndpoint", + "access_level": "List", + "description": "Grants permission to retrieve a list of hosts associated with an Amazon EVS environment", + "privilege": "ListEnvironmentHosts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "predictor*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "environment*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a forecast export job using a forecast resource", - "privilege": "CreateForecastExportJob", + "access_level": "List", + "description": "Grants permission to retrieve a list of Amazon EVS environment VLANs", + "privilege": "ListEnvironmentVlans", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "forecast*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "environment*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an monitor using a Predictor resource", - "privilege": "CreateMonitor", + "access_level": "List", + "description": "Grants permission to retrieve a list of Amazon EVS environments in an account", + "privilege": "ListEnvironments", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "predictor*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a predictor", - "privilege": "CreatePredictor", + "access_level": "Read", + "description": "Grants permission to list the tags on a specified resource ARN", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datasetGroup*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "environment" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a predictor backtest export job using a predictor", - "privilege": "CreatePredictorBacktestExportJob", + "access_level": "Tagging", + "description": "Grants permission to tag a specified resource ARN", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "predictor*" + "resource_type": "environment*" }, { "condition_keys": [ "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -135693,884 +139848,865 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a what-if analysis", - "privilege": "CreateWhatIfAnalysis", + "access_level": "Tagging", + "description": "Grants permission to remove tags from a specified resource ARN", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "forecast*" + "resource_type": "environment*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" } ] - }, + } + ], + "resources": [ + { + "arn": "arn:${Partition}:evs:${Region}:${Account}:environment/${EnvironmentIdentifier}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "environment" + } + ], + "service_name": "Amazon Elastic VMware Service" + }, + { + "conditions": [ + { + "condition": "execute-api:viaDomainArn", + "description": "Filters access by the domain name ARN the API is called from", + "type": "String" + } + ], + "prefix": "execute-api", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to create a what-if forecast", - "privilege": "CreateWhatIfForecast", + "description": "Used to invalidate API cache upon a client request", + "privilege": "InvalidateCache", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "whatIfAnalysis*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "execute-api-general*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a what-if forecast export using what-if forecast resources", - "privilege": "CreateWhatIfForecastExport", + "description": "Used to invoke an API upon a client request", + "privilege": "Invoke", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "whatIfForecast*" + "resource_type": "execute-api-domain" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "execute-api-general" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a dataset", - "privilege": "DeleteDataset", + "description": "ManageConnections controls access to the @connections API", + "privilege": "ManageConnections", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" + "resource_type": "execute-api-general*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:execute-api:${Region}:${Account}:${ApiId}/${Stage}/${Method}/${ApiSpecificResourcePath}", + "condition_keys": [ + "execute-api:viaDomainArn" + ], + "resource": "execute-api-general" }, { - "access_level": "Write", - "description": "Grants permission to delete a dataset group", - "privilege": "DeleteDatasetGroup", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "datasetGroup*" - } - ] + "arn": "arn:${Partition}:execute-api:${Region}:${Account}:/domainnames/${DomainName}+${DomainIdentifier}", + "condition_keys": [], + "resource": "execute-api-domain" + } + ], + "service_name": "Amazon API Gateway" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request", + "type": "String" }, { - "access_level": "Write", - "description": "Grants permission to delete a dataset import job", - "privilege": "DeleteDatasetImportJob", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "datasetImportJob*" - } - ] + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tag key-value pairs attached to the resource", + "type": "String" }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the presence of tag keys in the request", + "type": "ArrayOfString" + } + ], + "prefix": "finspace", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to delete an explainability", - "privilege": "DeleteExplainability", + "description": "Grants permission to connect to a kdb cluster", + "privilege": "ConnectKxCluster", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "explainability*" + "resource_type": "kxCluster*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an explainability export", - "privilege": "DeleteExplainabilityExport", + "description": "Grants permission to create a FinSpace environment", + "privilege": "CreateEnvironment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "explainabilityExport*" + "resource_type": "environment*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a forecast", - "privilege": "DeleteForecast", + "description": "Grants permission to create a changeset for a kdb database", + "privilege": "CreateKxChangeset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "forecast*" + "resource_type": "kxDatabase*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an endpoint resource", - "privilege": "DeleteForecastEndpoint", + "description": "Grants permission to create a cluster in a managed kdb environment", + "privilege": "CreateKxCluster", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "ec2:DescribeSubnets", + "finspace:MountKxDatabase" + ], + "resource_type": "kxCluster*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "endpoint*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a forecast export job", - "privilege": "DeleteForecastExportJob", + "description": "Grants permission to create a kdb database in a managed kdb environment", + "privilege": "CreateKxDatabase", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "forecastExport*" + "resource_type": "kxDatabase*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a monitor resource", - "privilege": "DeleteMonitor", + "description": "Grants permission to create a dataview in a managed kdb environment", + "privilege": "CreateKxDataview", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "monitor*" + "resource_type": "kxDataview*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a predictor", - "privilege": "DeletePredictor", + "description": "Grants permission to create a managed kdb environment", + "privilege": "CreateKxEnvironment", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "predictor*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a predictor backtest export job", - "privilege": "DeletePredictorBacktestExportJob", + "description": "Grants permission to create a scaling group in a managed kdb environment", + "privilege": "CreateKxScalingGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "predictorBacktestExportJob*" + "resource_type": "kxScalingGroup*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a resource and its child resources", - "privilege": "DeleteResourceTree", + "description": "Grants permission to create a user in a managed kdb environment", + "privilege": "CreateKxUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "datasetGroup*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "datasetImportJob*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "endpoint*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "explainability*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "explainabilityExport*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "forecast*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "forecastExport*" + "resource_type": "kxEnvironment*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "monitor*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a volume in a managed kdb environment", + "privilege": "CreateKxVolume", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "predictor*" + "resource_type": "kxVolume*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "predictorBacktestExportJob*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a FinSpace user", + "privilege": "CreateUser", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "whatIfAnalysis*" + "resource_type": "environment*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "whatIfForecast*" + "resource_type": "user*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "whatIfForecastExport*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a what-if analysis", - "privilege": "DeleteWhatIfAnalysis", + "description": "Grants permission to delete a FinSpace environment", + "privilege": "DeleteEnvironment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "whatIfAnalysis*" + "resource_type": "environment*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a what-if forecast", - "privilege": "DeleteWhatIfForecast", + "description": "Grants permission to delete a kdb cluster", + "privilege": "DeleteKxCluster", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "whatIfForecast*" + "resource_type": "kxCluster*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a what-if forecast export", - "privilege": "DeleteWhatIfForecastExport", + "description": "Grants permission to delete a node from a kdb cluster", + "privilege": "DeleteKxClusterNode", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "whatIfForecastExport*" + "resource_type": "kxCluster*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe an auto predictor", - "privilege": "DescribeAutoPredictor", + "access_level": "Write", + "description": "Grants permission to delete a kdb database", + "privilege": "DeleteKxDatabase", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "predictor*" + "resource_type": "kxDatabase*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a dataset", - "privilege": "DescribeDataset", + "access_level": "Write", + "description": "Grants permission to delete a dataview in a managed kdb environment", + "privilege": "DeleteKxDataview", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" + "resource_type": "kxDataview*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a dataset group", - "privilege": "DescribeDatasetGroup", + "access_level": "Write", + "description": "Grants permission to delete a managed kdb environment", + "privilege": "DeleteKxEnvironment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datasetGroup*" + "resource_type": "kxEnvironment*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a dataset import job", - "privilege": "DescribeDatasetImportJob", + "access_level": "Write", + "description": "Grants permission to delete a scaling group in a managed kdb environment", + "privilege": "DeleteKxScalingGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datasetImportJob*" + "resource_type": "kxScalingGroup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe an explainability", - "privilege": "DescribeExplainability", + "access_level": "Write", + "description": "Grants permission to delete a kdb user", + "privilege": "DeleteKxUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "explainability*" + "resource_type": "kxUser*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe an explainability export", - "privilege": "DescribeExplainabilityExport", + "access_level": "Write", + "description": "Grants permission to delete a volume in a managed kdb environment", + "privilege": "DeleteKxVolume", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "explainabilityExport*" + "resource_type": "kxVolume*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a forecast", - "privilege": "DescribeForecast", + "description": "Grants permission to describe a FinSpace environment", + "privilege": "GetEnvironment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "forecast*" + "resource_type": "environment*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe an endpoint resource", - "privilege": "DescribeForecastEndpoint", + "description": "Grants permission to describe a changeset for a kdb database", + "privilege": "GetKxChangeset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "endpoint*" + "resource_type": "kxDatabase*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a forecast export job", - "privilege": "DescribeForecastExportJob", + "description": "Grants permission to describe a cluster in a managed kdb environment", + "privilege": "GetKxCluster", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "forecastExport*" + "resource_type": "kxCluster*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe an monitor resource", - "privilege": "DescribeMonitor", + "description": "Grants permission to retrieve a connection string for kdb clusters", + "privilege": "GetKxConnectionString", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "monitor*" + "dependent_actions": [ + "finspace:ConnectKxCluster" + ], + "resource_type": "kxCluster*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a predictor", - "privilege": "DescribePredictor", + "description": "Grants permission to describe a kdb database", + "privilege": "GetKxDatabase", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "predictor*" + "resource_type": "kxDatabase*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a predictor backtest export job", - "privilege": "DescribePredictorBacktestExportJob", + "description": "Grants permission to describe a databiew in a managed kdb environment", + "privilege": "GetKxDataview", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "predictorBacktestExportJob*" + "resource_type": "kxDataview*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a what-if analysis", - "privilege": "DescribeWhatIfAnalysis", + "description": "Grants permission to describe a managed kdb environment", + "privilege": "GetKxEnvironment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "whatIfAnalysis*" + "resource_type": "kxEnvironment*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a what-if forecast", - "privilege": "DescribeWhatIfForecast", + "description": "Grants permission to describe a scaling group in a managed kdb environment", + "privilege": "GetKxScalingGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "whatIfForecast*" + "resource_type": "kxScalingGroup*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a what-if forecast export", - "privilege": "DescribeWhatIfForecastExport", + "description": "Grants permission to describe a kdb user", + "privilege": "GetKxUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "whatIfForecastExport*" + "resource_type": "kxUser*" } ] }, { "access_level": "Read", - "description": "Grants permission to get the Accuracy Metrics for a predictor", - "privilege": "GetAccuracyMetrics", + "description": "Grants permission to describe a volume in a managed kdb environment", + "privilege": "GetKxVolume", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "predictor*" + "resource_type": "kxVolume*" } ] }, { "access_level": "Read", - "description": "Grants permission to get the forecast context of a timeseries for an endpoint", - "privilege": "GetRecentForecastContext", + "description": "Grants permission to request status of the loading of sample data bundle", + "privilege": "GetLoadSampleDataSetGroupIntoEnvironmentStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "endpoint*" + "resource_type": "environment*" } ] }, { "access_level": "Read", - "description": "Grants permission to invoke the endpoint to get forecast for a timeseries", - "privilege": "InvokeForecastEndpoint", + "description": "Grants permission to describe a FinSpace user", + "privilege": "GetUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "endpoint*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list all the dataset groups", - "privilege": "ListDatasetGroups", - "resource_types": [ + "resource_type": "environment*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "user*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list all the dataset import jobs", - "privilege": "ListDatasetImportJobs", + "access_level": "List", + "description": "Grants permission to list FinSpace environments in the AWS account", + "privilege": "ListEnvironments", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "environment*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list all the datasets", - "privilege": "ListDatasets", + "access_level": "List", + "description": "Grants permission to list changesets for a kdb database", + "privilege": "ListKxChangesets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "kxDatabase*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list all the explainabilities", - "privilege": "ListExplainabilities", + "access_level": "List", + "description": "Grants permission to list cluster nodes in a managed kdb environment", + "privilege": "ListKxClusterNodes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "kxCluster*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list all the explainability exports", - "privilege": "ListExplainabilityExports", + "access_level": "List", + "description": "Grants permission to list clusters in a managed kdb environment", + "privilege": "ListKxClusters", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "kxEnvironment*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list all the forecast export jobs", - "privilege": "ListForecastExportJobs", + "access_level": "List", + "description": "Grants permission to list kdb databases in a managed kdb environment", + "privilege": "ListKxDatabases", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "kxEnvironment*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list all the forecasts", - "privilege": "ListForecasts", + "access_level": "List", + "description": "Grants permission to list dataviews in a database", + "privilege": "ListKxDataviews", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "kxDatabase*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list all the monitor evaluation result for a monitor", - "privilege": "ListMonitorEvaluations", + "access_level": "List", + "description": "Grants permission to list managed kdb environments", + "privilege": "ListKxEnvironments", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "monitor*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list all the monitor resources", - "privilege": "ListMonitors", + "access_level": "List", + "description": "Grants permission to list scaling groups in a managed kdb environment", + "privilege": "ListKxScalingGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "kxEnvironment*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list all the predictor backtest export jobs", - "privilege": "ListPredictorBacktestExportJobs", + "access_level": "List", + "description": "Grants permission to list users in a managed kdb environment", + "privilege": "ListKxUsers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "kxEnvironment*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list all the predictors", - "privilege": "ListPredictors", + "access_level": "List", + "description": "Grants permission to list volumes in a managed kdb environment", + "privilege": "ListKxVolumes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "kxEnvironment*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list the tags for an Amazon Forecast resource", + "access_level": "List", + "description": "Grants permission to return a list of tags for a resource", "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "datasetGroup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "datasetImportJob" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "endpoint" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "explainability" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "explainabilityExport" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "forecast" + "resource_type": "environment*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "forecastExport" + "resource_type": "kxCluster*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "monitor" + "resource_type": "kxDatabase*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "predictor" + "resource_type": "kxDataview*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "predictorBacktestExportJob" + "resource_type": "kxEnvironment*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "whatIfAnalysis" + "resource_type": "kxScalingGroup*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "whatIfForecast" + "resource_type": "kxUser*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "whatIfForecastExport" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list all the what-if analyses", - "privilege": "ListWhatIfAnalyses", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "resource_type": "kxVolume*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list all the what-if forecast exports", - "privilege": "ListWhatIfForecastExports", + "access_level": "List", + "description": "Grants permission to list FinSpace users in an environment", + "privilege": "ListUsers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list all the what-if forecasts", - "privilege": "ListWhatIfForecasts", - "resource_types": [ + "resource_type": "environment*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "user*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a forecast for a single item", - "privilege": "QueryForecast", + "access_level": "Write", + "description": "Grants permission to load sample data bundle into your FinSpace environment", + "privilege": "LoadSampleDataSetGroupIntoEnvironment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "forecast*" + "resource_type": "environment*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a what-if forecast for a single item", - "privilege": "QueryWhatIfForecast", + "access_level": "Write", + "description": "Grants permission to mount a database to a kdb cluster", + "privilege": "MountKxDatabase", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "whatIfForecast*" + "resource_type": "kxDatabase*" } ] }, { "access_level": "Write", - "description": "Grants permission to resume Amazon Forecast resource jobs", - "privilege": "ResumeResource", + "description": "Grants permission to reset the password for a FinSpace user", + "privilege": "ResetUserPassword", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "monitor*" + "resource_type": "environment*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "user*" } ] }, { - "access_level": "Write", - "description": "Grants permission to stop Amazon Forecast resource jobs", - "privilege": "StopResource", + "access_level": "Tagging", + "description": "Grants permission to tag a resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datasetImportJob*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "endpoint*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "explainability*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "explainabilityExport*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "forecast*" + "resource_type": "environment" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "forecastExport*" + "resource_type": "kxCluster" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "monitor*" + "resource_type": "kxDatabase" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "predictor*" + "resource_type": "kxDataview" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "predictorBacktestExportJob*" + "resource_type": "kxEnvironment" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "whatIfAnalysis*" + "resource_type": "kxScalingGroup" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "whatIfForecast*" + "resource_type": "kxUser" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "whatIfForecastExport*" + "resource_type": "kxVolume" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -136579,82 +140715,51 @@ }, { "access_level": "Tagging", - "description": "Grants permission to associate the specified tags to a resource", - "privilege": "TagResource", + "description": "Grants permission to untag a resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "datasetGroup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "datasetImportJob" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "endpoint" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "explainability" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "explainabilityExport" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "forecast" + "resource_type": "environment" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "forecastExport" + "resource_type": "kxCluster" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "monitor" + "resource_type": "kxDatabase" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "predictor" + "resource_type": "kxDataview" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "predictorBacktestExportJob" + "resource_type": "kxEnvironment" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "whatIfAnalysis" + "resource_type": "kxScalingGroup" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "whatIfForecast" + "resource_type": "kxUser" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "whatIfForecastExport" + "resource_type": "kxVolume" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -136663,239 +140768,478 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to delete the specified tags for a resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to update a FinSpace environment", + "privilege": "UpdateEnvironment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "datasetGroup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "datasetImportJob" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "endpoint" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "explainability" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "explainabilityExport" - }, + "resource_type": "environment*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update code configuration for a cluster in a managed kdb environment", + "privilege": "UpdateKxClusterCodeConfiguration", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "forecast" - }, + "resource_type": "kxCluster*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update databases for a cluster in a managed kdb environment", + "privilege": "UpdateKxClusterDatabases", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "forecastExport" - }, + "resource_type": "kxCluster*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a kdb database", + "privilege": "UpdateKxDatabase", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "monitor" - }, + "resource_type": "kxDatabase*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a dataview in a managed kdb environment", + "privilege": "UpdateKxDataview", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "predictor" - }, + "resource_type": "kxDataview*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a managed kdb environment", + "privilege": "UpdateKxEnvironment", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "predictorBacktestExportJob" - }, + "resource_type": "kxEnvironment*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the network for a managed kdb environment", + "privilege": "UpdateKxEnvironmentNetwork", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "whatIfAnalysis" - }, + "resource_type": "kxEnvironment*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a kdb user", + "privilege": "UpdateKxUser", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "whatIfForecast" - }, + "resource_type": "kxUser*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a volume in a managed kdb environment", + "privilege": "UpdateKxVolume", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "whatIfForecastExport" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "kxVolume*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a dataset group", - "privilege": "UpdateDatasetGroup", + "description": "Grants permission to update a FinSpace user", + "privilege": "UpdateUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" + "resource_type": "environment*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "datasetGroup*" + "resource_type": "user*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:forecast:${Region}:${Account}:dataset/${ResourceId}", + "arn": "arn:${Partition}:finspace:${Region}:${Account}:environment/${EnvironmentId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "dataset" + "resource": "environment" }, { - "arn": "arn:${Partition}:forecast:${Region}:${Account}:dataset-group/${ResourceId}", + "arn": "arn:${Partition}:finspace:${Region}:${Account}:user/${UserId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "datasetGroup" + "resource": "user" }, { - "arn": "arn:${Partition}:forecast:${Region}:${Account}:dataset-import-job/${ResourceId}", + "arn": "arn:${Partition}:finspace:${Region}:${Account}:kxEnvironment/${EnvironmentId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "datasetImportJob" - }, - { - "arn": "arn:${Partition}:forecast:::algorithm/${ResourceId}", - "condition_keys": [], - "resource": "algorithm" + "resource": "kxEnvironment" }, { - "arn": "arn:${Partition}:forecast:${Region}:${Account}:predictor/${ResourceId}", + "arn": "arn:${Partition}:finspace:${Region}:${Account}:kxEnvironment/${EnvironmentId}/kxUser/${UserName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "predictor" + "resource": "kxUser" }, { - "arn": "arn:${Partition}:forecast:${Region}:${Account}:predictor-backtest-export-job/${ResourceId}", + "arn": "arn:${Partition}:finspace:${Region}:${Account}:kxEnvironment/${EnvironmentId}/kxCluster/${KxCluster}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "predictorBacktestExportJob" + "resource": "kxCluster" }, { - "arn": "arn:${Partition}:forecast:${Region}:${Account}:forecast/${ResourceId}", + "arn": "arn:${Partition}:finspace:${Region}:${Account}:kxEnvironment/${EnvironmentId}/kxDatabase/${KxDatabase}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "forecast" + "resource": "kxDatabase" }, { - "arn": "arn:${Partition}:forecast:${Region}:${Account}:forecast-export-job/${ResourceId}", + "arn": "arn:${Partition}:finspace:${Region}:${Account}:kxEnvironment/${EnvironmentId}/kxScalingGroup/${KxScalingGroup}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "forecastExport" + "resource": "kxScalingGroup" }, { - "arn": "arn:${Partition}:forecast:${Region}:${Account}:explainability/${ResourceId}", + "arn": "arn:${Partition}:finspace:${Region}:${Account}:kxEnvironment/${EnvironmentId}/kxDatabase/${KxDatabase}/kxDataview/${KxDataview}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "explainability" + "resource": "kxDataview" }, { - "arn": "arn:${Partition}:forecast:${Region}:${Account}:explainability-export/${ResourceId}", + "arn": "arn:${Partition}:finspace:${Region}:${Account}:kxEnvironment/${EnvironmentId}/kxVolume/${KxVolume}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "explainabilityExport" + "resource": "kxVolume" + } + ], + "service_name": "Amazon FinSpace" + }, + { + "conditions": [], + "prefix": "finspace-api", + "privileges": [ + { + "access_level": "Read", + "description": "Grants permission to retrieve FinSpace programmatic access credentials", + "privilege": "GetProgrammaticAccessCredentials", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "credential*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:finspace-api:${Region}:${Account}:/credentials/programmatic", + "condition_keys": [], + "resource": "credential" + } + ], + "service_name": "Amazon FinSpace API" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" }, { - "arn": "arn:${Partition}:forecast:${Region}:${Account}:monitor/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "monitor" + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" }, { - "arn": "arn:${Partition}:forecast:${Region}:${Account}:what-if-analysis/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "whatIfAnalysis" + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "firehose", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create a delivery stream", + "privilege": "CreateDeliveryStream", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "deliverystream*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:forecast:${Region}:${Account}:what-if-forecast/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "whatIfForecast" + "access_level": "Write", + "description": "Grants permission to delete a delivery stream and its data", + "privilege": "DeleteDeliveryStream", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "deliverystream*" + } + ] }, { - "arn": "arn:${Partition}:forecast:${Region}:${Account}:what-if-forecast-export/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "whatIfForecastExport" + "access_level": "Read", + "description": "Grants permission to describe the specified delivery stream and gets the status", + "privilege": "DescribeDeliveryStream", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "deliverystream*" + } + ] }, { - "arn": "arn:${Partition}:forecast:${Region}:${Account}:forecast-endpoint/${ResourceId}", + "access_level": "List", + "description": "Grants permission to list your delivery streams", + "privilege": "ListDeliveryStreams", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the tags for the specified delivery stream", + "privilege": "ListTagsForDeliveryStream", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "deliverystream*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to write a single data record into an Amazon Kinesis Firehose delivery stream", + "privilege": "PutRecord", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "deliverystream*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to write multiple data records into a delivery stream in a single call, which can achieve higher throughput per producer than when writing single records", + "privilege": "PutRecordBatch", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "deliverystream*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to enable server-side encryption (SSE) for the delivery stream", + "privilege": "StartDeliveryStreamEncryption", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "deliverystream*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disable the specified destination of the specified delivery stream", + "privilege": "StopDeliveryStreamEncryption", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "deliverystream*" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to add or update tags for the specified delivery stream", + "privilege": "TagDeliveryStream", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "deliverystream*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to remove tags from the specified delivery stream", + "privilege": "UntagDeliveryStream", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "deliverystream*" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the specified destination of the specified delivery stream", + "privilege": "UpdateDestination", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "deliverystream*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:firehose:${Region}:${Account}:deliverystream/${DeliveryStreamName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "endpoint" + "resource": "deliverystream" } ], - "service_name": "Amazon Forecast" + "service_name": "Amazon Kinesis Firehose" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the tags that are passed in the request", + "description": "Filters access by a tag key and value pair that is allowed in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on the tags associated with the resource", + "description": "Filters access by a tag key and value pair of a resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters actions based on the tag keys that are passed in the request", + "description": "Filters access by a list of tag keys that are allowed in the request", + "type": "ArrayOfString" + }, + { + "condition": "fis:Operations", + "description": "Filters access by the list of operations on the AWS service that is being affected by the AWS FIS action", + "type": "ArrayOfString" + }, + { + "condition": "fis:Percentage", + "description": "Filters access by the percentage of calls being affected by the AWS FIS action", + "type": "Numeric" + }, + { + "condition": "fis:Service", + "description": "Filters access by the AWS service that is being affected by the AWS FIS action", + "type": "String" + }, + { + "condition": "fis:Targets", + "description": "Filters access by the list of resource ARNs being targeted by the AWS FIS action", "type": "ArrayOfString" } ], - "prefix": "frauddetector", + "prefix": "fis", "privileges": [ { "access_level": "Write", - "description": "Grants permission to create a batch of variables", - "privilege": "BatchCreateVariable", + "description": "Grants permission to create an AWS FIS experiment template", + "privilege": "CreateExperimentTemplate", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "action*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "experiment-template*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -136907,60 +141251,54 @@ ] }, { - "access_level": "List", - "description": "Grants permission to get a batch of variables", - "privilege": "BatchGetVariable", + "access_level": "Write", + "description": "Grants permission to create an AWS FIS target account configuration", + "privilege": "CreateTargetAccountConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "variable*" + "resource_type": "experiment-template*" } ] }, { "access_level": "Write", - "description": "Grants permission to cancel the specified batch import job", - "privilege": "CancelBatchImportJob", + "description": "Grants permission to delete the AWS FIS experiment template", + "privilege": "DeleteExperimentTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "batch-import*" + "resource_type": "experiment-template*" } ] }, { "access_level": "Write", - "description": "Grants permission to cancel the specified batch prediction job", - "privilege": "CancelBatchPredictionJob", + "description": "Grants permission to delete an AWS FIS target account configuration", + "privilege": "DeleteTargetAccountConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "batch-prediction*" + "resource_type": "experiment-template*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a batch import job", - "privilege": "CreateBatchImportJob", + "access_level": "Read", + "description": "Grants permission to retrieve an AWS FIS action", + "privilege": "GetAction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "batch-import*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "event-type*" + "resource_type": "action*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -136968,34 +141306,49 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a batch prediction job", - "privilege": "CreateBatchPredictionJob", + "access_level": "Read", + "description": "Grants permission to retrieve an AWS FIS experiment", + "privilege": "GetExperiment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "batch-prediction*" + "resource_type": "experiment*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "detector*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve an AWS FIS target account configuration for an AWS FIS experiment", + "privilege": "GetExperimentTargetAccountConfiguration", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector-version*" - }, + "resource_type": "experiment*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve an AWS FIS Experiment Template", + "privilege": "GetExperimentTemplate", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-type*" + "resource_type": "experiment-template*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -137003,45 +141356,36 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a detector version. The detector version starts in a DRAFT status", - "privilege": "CreateDetectorVersion", + "access_level": "Read", + "description": "Grants permission to get information about the safety lever", + "privilege": "GetSafetyLever", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "external-model" - }, + "resource_type": "safety-lever*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve an AWS FIS target account configuration for an AWS FIS experiment template", + "privilege": "GetTargetAccountConfiguration", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "model-version" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "experiment-template*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a list", - "privilege": "CreateList", + "access_level": "Read", + "description": "Grants permission to get information about the specified resource type", + "privilege": "GetTargetResourceType", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -137049,23 +141393,20 @@ }, { "access_level": "Write", - "description": "Grants permission to create a model using the specified model type", - "privilege": "CreateModel", + "description": "Grants permission to inject an API internal error on the provided AWS service from an FIS Experiment", + "privilege": "InjectApiInternalError", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-type*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "model*" + "resource_type": "experiment*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "fis:Service", + "fis:Operations", + "fis:Percentage", + "fis:Targets" ], "dependent_actions": [], "resource_type": "" @@ -137074,18 +141415,20 @@ }, { "access_level": "Write", - "description": "Grants permission to create a version of the model using the specified model type and model id", - "privilege": "CreateModelVersion", + "description": "Grants permission to inject an API throttle error on the provided AWS service from an FIS Experiment", + "privilege": "InjectApiThrottleError", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "model*" + "resource_type": "experiment*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "fis:Service", + "fis:Operations", + "fis:Percentage", + "fis:Targets" ], "dependent_actions": [], "resource_type": "" @@ -137094,18 +141437,20 @@ }, { "access_level": "Write", - "description": "Grants permission to create a rule for use with the specified detector", - "privilege": "CreateRule", + "description": "Grants permission to inject an API unavailable error on the provided AWS service from an FIS Experiment", + "privilege": "InjectApiUnavailableError", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" + "resource_type": "experiment*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "fis:Service", + "fis:Operations", + "fis:Percentage", + "fis:Targets" ], "dependent_actions": [], "resource_type": "" @@ -137113,153 +141458,203 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a variable", - "privilege": "CreateVariable", + "access_level": "List", + "description": "Grants permission to list all available AWS FIS actions", + "privilege": "ListActions", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a batch import job", - "privilege": "DeleteBatchImportJob", + "access_level": "List", + "description": "Grants permission to list resolved targets for AWS FIS experiments", + "privilege": "ListExperimentResolvedTargets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "batch-import*" + "resource_type": "experiment*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a batch prediction job", - "privilege": "DeleteBatchPredictionJob", + "access_level": "List", + "description": "Grants permission to list target account configurations for AWS FIS experiments", + "privilege": "ListExperimentTargetAccountConfigurations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "batch-prediction*" + "resource_type": "experiment*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the detector. Before deleting a detector, you must first delete all detector versions and rule versions associated with the detector", - "privilege": "DeleteDetector", + "access_level": "List", + "description": "Grants permission to list all available AWS FIS experiment templates", + "privilege": "ListExperimentTemplates", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the detector version. You cannot delete detector versions that are in ACTIVE status", - "privilege": "DeleteDetectorVersion", + "access_level": "List", + "description": "Grants permission to list all available AWS FIS experiments", + "privilege": "ListExperiments", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector-version*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an entity type. You cannot delete an entity type that is included in an event type", - "privilege": "DeleteEntityType", + "access_level": "Read", + "description": "Grants permission to list the tags for an AWS FIS resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "entity-type*" + "resource_type": "action" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "experiment" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "experiment-template" } ] }, { - "access_level": "Write", - "description": "Grants permission to deletes the specified event", - "privilege": "DeleteEvent", + "access_level": "List", + "description": "Grants permission to list target account configurations for AWS FIS experiment templates", + "privilege": "ListTargetAccountConfigurations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-type*" + "resource_type": "experiment-template*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an event type. You cannot delete an event type that is used in a detector or a model", - "privilege": "DeleteEventType", + "access_level": "List", + "description": "Grants permission to list the resource types", + "privilege": "ListTargetResourceTypes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-type*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete events for the specified event type", - "privilege": "DeleteEventsByEventType", + "description": "Grants permission to run an AWS FIS experiment", + "privilege": "StartExperiment", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iam:CreateServiceLinkedRole" + ], + "resource_type": "experiment*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-type*" + "resource_type": "experiment-template*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to remove a SageMaker model from Amazon Fraud Detector. You can remove an Amazon SageMaker model if it is not associated with a detector version", - "privilege": "DeleteExternalModel", + "description": "Grants permission to stop an AWS FIS experiment", + "privilege": "StopExperiment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "external-model*" + "resource_type": "experiment*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a label. You cannot delete labels that are included in an event type in Amazon Fraud Detector. You cannot delete a label assigned to an event ID. You must first delete the relevant event ID", - "privilege": "DeleteLabel", + "access_level": "Tagging", + "description": "Grants permission to tag AWS FIS resources", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "label*" + "resource_type": "action" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "experiment" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "experiment-template" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a list", - "privilege": "DeleteList", + "access_level": "Tagging", + "description": "Grants permission to untag AWS FIS resources", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "list*" + "resource_type": "action" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "experiment" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "experiment-template" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -137268,256 +141663,362 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a model. You can delete models and model versions in Amazon Fraud Detector, provided that they are not associated with a detector version", - "privilege": "DeleteModel", + "description": "Grants permission to update the specified AWS FIS experiment template", + "privilege": "UpdateExperimentTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "model*" + "resource_type": "experiment-template*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "action" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a model version. You can delete models and model versions in Amazon Fraud Detector, provided that they are not associated with a detector version", - "privilege": "DeleteModelVersion", + "description": "Grants permission to update the state of the safety lever", + "privilege": "UpdateSafetyLeverState", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "model-version*" + "resource_type": "safety-lever*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an outcome. You cannot delete an outcome that is used in a rule version", - "privilege": "DeleteOutcome", + "description": "Grants permission to update an AWS FIS target account configuration", + "privilege": "UpdateTargetAccountConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "outcome*" + "resource_type": "experiment-template*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:fis:${Region}:${Account}:action/${Id}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "action" + }, + { + "arn": "arn:${Partition}:fis:${Region}:${Account}:experiment/${Id}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "experiment" + }, + { + "arn": "arn:${Partition}:fis:${Region}:${Account}:experiment-template/${Id}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "experiment-template" + }, + { + "arn": "arn:${Partition}:fis:${Region}:${Account}:safety-lever/${Id}", + "condition_keys": [], + "resource": "safety-lever" + } + ], + "service_name": "AWS Fault Injection Service" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tag key-value pairs attached to the resource", + "type": "String" }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the the presence of tag keys in the request", + "type": "ArrayOfString" + } + ], + "prefix": "fms", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to delete the rule. You cannot delete a rule if it is used by an ACTIVE or INACTIVE detector version", - "privilege": "DeleteRule", + "description": "Grants permission to set the AWS Firewall Manager administrator account and enables the service in all organization accounts", + "privilege": "AssociateAdminAccount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a variable. You cannot delete variables that are included in an event type in Amazon Fraud Detector", - "privilege": "DeleteVariable", + "description": "Grants permission to set the Firewall Manager administrator as a tenant administrator of a third-party firewall service", + "privilege": "AssociateThirdPartyFirewall", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "variable*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get all versions for a specified detector", - "privilege": "DescribeDetector", + "access_level": "Write", + "description": "Grants permission to associate resources to an AWS Firewall Manager resource set", + "privilege": "BatchAssociateResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" + "resource_type": "resource-set*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get all of the model versions for the specified model type or for the specified model type and model ID. You can also get details for a single, specified model version", - "privilege": "DescribeModelVersions", + "access_level": "Write", + "description": "Grants permission to disassociate resources from an AWS Firewall Manager resource set", + "privilege": "BatchDisassociateResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "model-version" + "resource_type": "resource-set*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the data validation report of a specific batch import job", - "privilege": "GetBatchImportJobValidationReport", + "access_level": "Write", + "description": "Grants permission to permanently deletes an AWS Firewall Manager applications list", + "privilege": "DeleteAppsList", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "batch-import*" + "resource_type": "applications-list*" } ] }, { - "access_level": "List", - "description": "Grants permission to get all batch import jobs or a specific job if you specify a job ID", - "privilege": "GetBatchImportJobs", + "access_level": "Write", + "description": "Grants permission to delete an AWS Firewall Manager association with the IAM role and the Amazon Simple Notification Service (SNS) topic that is used to notify the FM administrator about major FM events and errors across the organization", + "privilege": "DeleteNotificationChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "batch-import" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to get all batch prediction jobs or a specific job if you specify a job ID. This is a paginated API. If you provide a null maxResults, this action retrieves a maximum of 50 records per page. If you provide a maxResults, the value must be between 1 and 50. To get the next page results, provide the pagination token from the GetBatchPredictionJobsResponse as part of your request. A null pagination token fetches the records from the beginning", - "privilege": "GetBatchPredictionJobs", + "access_level": "Write", + "description": "Grants permission to permanently delete an AWS Firewall Manager policy", + "privilege": "DeletePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "batch-prediction" + "resource_type": "policy*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a specific event type DeleteEventsByEventType API execution status", - "privilege": "GetDeleteEventsByEventTypeStatus", + "access_level": "Write", + "description": "Grants permission to permanently deletes an AWS Firewall Manager protocols list", + "privilege": "DeleteProtocolsList", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-type*" + "resource_type": "protocols-list*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a particular detector version", - "privilege": "GetDetectorVersion", + "access_level": "Write", + "description": "Grants permission to permanently delete an AWS Firewall Manager resource set", + "privilege": "DeleteResourceSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector-version*" + "resource_type": "resource-set*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to get all detectors or a single detector if a detectorId is specified. This is a paginated API. If you provide a null maxResults, this action retrieves a maximum of 10 records per page. If you provide a maxResults, the value must be between 5 and 10. To get the next page results, provide the pagination token from the GetDetectorsResponse as part of your request. A null pagination token fetches the records from the beginning", - "privilege": "GetDetectors", + "access_level": "Write", + "description": "Grants permission to disassociate the account that has been set as the AWS Firewall Manager administrator account and and disables the service in all organization accounts", + "privilege": "DisassociateAdminAccount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to get all entity types or a specific entity type if a name is specified. This is a paginated API. If you provide a null maxResults, this action retrieves a maximum of 10 records per page. If you provide a maxResults, the value must be between 5 and 10. To get the next page results, provide the pagination token from the GetEntityTypesResponse as part of your request. A null pagination token fetches the records from the beginning", - "privilege": "GetEntityTypes", + "access_level": "Write", + "description": "Grants permission to disassociate a Firewall Manager administrator from a third-party firewall tenant", + "privilege": "DisassociateThirdPartyFirewall", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "entity-type" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get the details of the specified event", - "privilege": "GetEvent", + "description": "Grants permission to return the AWS Organizations account that is associated with AWS Firewall Manager as the AWS Firewall Manager administrator", + "privilege": "GetAdminAccount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-type*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to evaluate an event against a detector version. If a version ID is not provided, the detector's (ACTIVE) version is used", - "privilege": "GetEventPrediction", + "description": "Grants permission to return information about the specified account's administrative scope", + "privilege": "GetAdminScope", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return information about the specified AWS Firewall Manager applications list", + "privilege": "GetAppsList", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector-version*" - }, + "resource_type": "applications-list*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve detailed compliance information about the specified member account. Details include resources that are in and out of compliance with the specified policy", + "privilege": "GetComplianceDetail", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-type*" + "resource_type": "policy*" } ] }, { "access_level": "Read", - "description": "Grants permission to get more details of a particular prediction", - "privilege": "GetEventPredictionMetadata", + "description": "Grants permission to retrieve information about the Amazon Simple Notification Service (SNS) topic that is used to record AWS Firewall Manager SNS logs", + "privilege": "GetNotificationChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about the specified AWS Firewall Manager policy", + "privilege": "GetPolicy", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector-version*" - }, + "resource_type": "policy*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve policy-level attack summary information in the event of a potential DDoS attack", + "privilege": "GetProtectionStatus", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-type*" + "resource_type": "policy*" } ] }, { - "access_level": "List", - "description": "Grants permission to get all event types or a specific event type if name is provided. This is a paginated API. If you provide a null maxResults, this action retrieves a maximum of 10 records per page. If you provide a maxResults, the value must be between 5 and 10. To get the next page results, provide the pagination token from the GetEventTypesResponse as part of your request. A null pagination token fetches the records from the beginning", - "privilege": "GetEventTypes", + "access_level": "Read", + "description": "Grants permission to return information about the specified AWS Firewall Manager protocols list", + "privilege": "GetProtocolsList", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-type" + "resource_type": "protocols-list*" } ] }, { - "access_level": "List", - "description": "Grants permission to get the details for one or more Amazon SageMaker models that have been imported into the service. This is a paginated API. If you provide a null maxResults, this actions retrieves a maximum of 10 records per page. If you provide a maxResults, the value must be between 5 and 10. To get the next page results, provide the pagination token from the GetExternalModelsResult as part of your request. A null pagination token fetches the records from the beginning", - "privilege": "GetExternalModels", + "access_level": "Read", + "description": "Grants permission to retrieve information about the specified AWS Firewall Manager resource set", + "privilege": "GetResourceSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "external-model" + "resource_type": "resource-set*" } ] }, { "access_level": "Read", - "description": "Grants permission to get the encryption key if a Key Management Service (KMS) customer master key (CMK) has been specified to be used to encrypt content in Amazon Fraud Detector", - "privilege": "GetKMSEncryptionKey", + "description": "Grants permission to retrieve the onboarding status of a Firewall Manager administrator account to third-party firewall vendor tenant", + "privilege": "GetThirdPartyFirewallAssociationStatus", "resource_types": [ { "condition_keys": [], @@ -137527,254 +142028,156 @@ ] }, { - "access_level": "List", - "description": "Grants permission to get all labels or a specific label if name is provided. This is a paginated API. If you provide a null maxResults, this action retrieves a maximum of 50 records per page. If you provide a maxResults, the value must be between 10 and 50. To get the next page results, provide the pagination token from the GetGetLabelsResponse as part of your request. A null pagination token fetches the records from the beginning", - "privilege": "GetLabels", + "access_level": "Read", + "description": "Grants permission to retrieve violations for a resource based on the specified AWS Firewall Manager policy and AWS account", + "privilege": "GetViolationDetails", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "label" + "resource_type": "policy*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get elements of a list", - "privilege": "GetListElements", + "access_level": "List", + "description": "Grants permission to return a AdminAccounts object that lists the Firewall Manager administrators within the organization that are onboarded to Firewall Manager by AssociateAdminAccount", + "privilege": "ListAdminAccountsForOrganization", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "list*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to get metadata about lists", - "privilege": "GetListsMetadata", + "description": "Grants permission to list the accounts that are managing the specified AWS Organizations member account", + "privilege": "ListAdminsManagingAccount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "list" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the details of the specified model version", - "privilege": "GetModelVersion", + "access_level": "List", + "description": "Grants permission to return an array of AppsListDataSummary objects", + "privilege": "ListAppsLists", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "model-version*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to get one or more models. Gets all models for the AWS account if no model type and no model id provided. Gets all models for the AWS account and model type, if the model type is specified but model id is not provided. Gets a specific model if (model type, model id) tuple is specified", - "privilege": "GetModels", + "description": "Grants permission to retrieve an array of PolicyComplianceStatus objects in the response. Use PolicyComplianceStatus to get a summary of which member accounts are protected by the specified policy", + "privilege": "ListComplianceStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "model" + "resource_type": "policy*" } ] }, { "access_level": "List", - "description": "Grants permission to get one or more outcomes. This is a paginated API. If you provide a null maxResults, this actions retrieves a maximum of 100 records per page. If you provide a maxResults, the value must be between 50 and 100. To get the next page results, provide the pagination token from the GetOutcomesResult as part of your request. A null pagination token fetches the records from the beginning", - "privilege": "GetOutcomes", + "description": "Grants permission to retrieve an array of resources in the organization's accounts that are available to be associated with a resource set", + "privilege": "ListDiscoveredResources", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "outcome" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to get all rules for a detector (paginated) if ruleId and ruleVersion are not specified. Gets all rules for the detector and the ruleId if present (paginated). Gets a specific rule if both the ruleId and the ruleVersion are specified", - "privilege": "GetRules", + "description": "Grants permission to retrieve an array of member account ids if the caller is FMS admin account", + "privilege": "ListMemberAccounts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to get all of the variables or the specific variable. This is a paginated API. Providing null maxSizePerPage results in retrieving maximum of 100 records per page. If you provide maxSizePerPage the value must be between 50 and 100. To get the next page result, a provide a pagination token from GetVariablesResult as part of your request. Null pagination token fetches the records from the beginning", - "privilege": "GetVariables", + "description": "Grants permission to retrieve an array of PolicySummary objects in the response", + "privilege": "ListPolicies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "variable" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to get a list of past predictions", - "privilege": "ListEventPredictions", + "description": "Grants permission to return an array of ProtocolsListDataSummary objects", + "privilege": "ListProtocolsLists", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "detector-version" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "event-type" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list all tags associated with the resource. This is a paginated API. To get the next page results, provide the pagination token from the response as part of your request. A null pagination token fetches the records from the beginning", - "privilege": "ListTagsForResource", + "access_level": "List", + "description": "Grants permission to retrieve an array of resources that are currently associated to a resource set", + "privilege": "ListResourceSetResources", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "batch-import" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "batch-prediction" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "detector" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "detector-version" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "entity-type" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "event-type" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "external-model" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "label" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "list" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "model" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "model-version" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "outcome" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "rule" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "variable" + "resource_type": "resource-set*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create or update a detector", - "privilege": "PutDetector", + "access_level": "List", + "description": "Grants permission to retrieve an array of ResourceSetSummary objects", + "privilege": "ListResourceSets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "event-type*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create or update an entity type. An entity represents who is performing the event. As part of a fraud prediction, you pass the entity ID to indicate the specific entity who performed the event. An entity type classifies the entity. Example classifications include customer, merchant, or account", - "privilege": "PutEntityType", + "access_level": "Read", + "description": "Grants permission to list Tags for a given resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "entity-type*" - }, + "resource_type": "policy*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve a list of all of the third-party firewall policies that are associated with the third-party firewall administrator's account", + "privilege": "ListThirdPartyFirewallFirewallPolicies", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -137782,38 +142185,25 @@ }, { "access_level": "Write", - "description": "Grants permission to create or update an event type. An event is a business activity that is evaluated for fraud risk. With Amazon Fraud Detector, you generate fraud predictions for events. An event type defines the structure for an event sent to Amazon Fraud Detector. This includes the variables sent as part of the event, the entity performing the event (such as a customer), and the labels that classify the event. Example event types include online payment transactions, account registrations, and authentications", - "privilege": "PutEventType", + "description": "Grants permission to create or update an Firewall Manager administrator account", + "privilege": "PutAdminAccount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-type*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create or update an Amazon SageMaker model endpoint. You can also use this action to update the configuration of the model endpoint, including the IAM role and/or the mapped variables", - "privilege": "PutExternalModel", + "description": "Grants permission to create an AWS Firewall Manager applications list", + "privilege": "PutAppsList", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-type*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "external-model*" + "resource_type": "applications-list*" }, { "condition_keys": [ @@ -137827,8 +142217,8 @@ }, { "access_level": "Write", - "description": "Grants permission to specify the Key Management Service (KMS) customer master key (CMK) to be used to encrypt content in Amazon Fraud Detector", - "privilege": "PutKMSEncryptionKey", + "description": "Grants permission to designate the IAM role and Amazon Simple Notification Service (SNS) topic that AWS Firewall Manager (FM) could use to notify the FM administrator about major FM events and errors across the organization", + "privilege": "PutNotificationChannel", "resource_types": [ { "condition_keys": [], @@ -137839,13 +142229,13 @@ }, { "access_level": "Write", - "description": "Grants permission to create or update label. A label classifies an event as fraudulent or legitimate. Labels are associated with event types and used to train supervised machine learning models in Amazon Fraud Detector", - "privilege": "PutLabel", + "description": "Grants permission to create an AWS Firewall Manager policy", + "privilege": "PutPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "label*" + "resource_type": "policy*" }, { "condition_keys": [ @@ -137859,13 +142249,13 @@ }, { "access_level": "Write", - "description": "Grants permission to create or update an outcome", - "privilege": "PutOutcome", + "description": "Grants permission to creates an AWS Firewall Manager protocols list", + "privilege": "PutProtocolsList", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "outcome*" + "resource_type": "protocols-list*" }, { "condition_keys": [ @@ -137879,13 +142269,13 @@ }, { "access_level": "Write", - "description": "Grants permission to send event", - "privilege": "SendEvent", + "description": "Grants permission to create an AWS Firewall Manager resource set", + "privilege": "PutResourceSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-type*" + "resource_type": "resource-set*" }, { "condition_keys": [ @@ -137899,83 +142289,33 @@ }, { "access_level": "Tagging", - "description": "Grants permission to assign tags to a resource", + "description": "Grants permission to add a Tag to a given resource", "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "batch-import" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "batch-prediction" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "detector" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "detector-version" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "entity-type" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "event-type" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "external-model" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "label" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "list" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "model" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "model-version" + "resource_type": "applications-list" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "outcome" + "resource_type": "policy" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule" + "resource_type": "protocols-list" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "variable" + "resource_type": "resource-set" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -137984,81 +142324,139 @@ }, { "access_level": "Tagging", - "description": "Grants permission to remove tags from a resource", + "description": "Grants permission to remove a Tag from a given resource", "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "batch-import" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "batch-prediction" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "detector" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "detector-version" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "entity-type" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "event-type" + "resource_type": "applications-list" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "external-model" + "resource_type": "policy" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "label" + "resource_type": "protocols-list" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "list" + "resource_type": "resource-set" }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "model" - }, + "resource_type": "" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:fms:${Region}:${Account}:policy/${Id}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "policy" + }, + { + "arn": "arn:${Partition}:fms:${Region}:${Account}:applications-list/${Id}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "applications-list" + }, + { + "arn": "arn:${Partition}:fms:${Region}:${Account}:protocols-list/${Id}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "protocols-list" + }, + { + "arn": "arn:${Partition}:fms:${Region}:${Account}:resource-set/${Id}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "resource-set" + } + ], + "service_name": "AWS Firewall Manager" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "forecast", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create an auto predictor", + "privilege": "CreateAutoPredictor", + "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "model-version" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a dataset", + "privilege": "CreateDataset", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "outcome" + "resource_type": "dataset*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "rule" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a dataset group", + "privilege": "CreateDatasetGroup", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "variable" + "resource_type": "datasetGroup*" }, { "condition_keys": [ + "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -138068,59 +142466,53 @@ }, { "access_level": "Write", - "description": "Grants permission to update a detector version. The detector version attributes that you can update include models, external model endpoints, rules, rule execution mode, and description. You can only update a DRAFT detector version", - "privilege": "UpdateDetectorVersion", + "description": "Grants permission to create a dataset import job", + "privilege": "CreateDatasetImportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "external-model" + "resource_type": "datasetImportJob*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "model-version" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the detector version's description. You can update the metadata for any detector version (DRAFT, ACTIVE, or INACTIVE)", - "privilege": "UpdateDetectorVersionMetadata", + "description": "Grants permission to create an explainability", + "privilege": "CreateExplainability", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector-version*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update the detector version's status. You can perform the following promotions or demotions using UpdateDetectorVersionStatus: DRAFT to ACTIVE, ACTIVE to INACTIVE, and INACTIVE to ACTIVE", - "privilege": "UpdateDetectorVersionStatus", - "resource_types": [ + "resource_type": "forecast*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "detector-version*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update an existing event record's label value", - "privilege": "UpdateEventLabel", + "description": "Grants permission to create an explainability export using an explainability resource", + "privilege": "CreateExplainabilityExport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-type*" + "resource_type": "explainability*" }, { "condition_keys": [ @@ -138134,17 +142526,18 @@ }, { "access_level": "Write", - "description": "Grants permission to update a list", - "privilege": "UpdateList", + "description": "Grants permission to create a forecast", + "privilege": "CreateForecast", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "list*" + "resource_type": "predictor*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -138153,25 +142546,33 @@ }, { "access_level": "Write", - "description": "Grants permission to update a model. You can update the description attribute using this action", - "privilege": "UpdateModel", + "description": "Grants permission to create an endpoint using a Predictor resource", + "privilege": "CreateForecastEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "model*" + "resource_type": "predictor*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a model version. Updating a model version retrains an existing model version using updated training data and produces a new minor version of the model. You can update the training data set location and data access role attributes using this action. This action creates and trains a new minor version of the model, for example version 1.01, 1.02, 1.03", - "privilege": "UpdateModelVersion", + "description": "Grants permission to create a forecast export job using a forecast resource", + "privilege": "CreateForecastExportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "model*" + "resource_type": "forecast*" }, { "condition_keys": [ @@ -138185,37 +142586,53 @@ }, { "access_level": "Write", - "description": "Grants permission to update the status of a model version", - "privilege": "UpdateModelVersionStatus", + "description": "Grants permission to create an monitor using a Predictor resource", + "privilege": "CreateMonitor", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "model-version*" + "resource_type": "predictor*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a rule's metadata. The description attribute can be updated", - "privilege": "UpdateRuleMetadata", + "description": "Grants permission to create a predictor", + "privilege": "CreatePredictor", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule*" + "resource_type": "datasetGroup*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a rule version resulting in a new rule version. Updates a rule version resulting in a new rule version (version 1, 2, 3 ...)", - "privilege": "UpdateRuleVersion", + "description": "Grants permission to create a predictor backtest export job using a predictor", + "privilege": "CreatePredictorBacktestExportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule*" + "resource_type": "predictor*" }, { "condition_keys": [ @@ -138229,148 +142646,33 @@ }, { "access_level": "Write", - "description": "Grants permission to update a variable", - "privilege": "UpdateVariable", + "description": "Grants permission to create a what-if analysis", + "privilege": "CreateWhatIfAnalysis", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "variable*" + "resource_type": "forecast*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:batch-prediction/${ResourcePath}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "batch-prediction" - }, - { - "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:detector/${ResourcePath}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "detector" - }, - { - "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:detector-version/${ResourcePath}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "detector-version" - }, - { - "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:entity-type/${ResourcePath}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "entity-type" - }, - { - "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:external-model/${ResourcePath}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "external-model" - }, - { - "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:event-type/${ResourcePath}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "event-type" - }, - { - "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:label/${ResourcePath}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "label" - }, - { - "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:model/${ResourcePath}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "model" - }, - { - "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:model-version/${ResourcePath}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "model-version" - }, - { - "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:outcome/${ResourcePath}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "outcome" - }, - { - "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:rule/${ResourcePath}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "rule" - }, - { - "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:variable/${ResourcePath}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "variable" - }, - { - "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:batch-import/${ResourcePath}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "batch-import" - }, - { - "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:list/${ResourcePath}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "list" - } - ], - "service_name": "Amazon Fraud Detector" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by tag key present in the request that the user makes to Amazon FreeRTOS", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tag key component attached to an Amazon FreeRTOS resource", - "type": "String" }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the list of all the tag key names associated with the resource in the request", - "type": "ArrayOfString" - } - ], - "prefix": "freertos", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to create a software configuration", - "privilege": "CreateSoftwareConfiguration", + "description": "Grants permission to create a what-if forecast", + "privilege": "CreateWhatIfForecast", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuration*" + "resource_type": "whatIfAnalysis*" }, { "condition_keys": [ @@ -138384,9 +142686,14 @@ }, { "access_level": "Write", - "description": "Grants permission to create a subscription for FreeRTOS extended maintenance plan (EMP)", - "privilege": "CreateSubscription", + "description": "Grants permission to create a what-if forecast export using what-if forecast resources", + "privilege": "CreateWhatIfForecastExport", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "whatIfForecast*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -138399,932 +142706,678 @@ }, { "access_level": "Write", - "description": "Grants permission to delete the software configuration", - "privilege": "DeleteSoftwareConfiguration", + "description": "Grants permission to delete a dataset", + "privilege": "DeleteDataset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuration*" + "resource_type": "dataset*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe the hardware platform", - "privilege": "DescribeHardwarePlatform", + "access_level": "Write", + "description": "Grants permission to delete a dataset group", + "privilege": "DeleteDatasetGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "datasetGroup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe the software configuration", - "privilege": "DescribeSoftwareConfiguration", + "access_level": "Write", + "description": "Grants permission to delete a dataset import job", + "privilege": "DeleteDatasetImportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuration*" + "resource_type": "datasetImportJob*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describes the subscription for FreeRTOS extended maintenance plan (EMP)", - "privilege": "DescribeSubscription", + "access_level": "Write", + "description": "Grants permission to delete an explainability", + "privilege": "DeleteExplainability", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "subscription*" + "resource_type": "explainability*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get URL for sotware patch-release, patch-diff and release notes under FreeRTOS extended maintenance plan (EMP)", - "privilege": "GetEmpPatchUrl", + "access_level": "Write", + "description": "Grants permission to delete an explainability export", + "privilege": "DeleteExplainabilityExport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "explainabilityExport*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the URL for Amazon FreeRTOS software download", - "privilege": "GetSoftwareURL", + "access_level": "Write", + "description": "Grants permission to delete a forecast", + "privilege": "DeleteForecast", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "forecast*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the URL for Amazon FreeRTOS software download based on the configuration", - "privilege": "GetSoftwareURLForConfiguration", + "access_level": "Write", + "description": "Grants permission to delete an endpoint resource", + "privilege": "DeleteForecastEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "endpoint*" } ] }, { - "access_level": "Read", - "description": "Grants permission to fetch the subscription billing amount for FreeRTOS extended maintenance plan (EMP)", - "privilege": "GetSubscriptionBillingAmount", + "access_level": "Write", + "description": "Grants permission to delete a forecast export job", + "privilege": "DeleteForecastExportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "forecastExport*" } ] }, { - "access_level": "List", - "description": "Grants permission to lists versions of AmazonFreeRTOS", - "privilege": "ListFreeRTOSVersions", + "access_level": "Write", + "description": "Grants permission to delete a monitor resource", + "privilege": "DeleteMonitor", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "monitor*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the hardware platforms", - "privilege": "ListHardwarePlatforms", + "access_level": "Write", + "description": "Grants permission to delete a predictor", + "privilege": "DeletePredictor", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "predictor*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the hardware vendors", - "privilege": "ListHardwareVendors", + "access_level": "Write", + "description": "Grants permission to delete a predictor backtest export job", + "privilege": "DeletePredictorBacktestExportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "predictorBacktestExportJob*" } ] }, { - "access_level": "List", - "description": "Grants permission to lists the software configurations", - "privilege": "ListSoftwareConfigurations", + "access_level": "Write", + "description": "Grants permission to delete a resource and its child resources", + "privilege": "DeleteResourceTree", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "dataset*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "datasetGroup*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "datasetImportJob*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "endpoint*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "explainability*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "explainabilityExport*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "forecast*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "forecastExport*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "monitor*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "predictor*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "predictorBacktestExportJob*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "whatIfAnalysis*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "whatIfForecast*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "whatIfForecastExport*" } ] }, { - "access_level": "List", - "description": "Grants permission to list software patches of subscription for FreeRTOS extended maintenance plan (EMP)", - "privilege": "ListSoftwarePatches", + "access_level": "Write", + "description": "Grants permission to delete a what-if analysis", + "privilege": "DeleteWhatIfAnalysis", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "whatIfAnalysis*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the subscription emails for FreeRTOS extended maintenance plan (EMP)", - "privilege": "ListSubscriptionEmails", + "access_level": "Write", + "description": "Grants permission to delete a what-if forecast", + "privilege": "DeleteWhatIfForecast", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "whatIfForecast*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the subscriptions for FreeRTOS extended maintenance plan (EMP)", - "privilege": "ListSubscriptions", + "access_level": "Write", + "description": "Grants permission to delete a what-if forecast export", + "privilege": "DeleteWhatIfForecastExport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "whatIfForecastExport*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update list of subscription email address for FreeRTOS extended maintenance plan (EMP)", - "privilege": "UpdateEmailRecipients", + "access_level": "Read", + "description": "Grants permission to describe an auto predictor", + "privilege": "DescribeAutoPredictor", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "predictor*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the software configuration", - "privilege": "UpdateSoftwareConfiguration", + "access_level": "Read", + "description": "Grants permission to describe a dataset", + "privilege": "DescribeDataset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuration*" + "resource_type": "dataset*" } ] }, { - "access_level": "Write", - "description": "Grants permission to verify the email for FreeRTOS extended maintenance plan (EMP)", - "privilege": "VerifyEmail", + "access_level": "Read", + "description": "Grants permission to describe a dataset group", + "privilege": "DescribeDatasetGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "datasetGroup*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:freertos:${Region}:${Account}:configuration/${ConfigurationName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "configuration" }, - { - "arn": "arn:${Partition}:freertos:${Region}:${Account}:subscription/${SubscriptionID}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "subscription" - } - ], - "service_name": "Amazon FreeRTOS" - }, - { - "conditions": [], - "prefix": "freetier", - "privileges": [ { "access_level": "Read", - "description": "Grants permission to get free tier alert preference (email address)", - "privilege": "GetFreeTierAlertPreference", + "description": "Grants permission to describe a dataset import job", + "privilege": "DescribeDatasetImportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "datasetImportJob*" } ] }, { "access_level": "Read", - "description": "Grants permission to get free tier usage limits and MTD usage status", - "privilege": "GetFreeTierUsage", + "description": "Grants permission to describe an explainability", + "privilege": "DescribeExplainability", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "explainability*" } ] }, { - "access_level": "Write", - "description": "Grants permission to set free tier alert preference (email address)", - "privilege": "PutFreeTierAlertPreference", + "access_level": "Read", + "description": "Grants permission to describe an explainability export", + "privilege": "DescribeExplainabilityExport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "explainabilityExport*" } ] - } - ], - "resources": [], - "service_name": "AWS Free Tier" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", - "type": "ArrayOfString" - }, - { - "condition": "fsx:IsBackupCopyDestination", - "description": "Filters access by whether the backup is a destination backup for a CopyBackup operation", - "type": "Bool" - }, - { - "condition": "fsx:IsBackupCopySource", - "description": "Filters access by whether the backup is a source backup for a CopyBackup operation", - "type": "Bool" - }, - { - "condition": "fsx:NfsDataRepositoryAuthenticationEnabled", - "description": "Filters access by NFS data repositories which support authentication", - "type": "Bool" - }, - { - "condition": "fsx:NfsDataRepositoryEncryptionInTransitEnabled", - "description": "Filters access by NFS data repositories which support encryption-in-transit", - "type": "Bool" }, { - "condition": "fsx:ParentVolumeId", - "description": "Filters access by the containing parent volume for mutating volume operations", - "type": "String" - }, - { - "condition": "fsx:StorageVirtualMachineId", - "description": "Filters access by the containing storage virtual machine for a volume for mutating volume operations", - "type": "String" - } - ], - "prefix": "fsx", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to associate a File Gateway instance with an Amazon FSx for Windows File Server file system", - "privilege": "AssociateFileGateway", + "access_level": "Read", + "description": "Grants permission to describe a forecast", + "privilege": "DescribeForecast", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system*" + "resource_type": "forecast*" } ] }, { - "access_level": "Write", - "description": "Grants permission to associate DNS aliases with an Amazon FSx for Windows File Server file system", - "privilege": "AssociateFileSystemAliases", + "access_level": "Read", + "description": "Grants permission to describe an endpoint resource", + "privilege": "DescribeForecastEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system*" + "resource_type": "endpoint*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to allow deletion of an FSx for ONTAP SnapLock Enterprise volume that contains WORM (write once, read many) files with active retention periods", - "privilege": "BypassSnaplockEnterpriseRetention", + "access_level": "Read", + "description": "Grants permission to describe a forecast export job", + "privilege": "DescribeForecastExportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "volume*" + "resource_type": "forecastExport*" } ] }, { - "access_level": "Write", - "description": "Grants permission to cancel a data repository task", - "privilege": "CancelDataRepositoryTask", + "access_level": "Read", + "description": "Grants permission to describe an monitor resource", + "privilege": "DescribeMonitor", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "task*" + "resource_type": "monitor*" } ] }, { - "access_level": "Write", - "description": "Grants permission to copy a backup", - "privilege": "CopyBackup", + "access_level": "Read", + "description": "Grants permission to describe a predictor", + "privilege": "DescribePredictor", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "fsx:TagResource" - ], - "resource_type": "backup*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "predictor*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update an existing volume by using a snapshot from another Amazon FSx for OpenZFS file system", - "privilege": "CopySnapshotAndUpdateVolume", + "access_level": "Read", + "description": "Grants permission to describe a predictor backtest export job", + "privilege": "DescribePredictorBacktestExportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "snapshot*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "volume*" + "resource_type": "predictorBacktestExportJob*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new backup of an Amazon FSx file system or an Amazon FSx volume", - "privilege": "CreateBackup", + "access_level": "Read", + "description": "Grants permission to describe a what-if analysis", + "privilege": "DescribeWhatIfAnalysis", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "fsx:TagResource" - ], - "resource_type": "backup*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "file-system" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "volume" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "whatIfAnalysis*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new data respository association for an Amazon FSx for Lustre file system", - "privilege": "CreateDataRepositoryAssociation", + "access_level": "Read", + "description": "Grants permission to describe a what-if forecast", + "privilege": "DescribeWhatIfForecast", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "fsx:TagResource" - ], - "resource_type": "association*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "file-system*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "whatIfForecast*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new data respository task for an Amazon FSx for Lustre file system", - "privilege": "CreateDataRepositoryTask", + "access_level": "Read", + "description": "Grants permission to describe a what-if forecast export", + "privilege": "DescribeWhatIfForecastExport", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "fsx:TagResource" - ], - "resource_type": "file-system*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "task*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "whatIfForecastExport*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new, empty, Amazon file cache", - "privilege": "CreateFileCache", + "access_level": "Read", + "description": "Grants permission to get the Accuracy Metrics for a predictor", + "privilege": "GetAccuracyMetrics", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "ec2:GetSecurityGroupsForVpc", - "fsx:CreateDataRepositoryAssociation", - "fsx:TagResource", - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - "s3:ListBucket" - ], - "resource_type": "file-cache*" - }, - { - "condition_keys": [ - "fsx:NfsDataRepositoryEncryptionInTransitEnabled", - "fsx:NfsDataRepositoryAuthenticationEnabled" - ], - "dependent_actions": [], - "resource_type": "association" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "predictor*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new, empty, Amazon FSx file system", - "privilege": "CreateFileSystem", + "access_level": "Read", + "description": "Grants permission to get the forecast context of a timeseries for an endpoint", + "privilege": "GetRecentForecastContext", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:GetSecurityGroupsForVpc", - "fsx:TagResource" - ], - "resource_type": "file-system*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "endpoint*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new Amazon FSx file system from an existing backup", - "privilege": "CreateFileSystemFromBackup", + "access_level": "Read", + "description": "Grants permission to invoke the endpoint to get forecast for a timeseries", + "privilege": "InvokeForecastEndpoint", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:GetSecurityGroupsForVpc", - "fsx:TagResource" - ], - "resource_type": "backup*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "file-system*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "endpoint*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new snapshot on a volume", - "privilege": "CreateSnapshot", + "access_level": "Read", + "description": "Grants permission to list all the dataset groups", + "privilege": "ListDatasetGroups", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "fsx:TagResource" - ], - "resource_type": "snapshot*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "volume*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new storage virtual machine in an Amazon FSx for Ontap file system", - "privilege": "CreateStorageVirtualMachine", + "access_level": "Read", + "description": "Grants permission to list all the dataset import jobs", + "privilege": "ListDatasetImportJobs", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "fsx:TagResource" - ], - "resource_type": "file-system*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "storage-virtual-machine*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new volume", - "privilege": "CreateVolume", + "access_level": "Read", + "description": "Grants permission to list all the datasets", + "privilege": "ListDatasets", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "fsx:TagResource" - ], - "resource_type": "volume*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "snapshot" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "fsx:StorageVirtualMachineId", - "fsx:ParentVolumeId" - ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new volume from backup", - "privilege": "CreateVolumeFromBackup", + "access_level": "Read", + "description": "Grants permission to list all the explainabilities", + "privilege": "ListExplainabilities", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "fsx:TagResource" - ], - "resource_type": "backup*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "storage-virtual-machine*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "volume*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "fsx:StorageVirtualMachineId" - ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a backup, deleting its contents. After deletion, the backup no longer exists, and its data is no longer available", - "privilege": "DeleteBackup", + "access_level": "Read", + "description": "Grants permission to list all the explainability exports", + "privilege": "ListExplainabilityExports", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "backup*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a data repository association", - "privilege": "DeleteDataRepositoryAssociation", + "access_level": "Read", + "description": "Grants permission to list all the forecast export jobs", + "privilege": "ListForecastExportJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "association*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a file cache, deleting its contents", - "privilege": "DeleteFileCache", + "access_level": "Read", + "description": "Grants permission to list all the forecasts", + "privilege": "ListForecasts", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "fsx:DeleteDataRepositoryAssociation" - ], - "resource_type": "file-cache*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "association" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a file system, deleting its contents and any existing automatic backups of the file system", - "privilege": "DeleteFileSystem", + "access_level": "Read", + "description": "Grants permission to list all the monitor evaluation result for a monitor", + "privilege": "ListMonitorEvaluations", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "fsx:CreateBackup", - "fsx:TagResource" - ], - "resource_type": "file-system*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "backup" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "monitor*" } ] }, { - "access_level": "Permissions management", - "description": "Required to manage cross-account sharing of FSx volumes through AWS Resource Access Manager (RAM). PutResourcePolicy and GetResourcePolicy are also required", - "privilege": "DeleteResourcePolicy", + "access_level": "Read", + "description": "Grants permission to list all the monitor resources", + "privilege": "ListMonitors", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "volume*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a snapshot on a volume", - "privilege": "DeleteSnapshot", + "access_level": "Read", + "description": "Grants permission to list all the predictor backtest export jobs", + "privilege": "ListPredictorBacktestExportJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "snapshot*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a storage virtual machine, deleting its contents", - "privilege": "DeleteStorageVirtualMachine", + "access_level": "Read", + "description": "Grants permission to list all the predictors", + "privilege": "ListPredictors", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "storage-virtual-machine*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a volume, deleting its contents and any existing automatic backups of the volume", - "privilege": "DeleteVolume", + "access_level": "Read", + "description": "Grants permission to list the tags for an Amazon Forecast resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "fsx:TagResource" - ], - "resource_type": "volume*" + "dependent_actions": [], + "resource_type": "dataset" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "backup" + "resource_type": "datasetGroup" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "fsx:StorageVirtualMachineId", - "fsx:ParentVolumeId" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the File Gateway instances associated with an Amazon FSx for Windows File Server file system", - "privilege": "DescribeAssociatedFileGateways", - "resource_types": [ + "resource_type": "datasetImportJob" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to return the descriptions of all backups owned by your AWS account in the AWS Region of the endpoint that you're calling", - "privilege": "DescribeBackups", - "resource_types": [ + "resource_type": "endpoint" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "explainability" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "explainabilityExport" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "forecast" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "forecastExport" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "monitor" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to return the descriptions of all data repository associations owned by your AWS account in the AWS Region of the endpoint that you're calling", - "privilege": "DescribeDataRepositoryAssociations", - "resource_types": [ + "resource_type": "predictor" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to return the descriptions of all data repository tasks owned by your AWS account in the AWS Region of the endpoint that you're calling", - "privilege": "DescribeDataRepositoryTasks", - "resource_types": [ + "resource_type": "predictorBacktestExportJob" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to return the descriptions of all file caches owned by your AWS account in the AWS Region of the endpoint that you're calling", - "privilege": "DescribeFileCaches", - "resource_types": [ + "resource_type": "whatIfAnalysis" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to return the description of all DNS aliases owned by your Amazon FSx for Windows File Server file system", - "privilege": "DescribeFileSystemAliases", - "resource_types": [ + "resource_type": "whatIfForecast" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system*" + "resource_type": "whatIfForecastExport" } ] }, { "access_level": "Read", - "description": "Grants permission to return the descriptions of all file systems owned by your AWS account in the AWS Region of the endpoint that you're calling", - "privilege": "DescribeFileSystems", + "description": "Grants permission to list all the what-if analyses", + "privilege": "ListWhatIfAnalyses", "resource_types": [ { "condition_keys": [], @@ -139335,8 +143388,8 @@ }, { "access_level": "Read", - "description": "Grants permission to return the descriptions of whether FSx route table updates from participant accounts are allowed in your account", - "privilege": "DescribeSharedVpcConfiguration", + "description": "Grants permission to list all the what-if forecast exports", + "privilege": "ListWhatIfForecastExports", "resource_types": [ { "condition_keys": [], @@ -139347,8 +143400,8 @@ }, { "access_level": "Read", - "description": "Grants permission to return the descriptions of all snapshots owned by your AWS account in the AWS Region of the endpoint you're calling", - "privilege": "DescribeSnapshots", + "description": "Grants permission to list all the what-if forecasts", + "privilege": "ListWhatIfForecasts", "resource_types": [ { "condition_keys": [], @@ -139359,225 +143412,202 @@ }, { "access_level": "Read", - "description": "Grants permission to return the descriptions of all storage virtual machines owned by your AWS account in the AWS Region of the endpoint that you're calling", - "privilege": "DescribeStorageVirtualMachines", + "description": "Grants permission to retrieve a forecast for a single item", + "privilege": "QueryForecast", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "forecast*" } ] }, { "access_level": "Read", - "description": "Grants permission to return the descriptions of all volumes owned by your AWS account in the AWS Region of the endpoint that you're calling", - "privilege": "DescribeVolumes", + "description": "Grants permission to retrieve a what-if forecast for a single item", + "privilege": "QueryWhatIfForecast", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "whatIfForecast*" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate a File Gateway instance from an Amazon FSx for Windows File Server file system", - "privilege": "DisassociateFileGateway", + "description": "Grants permission to resume Amazon Forecast resource jobs", + "privilege": "ResumeResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system*" + "resource_type": "monitor*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate file system aliases with an Amazon FSx for Windows File Server file system", - "privilege": "DisassociateFileSystemAliases", + "description": "Grants permission to stop Amazon Forecast resource jobs", + "privilege": "StopResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system*" - } - ] - }, - { - "access_level": "Permissions management", - "description": "Required to manage cross-account sharing of FSx volumes through AWS Resource Access Manager (RAM). PutResourcePolicy and DeleteResourcePolicy are also required", - "privilege": "GetResourcePolicy", - "resource_types": [ + "resource_type": "datasetImportJob*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "volume*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list tags for an Amazon FSx resource", - "privilege": "ListTagsForResource", - "resource_types": [ + "resource_type": "endpoint*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "association" + "resource_type": "explainability*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "backup" + "resource_type": "explainabilityExport*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-cache" + "resource_type": "forecast*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system" + "resource_type": "forecastExport*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "snapshot" + "resource_type": "monitor*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "storage-virtual-machine" + "resource_type": "predictor*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "task" + "resource_type": "predictorBacktestExportJob*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "volume" - } - ] - }, - { - "access_level": "Permissions management", - "description": "Grants permission to manage backup principal associations through AWS Backup", - "privilege": "ManageBackupPrincipalAssociations", - "resource_types": [ + "resource_type": "whatIfAnalysis*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "backup*" - } - ] - }, - { - "access_level": "Permissions management", - "description": "Required to manage cross-account sharing of FSx volumes through AWS Resource Access Manager (RAM). DeleteResourcePolicy and GetResourcePolicy are also required", - "privilege": "PutResourcePolicy", - "resource_types": [ + "resource_type": "whatIfForecast*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "volume*" + "resource_type": "whatIfForecastExport*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to release file system NFS V3 locks", - "privilege": "ReleaseFileSystemNfsV3Locks", + "access_level": "Tagging", + "description": "Grants permission to associate the specified tags to a resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to restore volume state from a snapshot", - "privilege": "RestoreVolumeFromSnapshot", - "resource_types": [ + "resource_type": "dataset" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "snapshot*" + "resource_type": "datasetGroup" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "volume*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to start misconfigured state recovery", - "privilege": "StartMisconfiguredStateRecovery", - "resource_types": [ + "resource_type": "datasetImportJob" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system*" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to tag an Amazon FSx resource", - "privilege": "TagResource", - "resource_types": [ + "resource_type": "endpoint" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "association" + "resource_type": "explainability" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "backup" + "resource_type": "explainabilityExport" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-cache" + "resource_type": "forecast" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system" + "resource_type": "forecastExport" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "snapshot" + "resource_type": "monitor" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "storage-virtual-machine" + "resource_type": "predictor" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "task" + "resource_type": "predictorBacktestExportJob" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "volume" + "resource_type": "whatIfAnalysis" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "whatIfForecast" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "whatIfForecastExport" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -139586,735 +143616,449 @@ }, { "access_level": "Tagging", - "description": "Grants permission to remove a tag from an Amazon FSx resource", + "description": "Grants permission to delete the specified tags for a resource", "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "association" + "resource_type": "dataset" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "backup" + "resource_type": "datasetGroup" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-cache" + "resource_type": "datasetImportJob" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system" + "resource_type": "endpoint" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "snapshot" + "resource_type": "explainability" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "storage-virtual-machine" + "resource_type": "explainabilityExport" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "task" + "resource_type": "forecast" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "volume" + "resource_type": "forecastExport" }, { - "condition_keys": [ - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update data repository association configuration", - "privilege": "UpdateDataRepositoryAssociation", - "resource_types": [ + "resource_type": "monitor" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "association*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update file cache configuration", - "privilege": "UpdateFileCache", - "resource_types": [ + "resource_type": "predictor" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-cache*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update file system configuration", - "privilege": "UpdateFileSystem", - "resource_types": [ + "resource_type": "predictorBacktestExportJob" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to enable or disable FSx route table updates from participant accounts in your account", - "privilege": "UpdateSharedVpcConfiguration", - "resource_types": [ + "resource_type": "whatIfAnalysis" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update snapshot configuration", - "privilege": "UpdateSnapshot", - "resource_types": [ + "resource_type": "whatIfForecast" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "snapshot*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update storage virtual machine configuration", - "privilege": "UpdateStorageVirtualMachine", - "resource_types": [ + "resource_type": "whatIfForecastExport" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "storage-virtual-machine*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update volume configuration", - "privilege": "UpdateVolume", + "description": "Grants permission to update a dataset group", + "privilege": "UpdateDatasetGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "volume*" + "resource_type": "dataset*" }, { - "condition_keys": [ - "fsx:StorageVirtualMachineId", - "fsx:ParentVolumeId" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "datasetGroup*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:fsx:${Region}:${Account}:file-system/${FileSystemId}", + "arn": "arn:${Partition}:forecast:${Region}:${Account}:dataset/${ResourceId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "file-system" + "resource": "dataset" }, { - "arn": "arn:${Partition}:fsx:${Region}:${Account}:file-cache/${FileCacheId}", + "arn": "arn:${Partition}:forecast:${Region}:${Account}:dataset-group/${ResourceId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "file-cache" + "resource": "datasetGroup" }, { - "arn": "arn:${Partition}:fsx:${Region}:${Account}:backup/${BackupId}", + "arn": "arn:${Partition}:forecast:${Region}:${Account}:dataset-import-job/${ResourceId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "backup" + "resource": "datasetImportJob" }, { - "arn": "arn:${Partition}:fsx:${Region}:${Account}:storage-virtual-machine/${FileSystemId}/${StorageVirtualMachineId}", + "arn": "arn:${Partition}:forecast:::algorithm/${ResourceId}", + "condition_keys": [], + "resource": "algorithm" + }, + { + "arn": "arn:${Partition}:forecast:${Region}:${Account}:predictor/${ResourceId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "storage-virtual-machine" + "resource": "predictor" }, { - "arn": "arn:${Partition}:fsx:${Region}:${Account}:task/${TaskId}", + "arn": "arn:${Partition}:forecast:${Region}:${Account}:predictor-backtest-export-job/${ResourceId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "task" + "resource": "predictorBacktestExportJob" }, { - "arn": "arn:${Partition}:fsx:${Region}:${Account}:association/${FileSystemIdOrFileCacheId}/${DataRepositoryAssociationId}", + "arn": "arn:${Partition}:forecast:${Region}:${Account}:forecast/${ResourceId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "association" + "resource": "forecast" }, { - "arn": "arn:${Partition}:fsx:${Region}:${Account}:volume/${FileSystemId}/${VolumeId}", + "arn": "arn:${Partition}:forecast:${Region}:${Account}:forecast-export-job/${ResourceId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "volume" + "resource": "forecastExport" }, { - "arn": "arn:${Partition}:fsx:${Region}:${Account}:snapshot/${VolumeId}/${SnapshotId}", + "arn": "arn:${Partition}:forecast:${Region}:${Account}:explainability/${ResourceId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "snapshot" + "resource": "explainability" + }, + { + "arn": "arn:${Partition}:forecast:${Region}:${Account}:explainability-export/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "explainabilityExport" + }, + { + "arn": "arn:${Partition}:forecast:${Region}:${Account}:monitor/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "monitor" + }, + { + "arn": "arn:${Partition}:forecast:${Region}:${Account}:what-if-analysis/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "whatIfAnalysis" + }, + { + "arn": "arn:${Partition}:forecast:${Region}:${Account}:what-if-forecast/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "whatIfForecast" + }, + { + "arn": "arn:${Partition}:forecast:${Region}:${Account}:what-if-forecast-export/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "whatIfForecastExport" + }, + { + "arn": "arn:${Partition}:forecast:${Region}:${Account}:forecast-endpoint/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "endpoint" } ], - "service_name": "Amazon FSx" + "service_name": "Amazon Forecast" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", + "description": "Filters actions based on the tags that are passed in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", + "description": "Filters actions based on the tags associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", + "description": "Filters actions based on the tag keys that are passed in the request", "type": "ArrayOfString" } ], - "prefix": "gamelift", + "prefix": "frauddetector", "privileges": [ { "access_level": "Write", - "description": "Grants permission to register player acceptance or rejection of a proposed FlexMatch match", - "privilege": "AcceptMatch", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to locate and reserve a game server to host a new game session", - "privilege": "ClaimGameServer", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "gameServerGroup*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to define a new alias for a fleet", - "privilege": "CreateAlias", - "resource_types": [ - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "gamelift:TagResource" - ], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a new game build using files stored in an Amazon S3 bucket", - "privilege": "CreateBuild", - "resource_types": [ - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "gamelift:TagResource", - "iam:PassRole", - "s3:GetObject" - ], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a new container fleet of computing resources to run your game servers", - "privilege": "CreateContainerFleet", - "resource_types": [ - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "ec2:DescribeAvailabilityZones", - "ec2:DescribeRegions", - "gamelift:TagResource", - "iam:PassRole" - ], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a new container group definition using images stored in an Amazon ECR repository", - "privilege": "CreateContainerGroupDefinition", - "resource_types": [ - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "ecr:BatchGetImage", - "ecr:DescribeImages", - "ecr:GetAuthorizationToken", - "ecr:GetDownloadUrlForLayer", - "gamelift:TagResource" - ], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a new fleet of computing resources to run your game servers", - "privilege": "CreateFleet", + "description": "Grants permission to create a batch of variables", + "privilege": "BatchCreateVariable", "resource_types": [ { "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys" ], - "dependent_actions": [ - "ec2:DescribeAvailabilityZones", - "ec2:DescribeRegions", - "gamelift:TagResource", - "iam:PassRole" - ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to specify additional locations for a fleet", - "privilege": "CreateFleetLocations", + "access_level": "List", + "description": "Grants permission to get a batch of variables", + "privilege": "BatchGetVariable", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "ec2:DescribeAvailabilityZones", - "ec2:DescribeRegions" - ], - "resource_type": "containerFleet" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a new game server group, set up a corresponding Auto Scaling group, and launche instances to host game servers", - "privilege": "CreateGameServerGroup", - "resource_types": [ - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "autoscaling:CreateAutoScalingGroup", - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:PutLifecycleHook", - "autoscaling:PutScalingPolicy", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeSubnets", - "events:PutRule", - "events:PutTargets", - "gamelift:TagResource", - "iam:PassRole" - ], - "resource_type": "" + "resource_type": "variable*" } ] }, { "access_level": "Write", - "description": "Grants permission to start a new game session on a specified fleet", - "privilege": "CreateGameSession", + "description": "Grants permission to cancel the specified batch import job", + "privilege": "CancelBatchImportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to set up a new queue for processing game session placement requests", - "privilege": "CreateGameSessionQueue", - "resource_types": [ - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "gamelift:TagResource" - ], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to define a new location for a fleet", - "privilege": "CreateLocation", - "resource_types": [ - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "gamelift:TagResource" - ], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a new FlexMatch matchmaker", - "privilege": "CreateMatchmakingConfiguration", - "resource_types": [ - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "gamelift:TagResource" - ], - "resource_type": "" + "resource_type": "batch-import*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new matchmaking rule set for FlexMatch", - "privilege": "CreateMatchmakingRuleSet", + "description": "Grants permission to cancel the specified batch prediction job", + "privilege": "CancelBatchPredictionJob", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "gamelift:TagResource" - ], - "resource_type": "" + "condition_keys": [], + "dependent_actions": [], + "resource_type": "batch-prediction*" } ] }, { "access_level": "Write", - "description": "Grants permission to reserve an available game session slot for a player", - "privilege": "CreatePlayerSession", + "description": "Grants permission to create a batch import job", + "privilege": "CreateBatchImportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to reserve available game session slots for multiple players", - "privilege": "CreatePlayerSessions", - "resource_types": [ + "resource_type": "batch-import*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a new Realtime Servers script", - "privilege": "CreateScript", - "resource_types": [ + "resource_type": "event-type*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys" ], - "dependent_actions": [ - "gamelift:TagResource", - "iam:PassRole", - "s3:GetObject" - ], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to allow GameLift to create or delete a peering connection between a GameLift fleet VPC and a VPC on another AWS account", - "privilege": "CreateVpcPeeringAuthorization", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "ec2:AcceptVpcPeeringConnection", - "ec2:AuthorizeSecurityGroupEgress", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateRoute", - "ec2:DeleteRoute", - "ec2:DescribeRouteTables", - "ec2:DescribeSecurityGroups", - "ec2:RevokeSecurityGroupEgress", - "ec2:RevokeSecurityGroupIngress" - ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to establish a peering connection between your GameLift fleet VPC and a VPC on another account", - "privilege": "CreateVpcPeeringConnection", + "description": "Grants permission to create a batch prediction job", + "privilege": "CreateBatchPredictionJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete an alias", - "privilege": "DeleteAlias", - "resource_types": [ + "resource_type": "batch-prediction*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "alias*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a game build", - "privilege": "DeleteBuild", - "resource_types": [ + "resource_type": "detector*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "build*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a container fleet", - "privilege": "DeleteContainerFleet", - "resource_types": [ + "resource_type": "detector-version*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "containerFleet*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a container group definition", - "privilege": "DeleteContainerGroupDefinition", - "resource_types": [ + "resource_type": "event-type*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "containerGroupDefinition*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an empty fleet", - "privilege": "DeleteFleet", + "description": "Grants permission to create a detector version. The detector version starts in a DRAFT status", + "privilege": "CreateDetectorVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete locations for a fleet", - "privilege": "DeleteFleetLocations", - "resource_types": [ + "resource_type": "detector*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "containerFleet" + "resource_type": "external-model" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to permanently delete a game server group and terminate FleetIQ activity for the corresponding Auto Scaling group", - "privilege": "DeleteGameServerGroup", - "resource_types": [ + "resource_type": "model-version" + }, { - "condition_keys": [], - "dependent_actions": [ - "autoscaling:DeleteAutoScalingGroup", - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:ExitStandby", - "autoscaling:ResumeProcesses", - "autoscaling:SetInstanceProtection", - "autoscaling:UpdateAutoScalingGroup" + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], - "resource_type": "gameServerGroup*" + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an existing game session queue", - "privilege": "DeleteGameSessionQueue", + "description": "Grants permission to create a list", + "privilege": "CreateList", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "gameSessionQueue*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a location", - "privilege": "DeleteLocation", + "description": "Grants permission to create a model using the specified model type", + "privilege": "CreateModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "location*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete an existing FlexMatch matchmaker", - "privilege": "DeleteMatchmakingConfiguration", - "resource_types": [ + "resource_type": "event-type*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "matchmakingConfiguration*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete an existing FlexMatch matchmaking rule set", - "privilege": "DeleteMatchmakingRuleSet", - "resource_types": [ + "resource_type": "model*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "matchmakingRuleSet*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a set of auto-scaling rules", - "privilege": "DeleteScalingPolicy", + "description": "Grants permission to create a version of the model using the specified model type and model id", + "privilege": "CreateModelVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "containerFleet" + "resource_type": "model*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "fleet" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a Realtime Servers script", - "privilege": "DeleteScript", + "description": "Grants permission to create a rule for use with the specified detector", + "privilege": "CreateRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "script*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to cancel a VPC peering authorization", - "privilege": "DeleteVpcPeeringAuthorization", - "resource_types": [ + "resource_type": "detector*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -140322,11 +144066,14 @@ }, { "access_level": "Write", - "description": "Grants permission to remove a peering connection between VPCs", - "privilege": "DeleteVpcPeeringConnection", + "description": "Grants permission to create a variable", + "privilege": "CreateVariable", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -140334,504 +144081,395 @@ }, { "access_level": "Write", - "description": "Grants permission to deregister a compute against a fleet", - "privilege": "DeregisterCompute", + "description": "Grants permission to delete a batch import job", + "privilege": "DeleteBatchImportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet*" + "resource_type": "batch-import*" } ] }, { "access_level": "Write", - "description": "Grants permission to remove a game server from a game server group", - "privilege": "DeregisterGameServer", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "gameServerGroup*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve properties for an alias", - "privilege": "DescribeAlias", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "alias*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve properties for a game build", - "privilege": "DescribeBuild", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "build*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve information for a compute in a fleet", - "privilege": "DescribeCompute", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "containerFleet" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "fleet" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve the properties of an existing container fleet", - "privilege": "DescribeContainerFleet", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "containerFleet*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve the properties of an existing container group definition", - "privilege": "DescribeContainerGroupDefinition", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "containerGroupDefinition*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve the maximum allowed and current usage for EC2 instance types", - "privilege": "DescribeEC2InstanceLimits", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve general properties, including status, for fleets", - "privilege": "DescribeFleetAttributes", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve the current capacity settings for managed fleets", - "privilege": "DescribeFleetCapacity", + "description": "Grants permission to delete a batch prediction job", + "privilege": "DeleteBatchPredictionJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "batch-prediction*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the properties of an existing fleet deployment", - "privilege": "DescribeFleetDeployment", + "access_level": "Write", + "description": "Grants permission to delete the detector. Before deleting a detector, you must first delete all detector versions and rule versions associated with the detector", + "privilege": "DeleteDetector", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "containerFleet*" + "resource_type": "detector*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve entries from a fleet's event log", - "privilege": "DescribeFleetEvents", + "access_level": "Write", + "description": "Grants permission to delete the detector version. You cannot delete detector versions that are in ACTIVE status", + "privilege": "DeleteDetectorVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "containerFleet" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "fleet" + "resource_type": "detector-version*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve general properties, including statuses, for a fleet's locations", - "privilege": "DescribeFleetLocationAttributes", + "access_level": "Write", + "description": "Grants permission to delete an entity type. You cannot delete an entity type that is included in an event type", + "privilege": "DeleteEntityType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "containerFleet" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "fleet" + "resource_type": "entity-type*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the current capacity setting for a fleet's location", - "privilege": "DescribeFleetLocationCapacity", + "access_level": "Write", + "description": "Grants permission to deletes the specified event", + "privilege": "DeleteEvent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "containerFleet" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "fleet" + "resource_type": "event-type*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve utilization statistics for fleet's location", - "privilege": "DescribeFleetLocationUtilization", + "access_level": "Write", + "description": "Grants permission to delete an event type. You cannot delete an event type that is used in a detector or a model", + "privilege": "DeleteEventType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet*" + "resource_type": "event-type*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the inbound connection permissions for a fleet", - "privilege": "DescribeFleetPortSettings", + "access_level": "Write", + "description": "Grants permission to delete events for the specified event type", + "privilege": "DeleteEventsByEventType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet*" + "resource_type": "event-type*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve utilization statistics for fleets", - "privilege": "DescribeFleetUtilization", + "access_level": "Write", + "description": "Grants permission to remove a SageMaker model from Amazon Fraud Detector. You can remove an Amazon SageMaker model if it is not associated with a detector version", + "privilege": "DeleteExternalModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "external-model*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve properties for a game server", - "privilege": "DescribeGameServer", + "access_level": "Write", + "description": "Grants permission to delete a label. You cannot delete labels that are included in an event type in Amazon Fraud Detector. You cannot delete a label assigned to an event ID. You must first delete the relevant event ID", + "privilege": "DeleteLabel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "gameServerGroup*" + "resource_type": "label*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve properties for a game server group", - "privilege": "DescribeGameServerGroup", + "access_level": "Write", + "description": "Grants permission to delete a list", + "privilege": "DeleteList", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "gameServerGroup*" + "resource_type": "list*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the status of EC2 instances in a game server group", - "privilege": "DescribeGameServerInstances", + "access_level": "Write", + "description": "Grants permission to delete a model. You can delete models and model versions in Amazon Fraud Detector, provided that they are not associated with a detector version", + "privilege": "DeleteModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "gameServerGroup*" + "resource_type": "model*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve properties for game sessions in a fleet, including the protection policy", - "privilege": "DescribeGameSessionDetails", + "access_level": "Write", + "description": "Grants permission to delete a model version. You can delete models and model versions in Amazon Fraud Detector, provided that they are not associated with a detector version", + "privilege": "DeleteModelVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "model-version*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve details of a game session placement request", - "privilege": "DescribeGameSessionPlacement", + "access_level": "Write", + "description": "Grants permission to delete an outcome. You cannot delete an outcome that is used in a rule version", + "privilege": "DeleteOutcome", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "outcome*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve properties for game session queues", - "privilege": "DescribeGameSessionQueues", + "access_level": "Write", + "description": "Grants permission to delete the rule. You cannot delete a rule if it is used by an ACTIVE or INACTIVE detector version", + "privilege": "DeleteRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "rule*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve properties for game sessions in a fleet", - "privilege": "DescribeGameSessions", + "access_level": "Write", + "description": "Grants permission to delete a variable. You cannot delete variables that are included in an event type in Amazon Fraud Detector", + "privilege": "DeleteVariable", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "variable*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve information about instances in a managed fleet", - "privilege": "DescribeInstances", + "description": "Grants permission to get all versions for a specified detector", + "privilege": "DescribeDetector", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "containerFleet" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "fleet" + "resource_type": "detector*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve details of matchmaking tickets", - "privilege": "DescribeMatchmaking", + "description": "Grants permission to get all of the model versions for the specified model type or for the specified model type and model ID. You can also get details for a single, specified model version", + "privilege": "DescribeModelVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "model-version" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve properties for FlexMatch matchmakers", - "privilege": "DescribeMatchmakingConfigurations", + "description": "Grants permission to get the data validation report of a specific batch import job", + "privilege": "GetBatchImportJobValidationReport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "batch-import*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve properties for FlexMatch matchmaking rule sets", - "privilege": "DescribeMatchmakingRuleSets", + "access_level": "List", + "description": "Grants permission to get all batch import jobs or a specific job if you specify a job ID", + "privilege": "GetBatchImportJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "batch-import" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve properties for player sessions in a game session", - "privilege": "DescribePlayerSessions", + "access_level": "List", + "description": "Grants permission to get all batch prediction jobs or a specific job if you specify a job ID. This is a paginated API. If you provide a null maxResults, this action retrieves a maximum of 50 records per page. If you provide a maxResults, the value must be between 1 and 50. To get the next page results, provide the pagination token from the GetBatchPredictionJobsResponse as part of your request. A null pagination token fetches the records from the beginning", + "privilege": "GetBatchPredictionJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "batch-prediction" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the current runtime configuration for a fleet", - "privilege": "DescribeRuntimeConfiguration", + "description": "Grants permission to get a specific event type DeleteEventsByEventType API execution status", + "privilege": "GetDeleteEventsByEventTypeStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet*" + "resource_type": "event-type*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve all scaling policies that are applied to a fleet", - "privilege": "DescribeScalingPolicies", + "description": "Grants permission to get a particular detector version", + "privilege": "GetDetectorVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "containerFleet" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "fleet" + "resource_type": "detector-version*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve properties for a Realtime Servers script", - "privilege": "DescribeScript", + "access_level": "List", + "description": "Grants permission to get all detectors or a single detector if a detectorId is specified. This is a paginated API. If you provide a null maxResults, this action retrieves a maximum of 10 records per page. If you provide a maxResults, the value must be between 5 and 10. To get the next page results, provide the pagination token from the GetDetectorsResponse as part of your request. A null pagination token fetches the records from the beginning", + "privilege": "GetDetectors", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "script*" + "resource_type": "detector" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve valid VPC peering authorizations", - "privilege": "DescribeVpcPeeringAuthorizations", + "access_level": "List", + "description": "Grants permission to get all entity types or a specific entity type if a name is specified. This is a paginated API. If you provide a null maxResults, this action retrieves a maximum of 10 records per page. If you provide a maxResults, the value must be between 5 and 10. To get the next page results, provide the pagination token from the GetEntityTypesResponse as part of your request. A null pagination token fetches the records from the beginning", + "privilege": "GetEntityTypes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "entity-type" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve details on active or pending VPC peering connections", - "privilege": "DescribeVpcPeeringConnections", + "description": "Grants permission to get the details of the specified event", + "privilege": "GetEvent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "event-type*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve credentials to remotely access a compute in a managed fleet", - "privilege": "GetComputeAccess", + "description": "Grants permission to evaluate an event against a detector version. If a version ID is not provided, the detector's (ACTIVE) version is used", + "privilege": "GetEventPrediction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "containerFleet" + "resource_type": "detector*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet" + "resource_type": "detector-version*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "event-type*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve an authentication token that allows processes on a compute to send requests to the Amazon GameLift service", - "privilege": "GetComputeAuthToken", + "description": "Grants permission to get more details of a particular prediction", + "privilege": "GetEventPredictionMetadata", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "containerFleet" + "resource_type": "detector*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet" + "resource_type": "detector-version*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "event-type*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the location of stored logs for a game session", - "privilege": "GetGameSessionLogUrl", + "access_level": "List", + "description": "Grants permission to get all event types or a specific event type if name is provided. This is a paginated API. If you provide a null maxResults, this action retrieves a maximum of 10 records per page. If you provide a maxResults, the value must be between 5 and 10. To get the next page results, provide the pagination token from the GetEventTypesResponse as part of your request. A null pagination token fetches the records from the beginning", + "privilege": "GetEventTypes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "event-type" } ] }, { - "access_level": "Read", - "description": "Grants permission to request remote access to a specified fleet instance", - "privilege": "GetInstanceAccess", + "access_level": "List", + "description": "Grants permission to get the details for one or more Amazon SageMaker models that have been imported into the service. This is a paginated API. If you provide a null maxResults, this actions retrieves a maximum of 10 records per page. If you provide a maxResults, the value must be between 5 and 10. To get the next page results, provide the pagination token from the GetExternalModelsResult as part of your request. A null pagination token fetches the records from the beginning", + "privilege": "GetExternalModels", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet*" + "resource_type": "external-model" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve all aliases that are defined in the current Region", - "privilege": "ListAliases", + "access_level": "Read", + "description": "Grants permission to get the encryption key if a Key Management Service (KMS) customer master key (CMK) has been specified to be used to encrypt content in Amazon Fraud Detector", + "privilege": "GetKMSEncryptionKey", "resource_types": [ { "condition_keys": [], @@ -140842,287 +144480,253 @@ }, { "access_level": "List", - "description": "Grants permission to retrieve all game build in the current Region", - "privilege": "ListBuilds", + "description": "Grants permission to get all labels or a specific label if name is provided. This is a paginated API. If you provide a null maxResults, this action retrieves a maximum of 50 records per page. If you provide a maxResults, the value must be between 10 and 50. To get the next page results, provide the pagination token from the GetGetLabelsResponse as part of your request. A null pagination token fetches the records from the beginning", + "privilege": "GetLabels", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "label" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve all compute resources in the current Region", - "privilege": "ListCompute", + "access_level": "Read", + "description": "Grants permission to get elements of a list", + "privilege": "GetListElements", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "containerFleet" + "resource_type": "list*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "fleet" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve the properties of all existing container fleets in the current Region", - "privilege": "ListContainerFleets", + "description": "Grants permission to get metadata about lists", + "privilege": "GetListsMetadata", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "list" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve the properties of all versions of an existing container group definition", - "privilege": "ListContainerGroupDefinitionVersions", + "access_level": "Read", + "description": "Grants permission to get the details of the specified model version", + "privilege": "GetModelVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "containerGroupDefinition*" + "resource_type": "model-version*" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve the properties of all existing container group definitions in the current Region", - "privilege": "ListContainerGroupDefinitions", + "description": "Grants permission to get one or more models. Gets all models for the AWS account if no model type and no model id provided. Gets all models for the AWS account and model type, if the model type is specified but model id is not provided. Gets a specific model if (model type, model id) tuple is specified", + "privilege": "GetModels", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "model" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve the properties of all existing fleet deployments in the current Region", - "privilege": "ListFleetDeployments", + "description": "Grants permission to get one or more outcomes. This is a paginated API. If you provide a null maxResults, this actions retrieves a maximum of 100 records per page. If you provide a maxResults, the value must be between 50 and 100. To get the next page results, provide the pagination token from the GetOutcomesResult as part of your request. A null pagination token fetches the records from the beginning", + "privilege": "GetOutcomes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "outcome" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve a list of fleet IDs for all fleets in the current Region", - "privilege": "ListFleets", + "description": "Grants permission to get all rules for a detector (paginated) if ruleId and ruleVersion are not specified. Gets all rules for the detector and the ruleId if present (paginated). Gets a specific rule if both the ruleId and the ruleVersion are specified", + "privilege": "GetRules", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "rule" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve all game server groups that are defined in the current Region", - "privilege": "ListGameServerGroups", + "description": "Grants permission to get all of the variables or the specific variable. This is a paginated API. Providing null maxSizePerPage results in retrieving maximum of 100 records per page. If you provide maxSizePerPage the value must be between 50 and 100. To get the next page result, a provide a pagination token from GetVariablesResult as part of your request. Null pagination token fetches the records from the beginning", + "privilege": "GetVariables", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "variable" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve all game servers that are currently running in a game server group", - "privilege": "ListGameServers", + "description": "Grants permission to get a list of past predictions", + "privilege": "ListEventPredictions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "gameServerGroup*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to retrieve all locations in this account", - "privilege": "ListLocations", - "resource_types": [ + "resource_type": "detector" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to retrieve properties for all Realtime Servers scripts in the current region", - "privilege": "ListScripts", - "resource_types": [ + "resource_type": "detector-version" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "event-type" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve tags for GameLift resources", + "description": "Grants permission to list all tags associated with the resource. This is a paginated API. To get the next page results, provide the pagination token from the response as part of your request. A null pagination token fetches the records from the beginning", "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alias" + "resource_type": "batch-import" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "build" + "resource_type": "batch-prediction" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "containerFleet" + "resource_type": "detector" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "containerGroupDefinition" + "resource_type": "detector-version" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet" + "resource_type": "entity-type" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "gameServerGroup" + "resource_type": "event-type" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "gameSessionQueue" + "resource_type": "external-model" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "location" + "resource_type": "label" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "matchmakingConfiguration" + "resource_type": "list" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "matchmakingRuleSet" + "resource_type": "model" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "script" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create or update a fleet auto-scaling policy", - "privilege": "PutScalingPolicy", - "resource_types": [ + "resource_type": "model-version" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "containerFleet" + "resource_type": "outcome" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to register a compute against a fleet", - "privilege": "RegisterCompute", - "resource_types": [ + "resource_type": "rule" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet*" + "resource_type": "variable" } ] }, { "access_level": "Write", - "description": "Grants permission to notify GameLift FleetIQ when a new game server is ready to host gameplay", - "privilege": "RegisterGameServer", + "description": "Grants permission to create or update a detector", + "privilege": "PutDetector", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "gameServerGroup*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve fresh upload credentials to use when uploading a new game build", - "privilege": "RequestUploadCredentials", - "resource_types": [ + "resource_type": "detector*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "build*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve the fleet ID associated with an alias", - "privilege": "ResolveAlias", - "resource_types": [ + "resource_type": "event-type*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "alias*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to reinstate suspended FleetIQ activity for a game server group", - "privilege": "ResumeGameServerGroup", + "description": "Grants permission to create or update an entity type. An entity represents who is performing the event. As part of a fraud prediction, you pass the entity ID to indicate the specific entity who performed the event. An entity type classifies the entity. Example classifications include customer, merchant, or account", + "privilege": "PutEntityType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "gameServerGroup*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve game sessions that match a set of search criteria", - "privilege": "SearchGameSessions", - "resource_types": [ + "resource_type": "entity-type*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -141130,49 +144734,53 @@ }, { "access_level": "Write", - "description": "Grants permission to resume auto-scaling activity on a fleet after it was suspended with StopFleetActions()", - "privilege": "StartFleetActions", + "description": "Grants permission to create or update an event type. An event is a business activity that is evaluated for fraud risk. With Amazon Fraud Detector, you generate fraud predictions for events. An event type defines the structure for an event sent to Amazon Fraud Detector. This includes the variables sent as part of the event, the entity performing the event (such as a customer), and the labels that classify the event. Example event types include online payment transactions, account registrations, and authentications", + "privilege": "PutEventType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "containerFleet" + "resource_type": "event-type*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "fleet" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to send a game session placement request to a game session queue", - "privilege": "StartGameSessionPlacement", + "description": "Grants permission to create or update an Amazon SageMaker model endpoint. You can also use this action to update the configuration of the model endpoint, including the IAM role and/or the mapped variables", + "privilege": "PutExternalModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "gameSessionQueue*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to request FlexMatch matchmaking to fill available player slots in an existing game session", - "privilege": "StartMatchBackfill", - "resource_types": [ + "resource_type": "event-type*" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "external-model*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to request FlexMatch matchmaking for one or a group of players and initiate game session placement", - "privilege": "StartMatchmaking", + "description": "Grants permission to specify the Key Management Service (KMS) customer master key (CMK) to be used to encrypt content in Amazon Fraud Detector", + "privilege": "PutKMSEncryptionKey", "resource_types": [ { "condition_keys": [], @@ -141183,40 +144791,39 @@ }, { "access_level": "Write", - "description": "Grants permission to suspend auto-scaling activity on a fleet", - "privilege": "StopFleetActions", + "description": "Grants permission to create or update label. A label classifies an event as fraudulent or legitimate. Labels are associated with event types and used to train supervised machine learning models in Amazon Fraud Detector", + "privilege": "PutLabel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "containerFleet" + "resource_type": "label*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "fleet" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to cancel a game session placement request that is in progress", - "privilege": "StopGameSessionPlacement", + "description": "Grants permission to create or update an outcome", + "privilege": "PutOutcome", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to cancel a matchmaking or match backfill request that is in progress", - "privilege": "StopMatchmaking", - "resource_types": [ + "resource_type": "outcome*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -141224,157 +144831,183 @@ }, { "access_level": "Write", - "description": "Grants permission to temporarily stop FleetIQ activity for a game server group", - "privilege": "SuspendGameServerGroup", + "description": "Grants permission to send event", + "privilege": "SendEvent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "gameServerGroup*" + "resource_type": "event-type*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Tagging", - "description": "Grants permission to tag GameLift resources", + "description": "Grants permission to assign tags to a resource", "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alias" + "resource_type": "batch-import" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "build" + "resource_type": "batch-prediction" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "containerFleet" + "resource_type": "detector" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "containerGroupDefinition" + "resource_type": "detector-version" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet" + "resource_type": "entity-type" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "gameServerGroup" + "resource_type": "event-type" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "gameSessionQueue" + "resource_type": "external-model" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "location" + "resource_type": "label" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "matchmakingConfiguration" + "resource_type": "list" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "matchmakingRuleSet" + "resource_type": "model" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "script" + "resource_type": "model-version" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to shut down an existing game session", - "privilege": "TerminateGameSession", - "resource_types": [ + "resource_type": "outcome" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "rule" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "variable" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Tagging", - "description": "Grants permission to untag GameLift resources", + "description": "Grants permission to remove tags from a resource", "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alias" + "resource_type": "batch-import" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "build" + "resource_type": "batch-prediction" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "containerFleet" + "resource_type": "detector" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "containerGroupDefinition" + "resource_type": "detector-version" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet" + "resource_type": "entity-type" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "gameServerGroup" + "resource_type": "event-type" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "gameSessionQueue" + "resource_type": "external-model" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "location" + "resource_type": "label" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "matchmakingConfiguration" + "resource_type": "list" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "matchmakingRuleSet" + "resource_type": "model" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "script" + "resource_type": "model-version" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "outcome" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rule" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "variable" }, { "condition_keys": [ @@ -141387,306 +145020,310 @@ }, { "access_level": "Write", - "description": "Grants permission to update the properties of an existing alias", - "privilege": "UpdateAlias", + "description": "Grants permission to update a detector version. The detector version attributes that you can update include models, external model endpoints, rules, rule execution mode, and description. You can only update a DRAFT detector version", + "privilege": "UpdateDetectorVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alias*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update an existing build's metadata", - "privilege": "UpdateBuild", - "resource_types": [ + "resource_type": "detector*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "build*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update an existing container fleet", - "privilege": "UpdateContainerFleet", - "resource_types": [ + "resource_type": "external-model" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "containerFleet*" + "resource_type": "model-version" } ] }, { "access_level": "Write", - "description": "Grants permission to update the properties of an existing container group definition", - "privilege": "UpdateContainerGroupDefinition", + "description": "Grants permission to update the detector version's description. You can update the metadata for any detector version (DRAFT, ACTIVE, or INACTIVE)", + "privilege": "UpdateDetectorVersionMetadata", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ecr:BatchGetImage", - "ecr:DescribeImages", - "ecr:GetAuthorizationToken", - "ecr:GetDownloadUrlForLayer" - ], - "resource_type": "containerGroupDefinition*" + "dependent_actions": [], + "resource_type": "detector-version*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the general properties of an existing fleet", - "privilege": "UpdateFleetAttributes", + "description": "Grants permission to update the detector version's status. You can perform the following promotions or demotions using UpdateDetectorVersionStatus: DRAFT to ACTIVE, ACTIVE to INACTIVE, and INACTIVE to ACTIVE", + "privilege": "UpdateDetectorVersionStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet*" + "resource_type": "detector-version*" } ] }, { "access_level": "Write", - "description": "Grants permission to adjust a managed fleet's capacity settings", - "privilege": "UpdateFleetCapacity", + "description": "Grants permission to update an existing event record's label value", + "privilege": "UpdateEventLabel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "containerFleet" + "resource_type": "event-type*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "fleet" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to adjust a fleet's port settings", - "privilege": "UpdateFleetPortSettings", + "description": "Grants permission to update a list", + "privilege": "UpdateList", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to change game server properties, health status, or utilization status", - "privilege": "UpdateGameServer", - "resource_types": [ + "resource_type": "list*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "gameServerGroup*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update properties for game server group, including allowed instance types", - "privilege": "UpdateGameServerGroup", + "description": "Grants permission to update a model. You can update the description attribute using this action", + "privilege": "UpdateModel", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:PassRole" - ], - "resource_type": "gameServerGroup*" + "dependent_actions": [], + "resource_type": "model*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the properties of an existing game session", - "privilege": "UpdateGameSession", + "description": "Grants permission to update a model version. Updating a model version retrains an existing model version using updated training data and produces a new minor version of the model. You can update the training data set location and data access role attributes using this action. This action creates and trains a new minor version of the model, for example version 1.01, 1.02, 1.03", + "privilege": "UpdateModelVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "model*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update properties of an existing game session queue", - "privilege": "UpdateGameSessionQueue", + "description": "Grants permission to update the status of a model version", + "privilege": "UpdateModelVersionStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "gameSessionQueue*" + "resource_type": "model-version*" } ] }, { "access_level": "Write", - "description": "Grants permission to update properties of an existing FlexMatch matchmaking configuration", - "privilege": "UpdateMatchmakingConfiguration", + "description": "Grants permission to update a rule's metadata. The description attribute can be updated", + "privilege": "UpdateRuleMetadata", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "matchmakingConfiguration*" + "resource_type": "rule*" } ] }, { "access_level": "Write", - "description": "Grants permission to update how server processes are configured on instances in an existing fleet", - "privilege": "UpdateRuntimeConfiguration", + "description": "Grants permission to update a rule version resulting in a new rule version. Updates a rule version resulting in a new rule version (version 1, 2, 3 ...)", + "privilege": "UpdateRuleVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update the metadata and content of an existing Realtime Servers script", - "privilege": "UpdateScript", - "resource_types": [ + "resource_type": "rule*" + }, { - "condition_keys": [], - "dependent_actions": [ - "iam:PassRole", - "s3:GetObject" + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], - "resource_type": "script*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to validate the syntax of a FlexMatch matchmaking rule set", - "privilege": "ValidateMatchmakingRuleSet", + "access_level": "Write", + "description": "Grants permission to update a variable", + "privilege": "UpdateVariable", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "variable*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:gamelift:${Region}::alias/${AliasId}", + "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:batch-prediction/${ResourcePath}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "alias" + "resource": "batch-prediction" }, { - "arn": "arn:${Partition}:gamelift:${Region}:${Account}:build/${BuildId}", + "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:detector/${ResourcePath}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "build" + "resource": "detector" }, { - "arn": "arn:${Partition}:gamelift:${Region}:${Account}:containergroupdefinition/${Name}", + "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:detector-version/${ResourcePath}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "containerGroupDefinition" + "resource": "detector-version" }, { - "arn": "arn:${Partition}:gamelift:${Region}:${Account}:containerfleet/${FleetId}", + "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:entity-type/${ResourcePath}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "containerFleet" + "resource": "entity-type" }, { - "arn": "arn:${Partition}:gamelift:${Region}:${Account}:fleet/${FleetId}", + "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:external-model/${ResourcePath}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "fleet" + "resource": "external-model" }, { - "arn": "arn:${Partition}:gamelift:${Region}:${Account}:gameservergroup/${GameServerGroupName}", + "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:event-type/${ResourcePath}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "gameServerGroup" + "resource": "event-type" }, { - "arn": "arn:${Partition}:gamelift:${Region}:${Account}:gamesessionqueue/${GameSessionQueueName}", + "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:label/${ResourcePath}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "gameSessionQueue" + "resource": "label" }, { - "arn": "arn:${Partition}:gamelift:${Region}:${Account}:location/${LocationId}", + "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:model/${ResourcePath}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "location" + "resource": "model" }, { - "arn": "arn:${Partition}:gamelift:${Region}:${Account}:matchmakingconfiguration/${MatchmakingConfigurationName}", + "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:model-version/${ResourcePath}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "matchmakingConfiguration" + "resource": "model-version" }, { - "arn": "arn:${Partition}:gamelift:${Region}:${Account}:matchmakingruleset/${MatchmakingRuleSetName}", + "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:outcome/${ResourcePath}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "matchmakingRuleSet" + "resource": "outcome" }, { - "arn": "arn:${Partition}:gamelift:${Region}:${Account}:script/${ScriptId}", + "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:rule/${ResourcePath}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "script" + "resource": "rule" + }, + { + "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:variable/${ResourcePath}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "variable" + }, + { + "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:batch-import/${ResourcePath}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "batch-import" + }, + { + "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:list/${ResourcePath}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "list" } ], - "service_name": "Amazon GameLift" + "service_name": "Amazon Fraud Detector" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the tags that are passed in the request", + "description": "Filters access by tag key present in the request that the user makes to Amazon FreeRTOS", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on the tags associated with the resource", + "description": "Filters access by tag key component attached to an Amazon FreeRTOS resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters actions based on the tag keys that are passed in the request", + "description": "Filters access by the list of all the tag key names associated with the resource in the request", "type": "ArrayOfString" } ], - "prefix": "gamesparks", + "prefix": "freertos", "privileges": [ { "access_level": "Write", - "description": "Grants permission to create a game", - "privilege": "CreateGame", + "description": "Grants permission to create a software configuration", + "privilege": "CreateSoftwareConfiguration", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configuration*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -141699,14 +145336,9 @@ }, { "access_level": "Write", - "description": "Grants permission to create a snapshot of a game", - "privilege": "CreateSnapshot", + "description": "Grants permission to create a subscription for FreeRTOS extended maintenance plan (EMP)", + "privilege": "CreateSubscription", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "game*" - }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -141719,333 +145351,319 @@ }, { "access_level": "Write", - "description": "Grants permission to create a stage in a game", - "privilege": "CreateStage", + "description": "Grants permission to delete the software configuration", + "privilege": "DeleteSoftwareConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "game*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "configuration*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a game", - "privilege": "DeleteGame", + "access_level": "Read", + "description": "Grants permission to describe the hardware platform", + "privilege": "DescribeHardwarePlatform", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "game*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a stage from a game", - "privilege": "DeleteStage", + "access_level": "Read", + "description": "Grants permission to describe the software configuration", + "privilege": "DescribeSoftwareConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "game*" - }, + "resource_type": "configuration*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describes the subscription for FreeRTOS extended maintenance plan (EMP)", + "privilege": "DescribeSubscription", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stage*" - }, + "resource_type": "subscription*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get URL for sotware patch-release, patch-diff and release notes under FreeRTOS extended maintenance plan (EMP)", + "privilege": "GetEmpPatchUrl", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to disconnect a player from the game runtime", - "privilege": "DisconnectPlayer", + "access_level": "Read", + "description": "Grants permission to get the URL for Amazon FreeRTOS software download", + "privilege": "GetSoftwareURL", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "game*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the URL for Amazon FreeRTOS software download based on the configuration", + "privilege": "GetSoftwareURLForConfiguration", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stage*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to fetch the subscription billing amount for FreeRTOS extended maintenance plan (EMP)", + "privilege": "GetSubscriptionBillingAmount", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to export a snapshot of the game configuration", - "privilege": "ExportSnapshot", + "access_level": "List", + "description": "Grants permission to lists versions of AmazonFreeRTOS", + "privilege": "ListFreeRTOSVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "game*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the hardware platforms", + "privilege": "ListHardwarePlatforms", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details about an extension", - "privilege": "GetExtension", + "access_level": "List", + "description": "Grants permission to list the hardware vendors", + "privilege": "ListHardwareVendors", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details about an extension version", - "privilege": "GetExtensionVersion", + "access_level": "List", + "description": "Grants permission to lists the software configurations", + "privilege": "ListSoftwareConfigurations", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details about a game", - "privilege": "GetGame", + "access_level": "List", + "description": "Grants permission to list software patches of subscription for FreeRTOS extended maintenance plan (EMP)", + "privilege": "ListSoftwarePatches", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "game*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the subscription emails for FreeRTOS extended maintenance plan (EMP)", + "privilege": "ListSubscriptionEmails", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the configuration for the game", - "privilege": "GetGameConfiguration", + "access_level": "List", + "description": "Grants permission to list the subscriptions for FreeRTOS extended maintenance plan (EMP)", + "privilege": "ListSubscriptions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "game*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update list of subscription email address for FreeRTOS extended maintenance plan (EMP)", + "privilege": "UpdateEmailRecipients", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details about a job that is generating code for a snapshot", - "privilege": "GetGeneratedCodeJob", + "access_level": "Write", + "description": "Grants permission to update the software configuration", + "privilege": "UpdateSoftwareConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "game*" - }, + "resource_type": "configuration*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to verify the email for FreeRTOS extended maintenance plan (EMP)", + "privilege": "VerifyEmail", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:freertos:${Region}:${Account}:configuration/${ConfigurationName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "configuration" }, + { + "arn": "arn:${Partition}:freertos:${Region}:${Account}:subscription/${SubscriptionID}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "subscription" + } + ], + "service_name": "Amazon FreeRTOS" + }, + { + "conditions": [], + "prefix": "freetier", + "privileges": [ { "access_level": "Read", - "description": "Grants permission to get the status of a player connection", - "privilege": "GetPlayerConnectionStatus", + "description": "Grants permission to get a specific activity record", + "privilege": "GetAccountActivity", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "game*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "stage*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get a snapshot of the game", - "privilege": "GetSnapshot", + "description": "Grants permission to get all of the information related to the state of the account plan related to Free Tier", + "privilege": "GetAccountPlanState", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "game*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to gets information about a stage", - "privilege": "GetStage", + "description": "Grants permission to get free tier alert preference (email address)", + "privilege": "GetFreeTierAlertPreference", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "game*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "stage*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get information about a stage deployment", - "privilege": "GetStageDeployment", + "description": "Grants permission to get free tier usage limits and MTD usage status", + "privilege": "GetFreeTierUsage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "game*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "stage*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to import a snapshot of a game configuration", - "privilege": "ImportGameConfiguration", + "access_level": "List", + "description": "Grants permission to list available activities", + "privilege": "ListAccountActivities", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "game*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to invoke backend services for a specific game", - "privilege": "InvokeBackend", + "description": "Grants permission to set free tier alert preference (email address)", + "privilege": "PutFreeTierAlertPreference", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "game*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "stage*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the extension versions", - "privilege": "ListExtensionVersions", + "access_level": "Write", + "description": "Grants permission to trigger an upgrade of account plan", + "privilege": "UpgradeAccountPlan", "resource_types": [ { "condition_keys": [], @@ -142053,106 +145671,125 @@ "resource_type": "" } ] + } + ], + "resources": [], + "service_name": "AWS Free Tier" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" }, { - "access_level": "List", - "description": "Grants permission to list the extensions", - "privilege": "ListExtensions", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" }, { - "access_level": "List", - "description": "Grants permission to list the games", - "privilege": "ListGames", + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + }, + { + "condition": "fsx:IsBackupCopyDestination", + "description": "Filters access by whether the backup is a destination backup for a CopyBackup operation", + "type": "Bool" + }, + { + "condition": "fsx:IsBackupCopySource", + "description": "Filters access by whether the backup is a source backup for a CopyBackup operation", + "type": "Bool" + }, + { + "condition": "fsx:NfsDataRepositoryAuthenticationEnabled", + "description": "Filters access by NFS data repositories which support authentication", + "type": "Bool" + }, + { + "condition": "fsx:NfsDataRepositoryEncryptionInTransitEnabled", + "description": "Filters access by NFS data repositories which support encryption-in-transit", + "type": "Bool" + }, + { + "condition": "fsx:ParentVolumeId", + "description": "Filters access by the containing parent volume for mutating volume operations", + "type": "String" + }, + { + "condition": "fsx:StorageVirtualMachineId", + "description": "Filters access by the containing storage virtual machine for a volume for mutating volume operations", + "type": "String" + } + ], + "prefix": "fsx", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to associate a File Gateway instance with an Amazon FSx for Windows File Server file system", + "privilege": "AssociateFileGateway", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "file-system*" } ] }, { - "access_level": "List", - "description": "Grants permission to get a list of code generation jobs for a snapshot", - "privilege": "ListGeneratedCodeJobs", + "access_level": "Write", + "description": "Grants permission to associate DNS aliases with an Amazon FSx for Windows File Server file system", + "privilege": "AssociateFileSystemAliases", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "game*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "file-system*" } ] }, { - "access_level": "List", - "description": "Grants permission to get a list of snapshot summaries for a game", - "privilege": "ListSnapshots", + "access_level": "Permissions management", + "description": "Grants permission to allow deletion of an FSx for ONTAP SnapLock Enterprise volume that contains WORM (write once, read many) files with active retention periods", + "privilege": "BypassSnaplockEnterpriseRetention", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "game*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "volume*" } ] }, { - "access_level": "List", - "description": "Grants permission to get a list of stage deployment summaries for a game", - "privilege": "ListStageDeployments", + "access_level": "Write", + "description": "Grants permission to cancel a data repository task", + "privilege": "CancelDataRepositoryTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "game*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "stage*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "task*" } ] }, { - "access_level": "List", - "description": "Grants permission to get a list of stage summaries for a game", - "privilege": "ListStages", + "access_level": "Write", + "description": "Grants permission to copy a backup", + "privilege": "CopyBackup", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "game*" + "dependent_actions": [ + "fsx:TagResource" + ], + "resource_type": "backup*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -142160,59 +145797,64 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list the tags associated with a resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to update an existing volume by using a snapshot from another Amazon FSx for OpenZFS file system", + "privilege": "CopySnapshotAndUpdateVolume", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "game" + "resource_type": "snapshot*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "stage" + "resource_type": "volume*" } ] }, { "access_level": "Write", - "description": "Grants permission to start an asynchronous process that generates client code for system-defined and custom messages", - "privilege": "StartGeneratedCodeJob", + "description": "Grants permission to create and attach a S3 Access Point to a FSx File System", + "privilege": "CreateAndAttachS3AccessPoint", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "game*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}" + "dependent_actions": [ + "s3:CreateAccessPoint", + "s3:GetAccessPoint", + "s3:PutAccessPointPolicy" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "volume" } ] }, { "access_level": "Write", - "description": "Grants permission to deploy a snapshot to a stage and creates a new game runtime", - "privilege": "StartStageDeployment", + "description": "Grants permission to create a new backup of an Amazon FSx file system or an Amazon FSx volume", + "privilege": "CreateBackup", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "fsx:TagResource" + ], + "resource_type": "backup*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "game*" + "resource_type": "file-system" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "stage*" + "resource_type": "volume" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -142220,19 +145862,24 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to adds tags to a resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to create a new data respository association for an Amazon FSx for Lustre file system", + "privilege": "CreateDataRepositoryAssociation", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "game" + "condition_keys": [ + "fsx:NfsDataRepositoryAuthenticationEnabled", + "fsx:NfsDataRepositoryEncryptionInTransitEnabled" + ], + "dependent_actions": [ + "fsx:TagResource" + ], + "resource_type": "association*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "stage" + "resource_type": "file-system*" }, { "condition_keys": [ @@ -142245,19 +145892,21 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from a resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to create a new data respository task for an Amazon FSx for Lustre file system", + "privilege": "CreateDataRepositoryTask", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "game" + "dependent_actions": [ + "fsx:TagResource" + ], + "resource_type": "file-system*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "stage" + "resource_type": "task*" }, { "condition_keys": [ @@ -142271,36 +145920,37 @@ }, { "access_level": "Write", - "description": "Grants permission to change the metadata of a game", - "privilege": "UpdateGame", + "description": "Grants permission to create a new, empty, Amazon file cache", + "privilege": "CreateFileCache", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "game*" + "dependent_actions": [ + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:GetSecurityGroupsForVpc", + "fsx:CreateDataRepositoryAssociation", + "fsx:TagResource", + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents", + "s3:ListBucket" + ], + "resource_type": "file-cache*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}" + "fsx:NfsDataRepositoryEncryptionInTransitEnabled", + "fsx:NfsDataRepositoryAuthenticationEnabled" ], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to change the working copy of the game configuration", - "privilege": "UpdateGameConfiguration", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "game*" + "resource_type": "association" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -142309,17 +145959,21 @@ }, { "access_level": "Write", - "description": "Grants permission to update the metadata of a snapshot", - "privilege": "UpdateSnapshot", + "description": "Grants permission to create a new, empty, Amazon FSx file system", + "privilege": "CreateFileSystem", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "game*" + "dependent_actions": [ + "ec2:GetSecurityGroupsForVpc", + "fsx:TagResource" + ], + "resource_type": "file-system*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -142328,102 +145982,53 @@ }, { "access_level": "Write", - "description": "Grants permission to update the metadata of a stage", - "privilege": "UpdateStage", + "description": "Grants permission to create a new Amazon FSx file system from an existing backup", + "privilege": "CreateFileSystemFromBackup", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "game*" + "dependent_actions": [ + "ec2:GetSecurityGroupsForVpc", + "fsx:TagResource" + ], + "resource_type": "backup*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "stage*" + "resource_type": "file-system*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:gamesparks:${Region}:${Account}:game/${GameId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "game" - }, - { - "arn": "arn:${Partition}:gamesparks:${Region}:${Account}:game/${GameId}/stage/${StageName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "stage" - } - ], - "service_name": "Amazon GameSparks" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by a tag's key and value in a request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys in a request", - "type": "ArrayOfString" - }, - { - "condition": "geo:DeviceIds", - "description": "Filters access by the presence of device ids in the request", - "type": "ArrayOfString" }, - { - "condition": "geo:GeofenceIds", - "description": "Filters access by the presence of geofence ids in the request", - "type": "ArrayOfString" - } - ], - "prefix": "geo", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to create an association between a geofence-collection and a tracker resource", - "privilege": "AssociateTrackerConsumer", + "description": "Grants permission to create a new snapshot on a volume", + "privilege": "CreateSnapshot", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "tracker*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a batch of device position histories from a tracker resource", - "privilege": "BatchDeleteDevicePositionHistory", - "resource_types": [ + "dependent_actions": [ + "fsx:TagResource" + ], + "resource_type": "snapshot*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "tracker*" + "resource_type": "volume*" }, { "condition_keys": [ - "geo:DeviceIds" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -142432,17 +146037,25 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a batch of geofences from a geofence collection", - "privilege": "BatchDeleteGeofence", + "description": "Grants permission to create a new storage virtual machine in an Amazon FSx for Ontap file system", + "privilege": "CreateStorageVirtualMachine", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "fsx:TagResource" + ], + "resource_type": "file-system*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "geofence-collection*" + "resource_type": "storage-virtual-machine*" }, { "condition_keys": [ - "geo:GeofenceIds" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -142451,29 +146064,27 @@ }, { "access_level": "Write", - "description": "Grants permission to evaluate device positions against the position of geofences in a given geofence collection", - "privilege": "BatchEvaluateGeofences", + "description": "Grants permission to create a new volume", + "privilege": "CreateVolume", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "geofence-collection*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to send a batch request to retrieve device positions", - "privilege": "BatchGetDevicePosition", - "resource_types": [ + "dependent_actions": [ + "fsx:TagResource" + ], + "resource_type": "volume*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "tracker*" + "resource_type": "snapshot" }, { "condition_keys": [ - "geo:DeviceIds" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "fsx:StorageVirtualMachineId", + "fsx:ParentVolumeId" ], "dependent_actions": [], "resource_type": "" @@ -142482,36 +146093,31 @@ }, { "access_level": "Write", - "description": "Grants permission to send a batch request for adding geofences into a given geofence collection", - "privilege": "BatchPutGeofence", + "description": "Grants permission to create a new volume from backup", + "privilege": "CreateVolumeFromBackup", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "geofence-collection*" + "dependent_actions": [ + "fsx:TagResource" + ], + "resource_type": "backup*" }, { - "condition_keys": [ - "geo:GeofenceIds" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to upload a position update for one or more devices to a tracker resource", - "privilege": "BatchUpdateDevicePosition", - "resource_types": [ + "resource_type": "storage-virtual-machine*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "tracker*" + "resource_type": "volume*" }, { "condition_keys": [ - "geo:DeviceIds" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "fsx:StorageVirtualMachineId" ], "dependent_actions": [], "resource_type": "" @@ -142519,38 +146125,45 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to calculate routes using a given route calculator resource", - "privilege": "CalculateRoute", + "access_level": "Write", + "description": "Grants permission to delete a backup, deleting its contents. After deletion, the backup no longer exists, and its data is no longer available", + "privilege": "DeleteBackup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "route-calculator*" + "resource_type": "backup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to calculate a route matrix using a given route calculator resource", - "privilege": "CalculateRouteMatrix", + "access_level": "Write", + "description": "Grants permission to delete a data repository association", + "privilege": "DeleteDataRepositoryAssociation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "route-calculator*" + "resource_type": "association*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a geofence-collection", - "privilege": "CreateGeofenceCollection", + "description": "Grants permission to delete a file cache, deleting its contents", + "privilege": "DeleteFileCache", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "fsx:DeleteDataRepositoryAssociation" + ], + "resource_type": "file-cache*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "geofence-collection*" + "resource_type": "association" }, { "condition_keys": [ @@ -142564,13 +146177,21 @@ }, { "access_level": "Write", - "description": "Grants permission to create an API key resource", - "privilege": "CreateKey", + "description": "Grants permission to delete a file system, deleting its contents and any existing automatic backups of the file system", + "privilege": "DeleteFileSystem", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "fsx:CreateBackup", + "fsx:TagResource" + ], + "resource_type": "file-system*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "api-key*" + "resource_type": "backup" }, { "condition_keys": [ @@ -142583,79 +146204,64 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a map resource", - "privilege": "CreateMap", + "access_level": "Permissions management", + "description": "Grants permission to manage cross-account sharing of FSx volumes through AWS Resource Access Manager (RAM). PutResourcePolicy and GetResourcePolicy are also required", + "privilege": "DeleteResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "map*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "volume*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a place index resource", - "privilege": "CreatePlaceIndex", + "description": "Grants permission to delete a snapshot on a volume", + "privilege": "DeleteSnapshot", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "place-index*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "snapshot*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a route calculator resource", - "privilege": "CreateRouteCalculator", + "description": "Grants permission to delete a storage virtual machine, deleting its contents", + "privilege": "DeleteStorageVirtualMachine", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "route-calculator*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "storage-virtual-machine*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a tracker resource", - "privilege": "CreateTracker", + "description": "Grants permission to delete a volume, deleting its contents and any existing automatic backups of the volume", + "privilege": "DeleteVolume", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "fsx:TagResource" + ], + "resource_type": "volume*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "tracker*" + "resource_type": "backup" }, { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "fsx:StorageVirtualMachineId", + "fsx:ParentVolumeId" ], "dependent_actions": [], "resource_type": "" @@ -142663,1117 +146269,1225 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete a geofence-collection", - "privilege": "DeleteGeofenceCollection", + "access_level": "Read", + "description": "Grants permission to describe the File Gateway instances associated with an Amazon FSx for Windows File Server file system", + "privilege": "DescribeAssociatedFileGateways", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "geofence-collection*" + "resource_type": "file-system*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an API key resource", - "privilege": "DeleteKey", + "access_level": "Read", + "description": "Grants permission to return the descriptions of all backups owned by your AWS account in the AWS Region of the endpoint that you're calling", + "privilege": "DescribeBackups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "api-key*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a map resource", - "privilege": "DeleteMap", + "access_level": "Read", + "description": "Grants permission to return the descriptions of all data repository associations owned by your AWS account in the AWS Region of the endpoint that you're calling", + "privilege": "DescribeDataRepositoryAssociations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "map*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a place index resource", - "privilege": "DeletePlaceIndex", + "access_level": "Read", + "description": "Grants permission to return the descriptions of all data repository tasks owned by your AWS account in the AWS Region of the endpoint that you're calling", + "privilege": "DescribeDataRepositoryTasks", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "place-index*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a route calculator resource", - "privilege": "DeleteRouteCalculator", + "access_level": "Read", + "description": "Grants permission to return the descriptions of all file caches owned by your AWS account in the AWS Region of the endpoint that you're calling", + "privilege": "DescribeFileCaches", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "route-calculator*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a tracker resource", - "privilege": "DeleteTracker", + "access_level": "Read", + "description": "Grants permission to return the description of all DNS aliases owned by your Amazon FSx for Windows File Server file system", + "privilege": "DescribeFileSystemAliases", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "tracker*" + "resource_type": "file-system*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve geofence collection details", - "privilege": "DescribeGeofenceCollection", + "description": "Grants permission to return the descriptions of all file systems owned by your AWS account in the AWS Region of the endpoint that you're calling", + "privilege": "DescribeFileSystems", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "geofence-collection*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve API key resource details and secret", - "privilege": "DescribeKey", + "description": "Grants permission to return the descriptions of S3 Access Point Attachments", + "privilege": "DescribeS3AccessPointAttachments", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "api-key*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve map resource details", - "privilege": "DescribeMap", + "description": "Grants permission to return the descriptions of whether FSx route table updates from participant accounts are allowed in your account", + "privilege": "DescribeSharedVpcConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "map*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve place-index resource details", - "privilege": "DescribePlaceIndex", + "description": "Grants permission to return the descriptions of all snapshots owned by your AWS account in the AWS Region of the endpoint you're calling", + "privilege": "DescribeSnapshots", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "place-index*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve route calculator resource details", - "privilege": "DescribeRouteCalculator", + "description": "Grants permission to return the descriptions of all storage virtual machines owned by your AWS account in the AWS Region of the endpoint that you're calling", + "privilege": "DescribeStorageVirtualMachines", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "route-calculator*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve a tracker resource details", - "privilege": "DescribeTracker", + "description": "Grants permission to return the descriptions of all volumes owned by your AWS account in the AWS Region of the endpoint that you're calling", + "privilege": "DescribeVolumes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "tracker*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to remove the association between a tracker resource and a geofence-collection", - "privilege": "DisassociateTrackerConsumer", + "description": "Grants permission to detach an S3 Access Point from an Amazon FSx File System and delete the S3 Access Point", + "privilege": "DetachAndDeleteS3AccessPoint", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "tracker*" + "dependent_actions": [ + "s3:DeleteAccessPoint" + ], + "resource_type": "volume" } ] }, { - "access_level": "Read", - "description": "Grants permission to forecast events for geofences stored in a given geofence collection", - "privilege": "ForecastGeofenceEvents", + "access_level": "Write", + "description": "Grants permission to disassociate a File Gateway instance from an Amazon FSx for Windows File Server file system", + "privilege": "DisassociateFileGateway", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "geofence-collection*" + "resource_type": "file-system*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the latest device position", - "privilege": "GetDevicePosition", + "access_level": "Write", + "description": "Grants permission to disassociate file system aliases with an Amazon FSx for Windows File Server file system", + "privilege": "DisassociateFileSystemAliases", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "tracker*" - }, - { - "condition_keys": [ - "geo:DeviceIds" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "file-system*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the device position history", - "privilege": "GetDevicePositionHistory", + "access_level": "Permissions management", + "description": "Grants permission to manage cross-account sharing of FSx volumes through AWS Resource Access Manager (RAM). PutResourcePolicy and DeleteResourcePolicy are also required", + "privilege": "GetResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "tracker*" - }, - { - "condition_keys": [ - "geo:DeviceIds" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "volume*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the geofence details from a geofence-collection", - "privilege": "GetGeofence", + "description": "Grants permission to list tags for an Amazon FSx resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "geofence-collection*" + "resource_type": "association" }, { - "condition_keys": [ - "geo:GeofenceIds" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "backup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "file-cache" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "file-system" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "snapshot" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "storage-virtual-machine" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "task" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "volume" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the glyph file for a map resource", - "privilege": "GetMapGlyphs", + "access_level": "Permissions management", + "description": "Grants permission to manage backup principal associations through AWS Backup", + "privilege": "ManageBackupPrincipalAssociations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "map*" + "resource_type": "backup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the sprite file for a map resource", - "privilege": "GetMapSprites", + "access_level": "Permissions management", + "description": "Grants permission to manage cross-account sharing of FSx volumes through AWS Resource Access Manager (RAM). DeleteResourcePolicy and GetResourcePolicy are also required", + "privilege": "PutResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "map*" + "resource_type": "volume*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the map style descriptor from a map resource", - "privilege": "GetMapStyleDescriptor", + "access_level": "Write", + "description": "Grants permission to release file system NFS V3 locks", + "privilege": "ReleaseFileSystemNfsV3Locks", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "map*" + "resource_type": "file-system*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the map tile from the map resource", - "privilege": "GetMapTile", + "access_level": "Write", + "description": "Grants permission to restore volume state from a snapshot", + "privilege": "RestoreVolumeFromSnapshot", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "map*" + "resource_type": "snapshot*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "volume*" } ] }, { - "access_level": "Read", - "description": "Grants permission to find a place by its unique ID", - "privilege": "GetPlace", + "access_level": "Write", + "description": "Grants permission to start misconfigured state recovery", + "privilege": "StartMisconfiguredStateRecovery", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "place-index*" + "resource_type": "file-system*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a list of devices and their latest positions from the given tracker resource", - "privilege": "ListDevicePositions", + "access_level": "Tagging", + "description": "Grants permission to tag an Amazon FSx resource", + "privilege": "TagResource", "resource_types": [ + { + "condition_keys": [ + "fsx:NfsDataRepositoryAuthenticationEnabled", + "fsx:NfsDataRepositoryEncryptionInTransitEnabled" + ], + "dependent_actions": [], + "resource_type": "association" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "tracker*" + "resource_type": "backup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "file-cache" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "file-system" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "snapshot" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "storage-virtual-machine" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "task" + }, + { + "condition_keys": [ + "fsx:ParentVolumeId", + "fsx:StorageVirtualMachineId" + ], + "dependent_actions": [], + "resource_type": "volume" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to lists geofence-collections", - "privilege": "ListGeofenceCollections", + "access_level": "Tagging", + "description": "Grants permission to remove a tag from an Amazon FSx resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "geofence-collection*" + "resource_type": "association" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "backup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "file-cache" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "file-system" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "snapshot" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "storage-virtual-machine" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "task" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "volume" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list geofences stored in a given geofence collection", - "privilege": "ListGeofences", + "access_level": "Write", + "description": "Grants permission to update data repository association configuration", + "privilege": "UpdateDataRepositoryAssociation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "geofence-collection*" + "resource_type": "association*" } ] }, { - "access_level": "List", - "description": "Grants permission to list API key resources", - "privilege": "ListKeys", + "access_level": "Write", + "description": "Grants permission to update file cache configuration", + "privilege": "UpdateFileCache", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "api-key*" + "resource_type": "file-cache*" } ] }, { - "access_level": "List", - "description": "Grants permission to list map resources", - "privilege": "ListMaps", + "access_level": "Write", + "description": "Grants permission to update file system configuration", + "privilege": "UpdateFileSystem", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "map*" + "resource_type": "file-system*" } ] }, { - "access_level": "List", - "description": "Grants permission to return a list of place index resources", - "privilege": "ListPlaceIndexes", + "access_level": "Write", + "description": "Grants permission to enable or disable FSx route table updates from participant accounts in your account", + "privilege": "UpdateSharedVpcConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "place-index*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to return a list of route calculator resources", - "privilege": "ListRouteCalculators", + "access_level": "Write", + "description": "Grants permission to update snapshot configuration", + "privilege": "UpdateSnapshot", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "route-calculator*" + "resource_type": "snapshot*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list the tags (metadata) which you have assigned to the resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to update storage virtual machine configuration", + "privilege": "UpdateStorageVirtualMachine", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "api-key" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "geofence-collection" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "map" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "place-index" - }, + "resource_type": "storage-virtual-machine*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update volume configuration", + "privilege": "UpdateVolume", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "route-calculator" + "resource_type": "volume*" }, { - "condition_keys": [], + "condition_keys": [ + "fsx:StorageVirtualMachineId", + "fsx:ParentVolumeId" + ], "dependent_actions": [], - "resource_type": "tracker" + "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:fsx:${Region}:${Account}:file-system/${FileSystemId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "file-system" + }, + { + "arn": "arn:${Partition}:fsx:${Region}:${Account}:file-cache/${FileCacheId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "file-cache" + }, + { + "arn": "arn:${Partition}:fsx:${Region}:${Account}:backup/${BackupId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "backup" + }, + { + "arn": "arn:${Partition}:fsx:${Region}:${Account}:storage-virtual-machine/${FileSystemId}/${StorageVirtualMachineId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "storage-virtual-machine" + }, + { + "arn": "arn:${Partition}:fsx:${Region}:${Account}:task/${TaskId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "task" + }, + { + "arn": "arn:${Partition}:fsx:${Region}:${Account}:association/${FileSystemIdOrFileCacheId}/${DataRepositoryAssociationId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "association" + }, + { + "arn": "arn:${Partition}:fsx:${Region}:${Account}:volume/${FileSystemId}/${VolumeId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "volume" + }, + { + "arn": "arn:${Partition}:fsx:${Region}:${Account}:snapshot/${VolumeId}/${SnapshotId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "snapshot" + } + ], + "service_name": "Amazon FSx" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" }, { - "access_level": "Read", - "description": "Grants permission to retrieve a list of geofence collections currently associated to the given tracker resource", - "privilege": "ListTrackerConsumers", + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "gamelift", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to register player acceptance or rejection of a proposed FlexMatch match", + "privilege": "AcceptMatch", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "tracker*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to return a list of tracker resources", - "privilege": "ListTrackers", + "access_level": "Write", + "description": "Grants permission to locate and reserve a game server to host a new game session", + "privilege": "ClaimGameServer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "tracker*" + "resource_type": "gameServerGroup*" } ] }, { "access_level": "Write", - "description": "Grants permission to add a new geofence or update an existing geofence to a given geofence-collection", - "privilege": "PutGeofence", + "description": "Grants permission to define a new alias for a fleet", + "privilege": "CreateAlias", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "geofence-collection*" - }, { "condition_keys": [ - "geo:GeofenceIds" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "gamelift:TagResource" ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to reverse geocodes a given coordinate", - "privilege": "SearchPlaceIndexForPosition", + "access_level": "Write", + "description": "Grants permission to create a new game build using files stored in an Amazon S3 bucket", + "privilege": "CreateBuild", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "place-index*" + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "gamelift:TagResource", + "iam:PassRole", + "s3:GetObject" + ], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to generate suggestions for addresses and points of interest based on partial or misspelled free-form text", - "privilege": "SearchPlaceIndexForSuggestions", + "access_level": "Write", + "description": "Grants permission to create a new container fleet of computing resources to run your game servers", + "privilege": "CreateContainerFleet", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "place-index*" + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "ec2:DescribeAvailabilityZones", + "ec2:DescribeRegions", + "gamelift:TagResource", + "iam:PassRole" + ], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to geocode free-form text, such as an address, name, city or region", - "privilege": "SearchPlaceIndexForText", + "access_level": "Write", + "description": "Grants permission to create a new container group definition using images stored in an Amazon ECR repository", + "privilege": "CreateContainerGroupDefinition", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "place-index*" + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "ecr:BatchGetImage", + "ecr:DescribeImages", + "ecr:GetAuthorizationToken", + "ecr:GetDownloadUrlForLayer", + "gamelift:TagResource" + ], + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to adds to or modifies the tags of the given resource. Tags are metadata which can be used to manage a resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to create a new fleet of computing resources to run your game servers", + "privilege": "CreateFleet", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "api-key" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "geofence-collection" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "map" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "place-index" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "route-calculator" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "tracker" - }, { "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:DescribeAvailabilityZones", + "ec2:DescribeRegions", + "gamelift:TagResource", + "iam:PassRole" + ], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove the given tags (metadata) from the resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to specify additional locations for a fleet", + "privilege": "CreateFleetLocations", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "api-key" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "geofence-collection" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "map" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "place-index" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "route-calculator" + "dependent_actions": [ + "ec2:DescribeAvailabilityZones", + "ec2:DescribeRegions" + ], + "resource_type": "containerFleet" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "tracker" - }, + "resource_type": "fleet" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a new game server group, set up a corresponding Auto Scaling group, and launche instances to host game servers", + "privilege": "CreateGameServerGroup", + "resource_types": [ { "condition_keys": [ + "aws:RequestTag/${TagKey}", "aws:TagKeys" ], - "dependent_actions": [], + "dependent_actions": [ + "autoscaling:CreateAutoScalingGroup", + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:PutLifecycleHook", + "autoscaling:PutScalingPolicy", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeSubnets", + "events:PutRule", + "events:PutTargets", + "gamelift:TagResource", + "iam:PassRole" + ], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a geofence collection", - "privilege": "UpdateGeofenceCollection", + "description": "Grants permission to start a new game session on a specified fleet", + "privilege": "CreateGameSession", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "geofence-collection*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update an API key resource", - "privilege": "UpdateKey", + "description": "Grants permission to set up a new queue for processing game session placement requests", + "privilege": "CreateGameSessionQueue", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "api-key*" + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "gamelift:TagResource" + ], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a map resource", - "privilege": "UpdateMap", + "description": "Grants permission to define a new location for a fleet", + "privilege": "CreateLocation", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "map*" + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "gamelift:TagResource" + ], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a place index resource", - "privilege": "UpdatePlaceIndex", + "description": "Grants permission to create a new FlexMatch matchmaker", + "privilege": "CreateMatchmakingConfiguration", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "place-index*" + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "gamelift:TagResource" + ], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a route calculator resource", - "privilege": "UpdateRouteCalculator", + "description": "Grants permission to create a new matchmaking rule set for FlexMatch", + "privilege": "CreateMatchmakingRuleSet", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "route-calculator*" + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "gamelift:TagResource" + ], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a tracker resource", - "privilege": "UpdateTracker", + "description": "Grants permission to reserve an available game session slot for a player", + "privilege": "CreatePlayerSession", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "tracker*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to verify a device position", - "privilege": "VerifyDevicePosition", + "access_level": "Write", + "description": "Grants permission to reserve available game session slots for multiple players", + "privilege": "CreatePlayerSessions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "tracker*" - }, - { - "condition_keys": [ - "geo:DeviceIds" - ], - "dependent_actions": [], "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:geo:${Region}:${Account}:api-key/${KeyName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "api-key" - }, - { - "arn": "arn:${Partition}:geo:${Region}:${Account}:geofence-collection/${GeofenceCollectionName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "geo:GeofenceIds" - ], - "resource": "geofence-collection" - }, - { - "arn": "arn:${Partition}:geo:${Region}:${Account}:map/${MapName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "map" - }, - { - "arn": "arn:${Partition}:geo:${Region}:${Account}:place-index/${IndexName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "place-index" - }, - { - "arn": "arn:${Partition}:geo:${Region}:${Account}:route-calculator/${CalculatorName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "route-calculator" }, { - "arn": "arn:${Partition}:geo:${Region}:${Account}:tracker/${TrackerName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "geo:DeviceIds" - ], - "resource": "tracker" - } - ], - "service_name": "Amazon Location" - }, - { - "conditions": [], - "prefix": "geo-maps", - "privileges": [ - { - "access_level": "Read", - "description": "Grants permission to retrieve the static map", - "privilege": "GetStaticMap", + "access_level": "Write", + "description": "Grants permission to create a new Realtime Servers script", + "privilege": "CreateScript", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "provider*" + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "gamelift:TagResource", + "iam:PassRole", + "s3:GetObject" + ], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the map tile", - "privilege": "GetTile", + "access_level": "Write", + "description": "Grants permission to allow GameLift to create or delete a peering connection between a GameLift fleet VPC and a VPC on another AWS account", + "privilege": "CreateVpcPeeringAuthorization", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "provider*" + "dependent_actions": [ + "ec2:AcceptVpcPeeringConnection", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateRoute", + "ec2:DeleteRoute", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:RevokeSecurityGroupEgress", + "ec2:RevokeSecurityGroupIngress" + ], + "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:geo-maps:${Region}::provider/default", - "condition_keys": [], - "resource": "provider" - } - ], - "service_name": "Amazon Location Service Maps" - }, - { - "conditions": [], - "prefix": "geo-places", - "privileges": [ + }, { - "access_level": "Read", - "description": "Grants permission to autocomplete text input with potential places and addresses as the user types", - "privilege": "Autocomplete", + "access_level": "Write", + "description": "Grants permission to establish a peering connection between your GameLift fleet VPC and a VPC on another account", + "privilege": "CreateVpcPeeringConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "provider*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to geocode a textual address or place into geographic coordinates", - "privilege": "Geocode", + "access_level": "Write", + "description": "Grants permission to delete an alias", + "privilege": "DeleteAlias", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "provider*" + "resource_type": "alias*" } ] }, { - "access_level": "Read", - "description": "Grants permission to query a place by it's unqiue place ID", - "privilege": "GetPlace", + "access_level": "Write", + "description": "Grants permission to delete a game build", + "privilege": "DeleteBuild", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "provider*" + "resource_type": "build*" } ] }, { - "access_level": "Read", - "description": "Grants permission to convert geographic coordinates into a human-readable address or place", - "privilege": "ReverseGeocode", + "access_level": "Write", + "description": "Grants permission to delete a container fleet", + "privilege": "DeleteContainerFleet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "provider*" + "resource_type": "containerFleet*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve places near a position which match to a set of user defined restrictions such as category or food type offered by the place", - "privilege": "SearchNearby", + "access_level": "Write", + "description": "Grants permission to delete a container group definition", + "privilege": "DeleteContainerGroupDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "provider*" + "resource_type": "containerGroupDefinition*" } ] }, { - "access_level": "Read", - "description": "Grants permission to query for places using a single free-form text input", - "privilege": "SearchText", + "access_level": "Write", + "description": "Grants permission to delete an empty fleet", + "privilege": "DeleteFleet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "provider*" + "resource_type": "fleet*" } ] }, { - "access_level": "Read", - "description": "Grants permission to suggest potential places based on the user's input", - "privilege": "Suggest", + "access_level": "Write", + "description": "Grants permission to delete locations for a fleet", + "privilege": "DeleteFleetLocations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "provider*" + "resource_type": "containerFleet" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "fleet" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:geo-places:${Region}::provider/default", - "condition_keys": [], - "resource": "provider" - } - ], - "service_name": "Amazon Location Service Places" - }, - { - "conditions": [], - "prefix": "geo-routes", - "privileges": [ + }, { - "access_level": "Read", - "description": "Grants permission to determine destinations or service areas reachable within a specified time", - "privilege": "CalculateIsolines", + "access_level": "Write", + "description": "Grants permission to permanently delete a game server group and terminate FleetIQ activity for the corresponding Auto Scaling group", + "privilege": "DeleteGameServerGroup", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "provider*" + "dependent_actions": [ + "autoscaling:DeleteAutoScalingGroup", + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:ExitStandby", + "autoscaling:ResumeProcesses", + "autoscaling:SetInstanceProtection", + "autoscaling:UpdateAutoScalingGroup" + ], + "resource_type": "gameServerGroup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to calculate routing matrice which providing travel time and distances between sets of origins and destinations", - "privilege": "CalculateRouteMatrix", + "access_level": "Write", + "description": "Grants permission to delete an existing game session queue", + "privilege": "DeleteGameSessionQueue", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "provider*" + "resource_type": "gameSessionQueue*" } ] }, { - "access_level": "Read", - "description": "Grants permission to calculates routes between two or more locations", - "privilege": "CalculateRoutes", + "access_level": "Write", + "description": "Grants permission to delete a location", + "privilege": "DeleteLocation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "provider*" + "resource_type": "location*" } ] }, { - "access_level": "Read", - "description": "Grants permission to calculate the most efficient sequence for visiting multiple waypoints or locations along a route", - "privilege": "OptimizeWaypoints", + "access_level": "Write", + "description": "Grants permission to delete an existing FlexMatch matchmaker", + "privilege": "DeleteMatchmakingConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "provider*" + "resource_type": "matchmakingConfiguration*" } ] }, { - "access_level": "Read", - "description": "Grants permission to enhances the accuracy of geographic positioning by aligning GPS coordinates to the nearest road segments on a digital map", - "privilege": "SnapToRoads", + "access_level": "Write", + "description": "Grants permission to delete an existing FlexMatch matchmaking rule set", + "privilege": "DeleteMatchmakingRuleSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "provider*" + "resource_type": "matchmakingRuleSet*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:geo-routes:${Region}::provider/default", - "condition_keys": [], - "resource": "provider" - } - ], - "service_name": "Amazon Location Service Routes" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", - "type": "ArrayOfString" - }, - { - "condition": "glacier:ArchiveAgeInDays", - "description": "Filters access by how long an archive has been stored in the vault, in days", - "type": "String" }, - { - "condition": "glacier:ResourceTag/", - "description": "Filters access by a customer-defined tag", - "type": "String" - } - ], - "prefix": "glacier", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to abort a multipart upload identified by the upload ID", - "privilege": "AbortMultipartUpload", + "description": "Grants permission to delete a set of auto-scaling rules", + "privilege": "DeleteScalingPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vault*" + "resource_type": "containerFleet" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "fleet" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to abort the vault locking process if the vault lock is not in the Locked state", - "privilege": "AbortVaultLock", + "access_level": "Write", + "description": "Grants permission to delete a Realtime Servers script", + "privilege": "DeleteScript", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vault*" + "resource_type": "script*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add the specified tags to a vault", - "privilege": "AddTagsToVault", + "access_level": "Write", + "description": "Grants permission to cancel a VPC peering authorization", + "privilege": "DeleteVpcPeeringAuthorization", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vault*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to complete a multipart upload process", - "privilege": "CompleteMultipartUpload", + "description": "Grants permission to remove a peering connection between VPCs", + "privilege": "DeleteVpcPeeringConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vault*" + "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to complete the vault locking process", - "privilege": "CompleteVaultLock", + "access_level": "Write", + "description": "Grants permission to deregister a compute against a fleet", + "privilege": "DeregisterCompute", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vault*" + "resource_type": "fleet*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new vault with the specified name", - "privilege": "CreateVault", + "description": "Grants permission to remove a game server from a game server group", + "privilege": "DeregisterGameServer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vault*" + "resource_type": "gameServerGroup*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an archive from a vault", - "privilege": "DeleteArchive", + "access_level": "Read", + "description": "Grants permission to retrieve properties for an alias", + "privilege": "DescribeAlias", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vault*" - }, - { - "condition_keys": [ - "glacier:ArchiveAgeInDays" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "alias*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a vault", - "privilege": "DeleteVault", + "access_level": "Read", + "description": "Grants permission to retrieve properties for a game build", + "privilege": "DescribeBuild", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vault*" + "resource_type": "build*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to delete the access policy associated with the specified vault", - "privilege": "DeleteVaultAccessPolicy", + "access_level": "Read", + "description": "Grants permission to retrieve information for a compute in a fleet", + "privilege": "DescribeCompute", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vault*" + "resource_type": "containerFleet" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "fleet" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the notification configuration set for a vault", - "privilege": "DeleteVaultNotifications", + "access_level": "Read", + "description": "Grants permission to retrieve the properties of an existing container fleet", + "privilege": "DescribeContainerFleet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vault*" + "resource_type": "containerFleet*" } ] }, { "access_level": "Read", - "description": "Grants permission to get information about a job previously initiated", - "privilege": "DescribeJob", + "description": "Grants permission to retrieve the properties of an existing container group definition", + "privilege": "DescribeContainerGroupDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vault*" + "resource_type": "containerGroupDefinition*" } ] }, { "access_level": "Read", - "description": "Grants permission to get information about a vault", - "privilege": "DescribeVault", + "description": "Grants permission to retrieve the maximum allowed and current usage for EC2 instance types", + "privilege": "DescribeEC2InstanceLimits", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vault*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get the data retrieval policy", - "privilege": "GetDataRetrievalPolicy", + "description": "Grants permission to retrieve general properties, including status, for fleets", + "privilege": "DescribeFleetAttributes", "resource_types": [ { "condition_keys": [], @@ -143784,159 +147498,167 @@ }, { "access_level": "Read", - "description": "Grants permission to download the output of the job specified", - "privilege": "GetJobOutput", + "description": "Grants permission to retrieve the current capacity settings for managed fleets", + "privilege": "DescribeFleetCapacity", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vault*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the access-policy subresource set on the vault", - "privilege": "GetVaultAccessPolicy", + "description": "Grants permission to retrieve the properties of an existing fleet deployment", + "privilege": "DescribeFleetDeployment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vault*" + "resource_type": "containerFleet*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve attributes from the lock-policy subresource set on the specified vault", - "privilege": "GetVaultLock", + "description": "Grants permission to retrieve entries from a fleet's event log", + "privilege": "DescribeFleetEvents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vault*" + "resource_type": "containerFleet" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "fleet" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the notification-configuration subresource set on the vault", - "privilege": "GetVaultNotifications", + "description": "Grants permission to retrieve general properties, including statuses, for a fleet's locations", + "privilege": "DescribeFleetLocationAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vault*" + "resource_type": "containerFleet" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "fleet" } ] }, { - "access_level": "Write", - "description": "Grants permission to initiate a job of the specified type", - "privilege": "InitiateJob", + "access_level": "Read", + "description": "Grants permission to retrieve the current capacity setting for a fleet's location", + "privilege": "DescribeFleetLocationCapacity", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vault*" + "resource_type": "containerFleet" }, { - "condition_keys": [ - "glacier:ArchiveAgeInDays" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "fleet" } ] }, { - "access_level": "Write", - "description": "Grants permission to initiate a multipart upload", - "privilege": "InitiateMultipartUpload", + "access_level": "Read", + "description": "Grants permission to retrieve utilization statistics for fleet's location", + "privilege": "DescribeFleetLocationUtilization", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vault*" + "resource_type": "fleet*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to initiate the vault locking process", - "privilege": "InitiateVaultLock", + "access_level": "Read", + "description": "Grants permission to retrieve the inbound connection permissions for a fleet", + "privilege": "DescribeFleetPortSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vault*" + "resource_type": "fleet*" } ] }, { - "access_level": "List", - "description": "Grants permission to list jobs for a vault that are in-progress and jobs that have recently finished", - "privilege": "ListJobs", + "access_level": "Read", + "description": "Grants permission to retrieve utilization statistics for fleets", + "privilege": "DescribeFleetUtilization", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vault*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list in-progress multipart uploads for the specified vault", - "privilege": "ListMultipartUploads", + "access_level": "Read", + "description": "Grants permission to retrieve properties for a game server", + "privilege": "DescribeGameServer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vault*" + "resource_type": "gameServerGroup*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the parts of an archive that have been uploaded in a specific multipart upload", - "privilege": "ListParts", + "access_level": "Read", + "description": "Grants permission to retrieve properties for a game server group", + "privilege": "DescribeGameServerGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vault*" + "resource_type": "gameServerGroup*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the provisioned capacity for the specified AWS account", - "privilege": "ListProvisionedCapacity", + "access_level": "Read", + "description": "Grants permission to retrieve the status of EC2 instances in a game server group", + "privilege": "DescribeGameServerInstances", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "gameServerGroup*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all the tags attached to a vault", - "privilege": "ListTagsForVault", + "access_level": "Read", + "description": "Grants permission to retrieve properties for game sessions in a fleet, including the protection policy", + "privilege": "DescribeGameSessionDetails", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vault*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all vaults", - "privilege": "ListVaults", + "access_level": "Read", + "description": "Grants permission to retrieve details of a game session placement request", + "privilege": "DescribeGameSessionPlacement", "resource_types": [ { "condition_keys": [], @@ -143946,9 +147668,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to purchases a provisioned capacity unit for an AWS account", - "privilege": "PurchaseProvisionedCapacity", + "access_level": "Read", + "description": "Grants permission to retrieve properties for game session queues", + "privilege": "DescribeGameSessionQueues", "resource_types": [ { "condition_keys": [], @@ -143958,350 +147680,334 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove one or more tags from the set of tags attached to a vault", - "privilege": "RemoveTagsFromVault", + "access_level": "Read", + "description": "Grants permission to retrieve properties for game sessions in a fleet", + "privilege": "DescribeGameSessions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vault*" + "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to set and then enacts a data retrieval policy in the region specified in the PUT request", - "privilege": "SetDataRetrievalPolicy", + "access_level": "Read", + "description": "Grants permission to retrieve information about instances in a managed fleet", + "privilege": "DescribeInstances", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "containerFleet" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "fleet" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to configure an access policy for a vault; will overwrite an existing policy", - "privilege": "SetVaultAccessPolicy", + "access_level": "Read", + "description": "Grants permission to retrieve details of matchmaking tickets", + "privilege": "DescribeMatchmaking", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vault*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to configure vault notifications", - "privilege": "SetVaultNotifications", + "access_level": "Read", + "description": "Grants permission to retrieve properties for FlexMatch matchmakers", + "privilege": "DescribeMatchmakingConfigurations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vault*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to upload an archive to a vault", - "privilege": "UploadArchive", + "access_level": "Read", + "description": "Grants permission to retrieve properties for FlexMatch matchmaking rule sets", + "privilege": "DescribeMatchmakingRuleSets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vault*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to upload a part of an archive", - "privilege": "UploadMultipartPart", + "access_level": "Read", + "description": "Grants permission to retrieve properties for player sessions in a game session", + "privilege": "DescribePlayerSessions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vault*" + "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:glacier:${Region}:${Account}:vaults/${VaultName}", - "condition_keys": [], - "resource": "vault" - } - ], - "service_name": "Amazon S3 Glacier" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tag key-value pairs attached to the resource", - "type": "String" }, { - "condition": "aws:TagKeys", - "description": "Filters access by the presence of tag keys in the request", - "type": "ArrayOfString" - } - ], - "prefix": "globalaccelerator", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to add a virtual private cloud (VPC) subnet endpoint to a custom routing accelerator endpoint group", - "privilege": "AddCustomRoutingEndpoints", + "access_level": "Read", + "description": "Grants permission to retrieve the current runtime configuration for a fleet", + "privilege": "DescribeRuntimeConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "endpointgroup*" + "resource_type": "fleet*" } ] }, { - "access_level": "Write", - "description": "Grants permission to add an endpoint to a standard accelerator endpoint group", - "privilege": "AddEndpoints", + "access_level": "Read", + "description": "Grants permission to retrieve all scaling policies that are applied to a fleet", + "privilege": "DescribeScalingPolicies", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "globalaccelerator:UpdateEndpointGroup" - ], - "resource_type": "endpointgroup*" + "dependent_actions": [], + "resource_type": "containerFleet" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "fleet" } ] }, { - "access_level": "Write", - "description": "Grants permission to advertises an IPv4 address range that is provisioned for use with your accelerator through bring your own IP addresses (BYOIP)", - "privilege": "AdvertiseByoipCidr", + "access_level": "Read", + "description": "Grants permission to retrieve properties for a Realtime Servers script", + "privilege": "DescribeScript", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "script*" } ] }, { - "access_level": "Write", - "description": "Grants permission to allows custom routing of user traffic to a private destination IP:PORT in a specific VPC subnet", - "privilege": "AllowCustomRoutingTraffic", + "access_level": "Read", + "description": "Grants permission to retrieve valid VPC peering authorizations", + "privilege": "DescribeVpcPeeringAuthorizations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "endpointgroup*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a standard accelerator", - "privilege": "CreateAccelerator", + "access_level": "Read", + "description": "Grants permission to retrieve details on active or pending VPC peering connections", + "privilege": "DescribeVpcPeeringConnections", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a CrossAccountAttachment", - "privilege": "CreateCrossAccountAttachment", + "access_level": "Read", + "description": "Grants permission to retrieve credentials to remotely access a compute in a managed fleet", + "privilege": "GetComputeAccess", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "containerFleet" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "fleet" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a Custom Routing accelerator", - "privilege": "CreateCustomRoutingAccelerator", + "access_level": "Read", + "description": "Grants permission to retrieve an authentication token that allows processes on a compute to send requests to the Amazon GameLift service", + "privilege": "GetComputeAuthToken", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "containerFleet" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "fleet" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an endpoint group for the specified listener for a custom routing accelerator", - "privilege": "CreateCustomRoutingEndpointGroup", + "access_level": "Read", + "description": "Grants permission to retrieve the location of stored logs for a game session", + "privilege": "GetGameSessionLogUrl", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "listener*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a listener to process inbound connections from clients to a custom routing accelerator", - "privilege": "CreateCustomRoutingListener", + "access_level": "Read", + "description": "Grants permission to request remote access to a specified fleet instance", + "privilege": "GetInstanceAccess", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "accelerator*" + "resource_type": "fleet*" } ] }, { - "access_level": "Write", - "description": "Grants permission to add an endpoint group to a standard accelerator listener", - "privilege": "CreateEndpointGroup", + "access_level": "List", + "description": "Grants permission to retrieve all aliases that are defined in the current Region", + "privilege": "ListAliases", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "listener*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to add a listener to a standard accelerator", - "privilege": "CreateListener", + "access_level": "List", + "description": "Grants permission to retrieve all game build in the current Region", + "privilege": "ListBuilds", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "accelerator*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a standard accelerator", - "privilege": "DeleteAccelerator", + "access_level": "List", + "description": "Grants permission to retrieve all compute resources in the current Region", + "privilege": "ListCompute", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "accelerator*" + "resource_type": "containerFleet" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "fleet" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a CrossAccountAttachment", - "privilege": "DeleteCrossAccountAttachment", + "access_level": "List", + "description": "Grants permission to retrieve the properties of all existing container fleets in the current Region", + "privilege": "ListContainerFleets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "attachment*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a custom routing accelerator", - "privilege": "DeleteCustomRoutingAccelerator", + "access_level": "List", + "description": "Grants permission to retrieve the properties of all versions of an existing container group definition", + "privilege": "ListContainerGroupDefinitionVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "accelerator*" + "resource_type": "containerGroupDefinition*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an endpoint group from a listener for a custom routing accelerator", - "privilege": "DeleteCustomRoutingEndpointGroup", + "access_level": "List", + "description": "Grants permission to retrieve the properties of all existing container group definitions in the current Region", + "privilege": "ListContainerGroupDefinitions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "endpointgroup*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a listener for a custom routing accelerator", - "privilege": "DeleteCustomRoutingListener", + "access_level": "List", + "description": "Grants permission to retrieve the properties of all existing fleet deployments in the current Region", + "privilege": "ListFleetDeployments", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "listener*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an endpoint group associated with a standard accelerator listener", - "privilege": "DeleteEndpointGroup", + "access_level": "List", + "description": "Grants permission to retrieve a list of fleet IDs for all fleets in the current Region", + "privilege": "ListFleets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "endpointgroup*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a listener from a standard accelerator", - "privilege": "DeleteListener", + "access_level": "List", + "description": "Grants permission to retrieve all game server groups that are defined in the current Region", + "privilege": "ListGameServerGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "listener*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to disallows custom routing of user traffic to a private destination IP:PORT in a specific VPC subnet", - "privilege": "DenyCustomRoutingTraffic", + "access_level": "List", + "description": "Grants permission to retrieve all game servers that are currently running in a game server group", + "privilege": "ListGameServers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "endpointgroup*" + "resource_type": "gameServerGroup*" } ] }, { - "access_level": "Write", - "description": "Grants permission to releases the specified address range that you provisioned for use with your accelerator through bring your own IP addresses (BYOIP)", - "privilege": "DeprovisionByoipCidr", + "access_level": "List", + "description": "Grants permission to retrieve all locations in this account", + "privilege": "ListLocations", "resource_types": [ { "condition_keys": [], @@ -144311,141 +148017,201 @@ ] }, { - "access_level": "Read", - "description": "Grants permissions to describe a standard accelerator", - "privilege": "DescribeAccelerator", + "access_level": "List", + "description": "Grants permission to retrieve properties for all Realtime Servers scripts in the current region", + "privilege": "ListScripts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "accelerator*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a standard accelerator attributes", - "privilege": "DescribeAcceleratorAttributes", + "description": "Grants permission to retrieve tags for GameLift resources", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "accelerator*" + "resource_type": "alias" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "build" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "containerFleet" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "containerGroupDefinition" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "fleet" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "gameServerGroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "gameSessionQueue" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "location" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "matchmakingConfiguration" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "matchmakingRuleSet" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "script" } ] }, { - "access_level": "Read", - "description": "Grants permissions to describe a CrossAccountAttachment", - "privilege": "DescribeCrossAccountAttachment", + "access_level": "Write", + "description": "Grants permission to create or update a fleet auto-scaling policy", + "privilege": "PutScalingPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "attachment*" + "resource_type": "containerFleet" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "fleet" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a custom routing accelerator", - "privilege": "DescribeCustomRoutingAccelerator", + "access_level": "Write", + "description": "Grants permission to register a compute against a fleet", + "privilege": "RegisterCompute", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "accelerator*" + "resource_type": "fleet*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe the attributes of a custom routing accelerator", - "privilege": "DescribeCustomRoutingAcceleratorAttributes", + "access_level": "Write", + "description": "Grants permission to notify GameLift FleetIQ when a new game server is ready to host gameplay", + "privilege": "RegisterGameServer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "accelerator*" + "resource_type": "gameServerGroup*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe an endpoint group for a custom routing accelerator", - "privilege": "DescribeCustomRoutingEndpointGroup", + "description": "Grants permission to retrieve fresh upload credentials to use when uploading a new game build", + "privilege": "RequestUploadCredentials", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "endpointgroup*" + "resource_type": "build*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a listener for a custom routing accelerator", - "privilege": "DescribeCustomRoutingListener", + "description": "Grants permission to retrieve the fleet ID associated with an alias", + "privilege": "ResolveAlias", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "listener*" + "resource_type": "alias*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a standard accelerator endpoint group", - "privilege": "DescribeEndpointGroup", + "access_level": "Write", + "description": "Grants permission to reinstate suspended FleetIQ activity for a game server group", + "privilege": "ResumeGameServerGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "endpointgroup*" + "resource_type": "gameServerGroup*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a standard accelerator listener", - "privilege": "DescribeListener", + "description": "Grants permission to retrieve game sessions that match a set of search criteria", + "privilege": "SearchGameSessions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "listener*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all standard accelerators", - "privilege": "ListAccelerators", + "access_level": "Write", + "description": "Grants permission to resume auto-scaling activity on a fleet after it was suspended with StopFleetActions()", + "privilege": "StartFleetActions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "containerFleet" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "fleet" } ] }, { - "access_level": "List", - "description": "Grants permission to list the BYOIP cidrs", - "privilege": "ListByoipCidrs", + "access_level": "Write", + "description": "Grants permission to send a game session placement request to a game session queue", + "privilege": "StartGameSessionPlacement", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "gameSessionQueue*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all CrossAccountAttachments", - "privilege": "ListCrossAccountAttachments", + "access_level": "Write", + "description": "Grants permission to request FlexMatch matchmaking to fill available player slots in an existing game session", + "privilege": "StartMatchBackfill", "resource_types": [ { "condition_keys": [], @@ -144455,9 +148221,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list accounts with CrossAccountAttachments listing caller as a principal", - "privilege": "ListCrossAccountResourceAccounts", + "access_level": "Write", + "description": "Grants permission to request FlexMatch matchmaking for one or a group of players and initiate game session placement", + "privilege": "StartMatchmaking", "resource_types": [ { "condition_keys": [], @@ -144467,21 +148233,26 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all CrossAccountAttachment resources usable by caller", - "privilege": "ListCrossAccountResources", + "access_level": "Write", + "description": "Grants permission to suspend auto-scaling activity on a fleet", + "privilege": "StopFleetActions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "containerFleet" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "fleet" } ] }, { - "access_level": "List", - "description": "Grants permission to list the custom routing accelerators for an AWS account", - "privilege": "ListCustomRoutingAccelerators", + "access_level": "Write", + "description": "Grants permission to cancel a game session placement request that is in progress", + "privilege": "StopGameSessionPlacement", "resource_types": [ { "condition_keys": [], @@ -144491,281 +148262,367 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the endpoint groups that are associated with a listener for a custom routing accelerator", - "privilege": "ListCustomRoutingEndpointGroups", + "access_level": "Write", + "description": "Grants permission to cancel a matchmaking or match backfill request that is in progress", + "privilege": "StopMatchmaking", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "listener*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the listeners for a custom routing accelerator", - "privilege": "ListCustomRoutingListeners", + "access_level": "Write", + "description": "Grants permission to temporarily stop FleetIQ activity for a game server group", + "privilege": "SuspendGameServerGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "accelerator*" + "resource_type": "gameServerGroup*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the port mappings for a custom routing accelerator", - "privilege": "ListCustomRoutingPortMappings", + "access_level": "Tagging", + "description": "Grants permission to tag GameLift resources", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "accelerator*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list the port mappings for a specific endpoint IP address (a destination address) in a subnet", - "privilege": "ListCustomRoutingPortMappingsByDestination", - "resource_types": [ + "resource_type": "alias" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "build" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "containerFleet" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "containerGroupDefinition" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "fleet" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "gameServerGroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "gameSessionQueue" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "location" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "matchmakingConfiguration" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "matchmakingRuleSet" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "script" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all endpoint groups associated with a standard accelerator listener", - "privilege": "ListEndpointGroups", + "access_level": "Write", + "description": "Grants permission to shut down an existing game session", + "privilege": "TerminateGameSession", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "listener*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all listeners associated with a standard accelerator", - "privilege": "ListListeners", + "access_level": "Tagging", + "description": "Grants permission to untag GameLift resources", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "accelerator*" + "resource_type": "alias" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "build" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "containerFleet" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "containerGroupDefinition" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "fleet" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "gameServerGroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "gameSessionQueue" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "location" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "matchmakingConfiguration" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "matchmakingRuleSet" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "script" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list tags for a globalaccelerator resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to update the properties of an existing alias", + "privilege": "UpdateAlias", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "accelerator" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "attachment" + "resource_type": "alias*" } ] }, { "access_level": "Write", - "description": "Grants permission to provisions an address range for use with your accelerator through bring your own IP addresses (BYOIP)", - "privilege": "ProvisionByoipCidr", + "description": "Grants permission to update an existing build's metadata", + "privilege": "UpdateBuild", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "build*" } ] }, { "access_level": "Write", - "description": "Grants permission to remove virtual private cloud (VPC) subnet endpoints from a custom routing accelerator endpoint group", - "privilege": "RemoveCustomRoutingEndpoints", + "description": "Grants permission to update an existing container fleet", + "privilege": "UpdateContainerFleet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "endpointgroup*" + "resource_type": "containerFleet*" } ] }, { "access_level": "Write", - "description": "Grants permission to remove an endpoint from a standard accelerator endpoint group", - "privilege": "RemoveEndpoints", + "description": "Grants permission to update the properties of an existing container group definition", + "privilege": "UpdateContainerGroupDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "globalaccelerator:UpdateEndpointGroup" + "ecr:BatchGetImage", + "ecr:DescribeImages", + "ecr:GetAuthorizationToken", + "ecr:GetDownloadUrlForLayer" ], - "resource_type": "endpointgroup*" + "resource_type": "containerGroupDefinition*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add tags to a globalaccelerator resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to update the general properties of an existing fleet", + "privilege": "UpdateFleetAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "accelerator" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "attachment" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "fleet*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from a globalaccelerator resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to adjust a managed fleet's capacity settings", + "privilege": "UpdateFleetCapacity", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "accelerator" + "resource_type": "containerFleet" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "attachment" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "fleet" } ] }, { "access_level": "Write", - "description": "Grants permission to update a standard accelerator", - "privilege": "UpdateAccelerator", + "description": "Grants permission to adjust a fleet's port settings", + "privilege": "UpdateFleetPortSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "accelerator*" + "resource_type": "fleet*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a standard accelerator attributes", - "privilege": "UpdateAcceleratorAttributes", + "description": "Grants permission to change game server properties, health status, or utilization status", + "privilege": "UpdateGameServer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "accelerator*" + "resource_type": "gameServerGroup*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a CrossAccountAttachment", - "privilege": "UpdateCrossAccountAttachment", + "description": "Grants permission to update properties for game server group, including allowed instance types", + "privilege": "UpdateGameServerGroup", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "attachment*" + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "gameServerGroup*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a custom routing accelerator", - "privilege": "UpdateCustomRoutingAccelerator", + "description": "Grants permission to update the properties of an existing game session", + "privilege": "UpdateGameSession", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "accelerator*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the attributes for a custom routing accelerator", - "privilege": "UpdateCustomRoutingAcceleratorAttributes", + "description": "Grants permission to update properties of an existing game session queue", + "privilege": "UpdateGameSessionQueue", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "accelerator*" + "resource_type": "gameSessionQueue*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a listener for a custom routing accelerator", - "privilege": "UpdateCustomRoutingListener", + "description": "Grants permission to update properties of an existing FlexMatch matchmaking configuration", + "privilege": "UpdateMatchmakingConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "listener*" + "resource_type": "matchmakingConfiguration*" } ] }, { "access_level": "Write", - "description": "Grants permission to update an endpoint group on a standard accelerator listener", - "privilege": "UpdateEndpointGroup", + "description": "Grants permission to update how server processes are configured on instances in an existing fleet", + "privilege": "UpdateRuntimeConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "endpointgroup*" + "resource_type": "fleet*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a listener on a standard accelerator", - "privilege": "UpdateListener", + "description": "Grants permission to update the metadata and content of an existing Realtime Servers script", + "privilege": "UpdateScript", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener*" + "dependent_actions": [ + "iam:PassRole", + "s3:GetObject" + ], + "resource_type": "script*" } ] }, { - "access_level": "Write", - "description": "Grants permission to stops advertising a BYOIP IPv4 address", - "privilege": "WithdrawByoipCidr", + "access_level": "Read", + "description": "Grants permission to validate the syntax of a FlexMatch matchmaking rule set", + "privilege": "ValidateMatchmakingRuleSet", "resource_types": [ { "condition_keys": [], @@ -144777,478 +148634,378 @@ ], "resources": [ { - "arn": "arn:${Partition}:globalaccelerator::${Account}:accelerator/${ResourceId}", + "arn": "arn:${Partition}:gamelift:${Region}::alias/${AliasId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "accelerator" + "resource": "alias" }, { - "arn": "arn:${Partition}:globalaccelerator::${Account}:accelerator/${ResourceId}/listener/${ListenerId}", + "arn": "arn:${Partition}:gamelift:${Region}:${Account}:build/${BuildId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "listener" + "resource": "build" }, { - "arn": "arn:${Partition}:globalaccelerator::${Account}:accelerator/${ResourceId}/listener/${ListenerId}/endpoint-group/${EndpointGroupId}", + "arn": "arn:${Partition}:gamelift:${Region}:${Account}:containergroupdefinition/${Name}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "endpointgroup" + "resource": "containerGroupDefinition" }, { - "arn": "arn:${Partition}:globalaccelerator::${Account}:attachment/${ResourceId}", + "arn": "arn:${Partition}:gamelift:${Region}:${Account}:containerfleet/${FleetId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "attachment" - } - ], - "service_name": "AWS Global Accelerator" - }, - { - "conditions": [ + "resource": "containerFleet" + }, { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request", - "type": "String" + "arn": "arn:${Partition}:gamelift:${Region}:${Account}:fleet/${FleetId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "fleet" }, { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tag key-value pairs attached to the resource", - "type": "String" + "arn": "arn:${Partition}:gamelift:${Region}:${Account}:gameservergroup/${GameServerGroupName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "gameServerGroup" }, { - "condition": "aws:TagKeys", - "description": "Filters access by the presence of tag keys in the request", - "type": "ArrayOfString" + "arn": "arn:${Partition}:gamelift:${Region}:${Account}:gamesessionqueue/${GameSessionQueueName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "gameSessionQueue" }, { - "condition": "glue:CredentialIssuingService", - "description": "Filters access by the service from which the credentials of the request is issued", - "type": "String" + "arn": "arn:${Partition}:gamelift:${Region}:${Account}:location/${LocationId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "location" }, { - "condition": "glue:EnabledForRedshiftAutoDiscovery", - "description": "Filters access by the presence of the key configured for role's identity-based policy", - "type": "Bool" + "arn": "arn:${Partition}:gamelift:${Region}:${Account}:matchmakingconfiguration/${MatchmakingConfigurationName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "matchmakingConfiguration" }, { - "condition": "glue:RoleAssumedBy", - "description": "Filters access by the service from which the credentials of the request is obtained by assuming the customer role", - "type": "String" + "arn": "arn:${Partition}:gamelift:${Region}:${Account}:matchmakingruleset/${MatchmakingRuleSetName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "matchmakingRuleSet" }, { - "condition": "glue:SecurityGroupIds", - "description": "Filters access by the ID of security groups configured for the Glue job", - "type": "ArrayOfString" + "arn": "arn:${Partition}:gamelift:${Region}:${Account}:script/${ScriptId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "script" + } + ], + "service_name": "Amazon GameLift Servers" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by tags that are passed in the request", + "type": "String" }, { - "condition": "glue:SubnetIds", - "description": "Filters access by the ID of subnets configured for the Glue job", - "type": "ArrayOfString" + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" }, { - "condition": "glue:VpcIds", - "description": "Filters access by the ID of the VPC configured for the Glue job", + "condition": "aws:TagKeys", + "description": "Filters access by a list of tag keys that are allowed in the request", "type": "ArrayOfString" } ], - "prefix": "glue", + "prefix": "gameliftstreams", "privileges": [ { "access_level": "Write", - "description": "Grants permission to Glue to continuously validate that the target Arn can receive data replicated from the source ARN", - "privilege": "AuthorizeInboundIntegration", + "description": "Grants permission to attach a StreamGroup remote location", + "privilege": "AddStreamGroupLocations", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "integration*" + "dependent_actions": [ + "ec2:DescribeRegions" + ], + "resource_type": "stream group*" } ] }, { "access_level": "Write", - "description": "Grants permission to create one or more partitions", - "privilege": "BatchCreatePartition", + "description": "Grants permission to associate Applications to a StreamGroup", + "privilege": "AssociateApplications", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "rootcatalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" + "resource_type": "application*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog" + "resource_type": "stream group*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete one or more connections", - "privilege": "BatchDeleteConnection", + "description": "Grants permission to create application", + "privilege": "CreateApplication", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "connection*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "rootcatalog*" + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "gameliftstreams:TagResource", + "s3:GetObject", + "s3:ListBucket" + ], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete one or more partitions", - "privilege": "BatchDeletePartition", + "description": "Grants permission to create a StreamGroup", + "privilege": "CreateStreamGroup", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "database*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "rootcatalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "catalog" + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "gameliftstreams:TagResource" + ], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete one or more tables", - "privilege": "BatchDeleteTable", + "description": "Grants permission to create a stream session connection", + "privilege": "CreateStreamSessionConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "rootcatalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "catalog" + "resource_type": "stream group*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete one or more versions of a table", - "privilege": "BatchDeleteTableVersion", + "description": "Grants permission to delete an application", + "privilege": "DeleteApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "rootcatalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "catalog" + "resource_type": "application*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve one or more blueprints", - "privilege": "BatchGetBlueprints", + "access_level": "Write", + "description": "Grants permission to delete a StreamGroup", + "privilege": "DeleteStreamGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "blueprint*" + "resource_type": "stream group*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve one or more crawlers", - "privilege": "BatchGetCrawlers", + "access_level": "Write", + "description": "Grants permission to disassociate Applications from a StreamGroup", + "privilege": "DisassociateApplications", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "crawler*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve one or more Custom Entity Types", - "privilege": "BatchGetCustomEntityTypes", - "resource_types": [ + "resource_type": "application*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "stream group*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve one or more development endpoints", - "privilege": "BatchGetDevEndpoints", + "access_level": "Write", + "description": "Grants permission to export stream session files that your application generates", + "privilege": "ExportStreamSessionFiles", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "devendpoint*" + "dependent_actions": [ + "s3:PutObject" + ], + "resource_type": "stream group*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve one or more jobs", - "privilege": "BatchGetJobs", + "description": "Grants permission to get an application", + "privilege": "GetApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job*" + "resource_type": "application*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve one or more partitions", - "privilege": "BatchGetPartition", + "description": "Grants `permission` to get a StreamGroup", + "privilege": "GetStreamGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "rootcatalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "catalog" + "resource_type": "stream group*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to batch get stage files for SparkUI", - "privilege": "BatchGetStageFiles", + "access_level": "Read", + "description": "Grants permission to get a stream session", + "privilege": "GetStreamSession", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "stream group*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return the configuration for the specified table optimizers", - "privilege": "BatchGetTableOptimizer", + "access_level": "List", + "description": "Grants permission to list applications", + "privilege": "ListApplications", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "glue:GetTable" - ], - "resource_type": "database*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "rootcatalog*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve one or more triggers", - "privilege": "BatchGetTriggers", + "access_level": "List", + "description": "Grants permission to list StreamGroups", + "privilege": "ListStreamGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "trigger*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve one or more workflows", - "privilege": "BatchGetWorkflows", + "description": "Grants permission to list stream sessions", + "privilege": "ListStreamSessions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow*" + "resource_type": "stream group*" } ] }, { - "access_level": "Write", - "description": "Grants permission to stop one or more job runs for a job", - "privilege": "BatchStopJobRun", + "access_level": "Read", + "description": "Grants permission to list stream sessions", + "privilege": "ListStreamSessionsByAccount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update one or more partitions", - "privilege": "BatchUpdatePartition", + "access_level": "Read", + "description": "Grants permission to list tags for a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "rootcatalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" + "resource_type": "application" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to stop a running Data Quality rule recommendation run", - "privilege": "CancelDataQualityRuleRecommendationRun", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "dataQualityRuleset*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to stop a running Data Quality ruleset evaluation run", - "privilege": "CancelDataQualityRulesetEvaluationRun", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "dataQualityRuleset*" + "resource_type": "stream group" } ] }, { "access_level": "Write", - "description": "Grants permission to stop a running ML Task Run", - "privilege": "CancelMLTaskRun", + "description": "Grants permission to detach a StreamGroup remote location", + "privilege": "RemoveStreamGroupLocations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "mlTransform*" + "resource_type": "stream group*" } ] }, { "access_level": "Write", - "description": "Grants permission to cancel a statement in an interactive session", - "privilege": "CancelStatement", + "description": "Grants permission to create a stream session", + "privilege": "StartStreamSession", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "session*" + "resource_type": "stream group*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a check the validity of schema version", - "privilege": "CheckSchemaVersionValidity", + "access_level": "Tagging", + "description": "Grants permission to tag a resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a blueprint", - "privilege": "CreateBlueprint", - "resource_types": [ + "resource_type": "application" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "blueprint*" + "resource_type": "stream group" }, { "condition_keys": [ @@ -145262,68 +149019,33 @@ }, { "access_level": "Write", - "description": "Grants permission to create a catalog", - "privilege": "CreateCatalog", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "catalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "rootcatalog*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a classifier", - "privilege": "CreateClassifier", + "description": "Grants permission to terminate a stream session", + "privilege": "TerminateStreamSession", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "stream group*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create settings for a column statistics task", - "privilege": "CreateColumnStatisticsTaskSettings", + "access_level": "Tagging", + "description": "Grants permission to untag a resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "rootcatalog*" + "resource_type": "application" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a connection", - "privilege": "CreateConnection", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "rootcatalog*" + "resource_type": "stream group" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -145333,80 +149055,121 @@ }, { "access_level": "Write", - "description": "Grants permission to create a crawler", - "privilege": "CreateCrawler", + "description": "Grants permission to update an application", + "privilege": "UpdateApplication", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "application*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a Custom Entity Type", - "privilege": "CreateCustomEntityType", + "description": "Grants permission to update a StreamGroup", + "privilege": "UpdateStreamGroup", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "stream group*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:gameliftstreams:${Region}:${Account}:application/${ApplicationId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "application" }, + { + "arn": "arn:${Partition}:gameliftstreams:${Region}:${Account}:streamgroup/${StreamGroupId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "stream group" + } + ], + "service_name": "Amazon GameLift Streams" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by a tag's key and value in a request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys in a request", + "type": "ArrayOfString" + }, + { + "condition": "geo:DeviceIds", + "description": "Filters access by the presence of device ids in the request", + "type": "ArrayOfString" + }, + { + "condition": "geo:GeofenceIds", + "description": "Filters access by the presence of geofence ids in the request", + "type": "ArrayOfString" + } + ], + "prefix": "geo", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to create a Data Quality ruleset", - "privilege": "CreateDataQualityRuleset", + "description": "Grants permission to create an association between a geofence-collection and a tracker resource", + "privilege": "AssociateTrackerConsumer", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "tracker*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a database", - "privilege": "CreateDatabase", + "description": "Grants permission to delete a batch of device position histories from a tracker resource", + "privilege": "BatchDeleteDevicePositionHistory", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "rootcatalog*" + "resource_type": "tracker*" }, { - "condition_keys": [], + "condition_keys": [ + "geo:DeviceIds" + ], "dependent_actions": [], - "resource_type": "catalog" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a development endpoint", - "privilege": "CreateDevEndpoint", + "description": "Grants permission to delete a batch of geofences from a geofence collection", + "privilege": "BatchDeleteGeofence", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "geofence-collection*" + }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "geo:GeofenceIds" ], "dependent_actions": [], "resource_type": "" @@ -145415,48 +149178,48 @@ }, { "access_level": "Write", - "description": "Grants permission to the source principal to create an inbound integration for data to be replicated from the source into the target", - "privilege": "CreateInboundIntegration", + "description": "Grants permission to evaluate device positions against the position of geofences in a given geofence collection", + "privilege": "BatchEvaluateGeofences", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "geofence-collection*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an integration", - "privilege": "CreateIntegration", + "access_level": "Read", + "description": "Grants permission to send a batch request to retrieve device positions", + "privilege": "BatchGetDevicePosition", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "kms:CreateGrant", - "kms:DescribeKey" - ], - "resource_type": "catalog*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "connection*" + "resource_type": "tracker*" }, { - "condition_keys": [], + "condition_keys": [ + "geo:DeviceIds" + ], "dependent_actions": [], - "resource_type": "database*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to send a batch request for adding geofences into a given geofence collection", + "privilege": "BatchPutGeofence", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "integration*" + "resource_type": "geofence-collection*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "geo:GeofenceIds" ], "dependent_actions": [], "resource_type": "" @@ -145465,65 +149228,61 @@ }, { "access_level": "Write", - "description": "Grants permission to create integration resource property", - "privilege": "CreateIntegrationResourceProperty", + "description": "Grants permission to upload a position update for one or more devices to a tracker resource", + "privilege": "BatchUpdateDevicePosition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "connection*" + "resource_type": "tracker*" }, { - "condition_keys": [], + "condition_keys": [ + "geo:DeviceIds" + ], "dependent_actions": [], - "resource_type": "database*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create integration table properties", - "privilege": "CreateIntegrationTableProperties", + "access_level": "Read", + "description": "Grants permission to calculate routes using a given route calculator resource", + "privilege": "CalculateRoute", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "connection*" - }, + "resource_type": "route-calculator*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to calculate a route matrix using a given route calculator resource", + "privilege": "CalculateRouteMatrix", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" + "resource_type": "route-calculator*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a job", - "privilege": "CreateJob", + "description": "Grants permission to create a geofence-collection", + "privilege": "CreateGeofenceCollection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job*" + "resource_type": "geofence-collection*" }, { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "glue:VpcIds", - "glue:SubnetIds", - "glue:SecurityGroupIds" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -145532,9 +149291,14 @@ }, { "access_level": "Write", - "description": "Grants permission to create an ML Transform", - "privilege": "CreateMLTransform", + "description": "Grants permission to create an API key resource", + "privilege": "CreateKey", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "api-key*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -145547,67 +149311,53 @@ }, { "access_level": "Write", - "description": "Grants permission to create a partition", - "privilege": "CreatePartition", + "description": "Grants permission to create a map resource", + "privilege": "CreateMap", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "rootcatalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" + "resource_type": "map*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "catalog" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a specified partition index in an existing table", - "privilege": "CreatePartitionIndex", + "description": "Grants permission to create a place index resource", + "privilege": "CreatePlaceIndex", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "rootcatalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" + "resource_type": "place-index*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "catalog" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new schema registry", - "privilege": "CreateRegistry", + "description": "Grants permission to create a route calculator resource", + "privilege": "CreateRouteCalculator", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "registry*" + "resource_type": "route-calculator*" }, { "condition_keys": [ @@ -145621,18 +149371,13 @@ }, { "access_level": "Write", - "description": "Grants permission to create a new schema container", - "privilege": "CreateSchema", + "description": "Grants permission to create a tracker resource", + "privilege": "CreateTracker", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "registry*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "schema*" + "resource_type": "tracker*" }, { "condition_keys": [ @@ -145646,806 +149391,1028 @@ }, { "access_level": "Write", - "description": "Grants permission to create a script", - "privilege": "CreateScript", + "description": "Grants permission to delete a geofence-collection", + "privilege": "DeleteGeofenceCollection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "geofence-collection*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a security configuration", - "privilege": "CreateSecurityConfiguration", + "description": "Grants permission to delete an API key resource", + "privilege": "DeleteKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "api-key*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an interactive session", - "privilege": "CreateSession", + "description": "Grants permission to delete a map resource", + "privilege": "DeleteMap", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "session*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "glue:VpcIds", - "glue:SubnetIds", - "glue:SecurityGroupIds" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "map*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a table", - "privilege": "CreateTable", + "description": "Grants permission to delete a place index resource", + "privilege": "DeletePlaceIndex", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "rootcatalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "catalog" + "resource_type": "place-index*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new table optimizer for a specific function. Compaction is the only currently supported optimizer type", - "privilege": "CreateTableOptimizer", + "description": "Grants permission to delete a route calculator resource", + "privilege": "DeleteRouteCalculator", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "glue:GetTable" - ], - "resource_type": "database*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "rootcatalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" + "resource_type": "route-calculator*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a trigger", - "privilege": "CreateTrigger", + "description": "Grants permission to delete a tracker resource", + "privilege": "DeleteTracker", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "trigger*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "tracker*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a usage profile", - "privilege": "CreateUsageProfile", + "access_level": "Read", + "description": "Grants permission to retrieve geofence collection details", + "privilege": "DescribeGeofenceCollection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "usageProfile*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "geofence-collection*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a function definition", - "privilege": "CreateUserDefinedFunction", + "access_level": "Read", + "description": "Grants permission to retrieve API key resource details and secret", + "privilege": "DescribeKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" - }, + "resource_type": "api-key*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve map resource details", + "privilege": "DescribeMap", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rootcatalog*" - }, + "resource_type": "map*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve place-index resource details", + "privilege": "DescribePlaceIndex", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog" + "resource_type": "place-index*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a workflow", - "privilege": "CreateWorkflow", + "access_level": "Read", + "description": "Grants permission to retrieve route calculator resource details", + "privilege": "DescribeRouteCalculator", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "route-calculator*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a blueprint", - "privilege": "DeleteBlueprint", + "access_level": "Read", + "description": "Grants permission to retrieve a tracker resource details", + "privilege": "DescribeTracker", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "blueprint*" + "resource_type": "tracker*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a catalog", - "privilege": "DeleteCatalog", + "description": "Grants permission to remove the association between a tracker resource and a geofence-collection", + "privilege": "DisassociateTrackerConsumer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rootcatalog*" - }, + "resource_type": "tracker*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to forecast events for geofences stored in a given geofence collection", + "privilege": "ForecastGeofenceEvents", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog" + "resource_type": "geofence-collection*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a classifier", - "privilege": "DeleteClassifier", + "access_level": "Read", + "description": "Grants permission to retrieve the latest device position", + "privilege": "GetDevicePosition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "tracker*" + }, + { + "condition_keys": [ + "geo:DeviceIds" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the partition column statistics of a column", - "privilege": "DeleteColumnStatisticsForPartition", + "access_level": "Read", + "description": "Grants permission to retrieve the device position history", + "privilege": "GetDevicePositionHistory", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" + "resource_type": "tracker*" }, { - "condition_keys": [], + "condition_keys": [ + "geo:DeviceIds" + ], "dependent_actions": [], - "resource_type": "rootcatalog*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the geofence details from a geofence-collection", + "privilege": "GetGeofence", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "geofence-collection*" }, { - "condition_keys": [], + "condition_keys": [ + "geo:GeofenceIds" + ], "dependent_actions": [], - "resource_type": "catalog" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the table statistics of columns", - "privilege": "DeleteColumnStatisticsForTable", + "access_level": "Read", + "description": "Grants permission to retrieve the glyph file for a map resource", + "privilege": "GetMapGlyphs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" - }, + "resource_type": "map*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the sprite file for a map resource", + "privilege": "GetMapSprites", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rootcatalog*" - }, + "resource_type": "map*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the map style descriptor from a map resource", + "privilege": "GetMapStyleDescriptor", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" - }, + "resource_type": "map*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the map tile from the map resource", + "privilege": "GetMapTile", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog" + "resource_type": "map*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete settings for a column statistics task", - "privilege": "DeleteColumnStatisticsTaskSettings", + "access_level": "Read", + "description": "Grants permission to find a place by its unique ID", + "privilege": "GetPlace", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" - }, + "resource_type": "place-index*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a list of devices and their latest positions from the given tracker resource", + "privilege": "ListDevicePositions", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rootcatalog*" - }, + "resource_type": "tracker*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to lists geofence-collections", + "privilege": "ListGeofenceCollections", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "geofence-collection*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a connection", - "privilege": "DeleteConnection", + "access_level": "Read", + "description": "Grants permission to list geofences stored in a given geofence collection", + "privilege": "ListGeofences", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connection*" - }, + "resource_type": "geofence-collection*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list API key resources", + "privilege": "ListKeys", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rootcatalog*" + "resource_type": "api-key*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a crawler", - "privilege": "DeleteCrawler", + "access_level": "List", + "description": "Grants permission to list map resources", + "privilege": "ListMaps", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "crawler*" + "resource_type": "map*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a Custom Entity Type", - "privilege": "DeleteCustomEntityType", + "access_level": "List", + "description": "Grants permission to return a list of place index resources", + "privilege": "ListPlaceIndexes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "place-index*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a Data Quality ruleset", - "privilege": "DeleteDataQualityRuleset", + "access_level": "List", + "description": "Grants permission to return a list of route calculator resources", + "privilege": "ListRouteCalculators", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataQualityRuleset*" + "resource_type": "route-calculator*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a database", - "privilege": "DeleteDatabase", + "access_level": "Read", + "description": "Grants permission to list the tags (metadata) which you have assigned to the resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" + "resource_type": "api-key" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "rootcatalog*" + "resource_type": "geofence-collection" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "map" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "userdefinedfunction*" + "resource_type": "place-index" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog" + "resource_type": "route-calculator" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "tracker" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a development endpoint", - "privilege": "DeleteDevEndpoint", + "access_level": "Read", + "description": "Grants permission to retrieve a list of geofence collections currently associated to the given tracker resource", + "privilege": "ListTrackerConsumers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "devendpoint*" + "resource_type": "tracker*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an integration", - "privilege": "DeleteIntegration", + "access_level": "List", + "description": "Grants permission to return a list of tracker resources", + "privilege": "ListTrackers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "integration*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "tracker*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete integration table properties", - "privilege": "DeleteIntegrationTableProperties", + "description": "Grants permission to add a new geofence or update an existing geofence to a given geofence-collection", + "privilege": "PutGeofence", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" + "resource_type": "geofence-collection*" }, { - "condition_keys": [], + "condition_keys": [ + "geo:GeofenceIds" + ], "dependent_actions": [], - "resource_type": "connection*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to reverse geocodes a given coordinate", + "privilege": "SearchPlaceIndexForPosition", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" + "resource_type": "place-index*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a job", - "privilege": "DeleteJob", + "access_level": "Read", + "description": "Grants permission to generate suggestions for addresses and points of interest based on partial or misspelled free-form text", + "privilege": "SearchPlaceIndexForSuggestions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job*" + "resource_type": "place-index*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an ML Transform", - "privilege": "DeleteMLTransform", + "access_level": "Read", + "description": "Grants permission to geocode free-form text, such as an address, name, city or region", + "privilege": "SearchPlaceIndexForText", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "mlTransform*" + "resource_type": "place-index*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a partition", - "privilege": "DeletePartition", + "access_level": "Tagging", + "description": "Grants permission to adds to or modifies the tags of the given resource. Tags are metadata which can be used to manage a resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" + "resource_type": "api-key" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "rootcatalog*" + "resource_type": "geofence-collection" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "map" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog" + "resource_type": "place-index" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "route-calculator" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "tracker" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a specified partition index from an existing table", - "privilege": "DeletePartitionIndex", + "access_level": "Tagging", + "description": "Grants permission to remove the given tags (metadata) from the resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" + "resource_type": "api-key" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "rootcatalog*" + "resource_type": "geofence-collection" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "map" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog" + "resource_type": "place-index" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "route-calculator" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "tracker" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a schema registry", - "privilege": "DeleteRegistry", + "description": "Grants permission to update a geofence collection", + "privilege": "UpdateGeofenceCollection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "registry*" + "resource_type": "geofence-collection*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to delete a resource policy", - "privilege": "DeleteResourcePolicy", + "access_level": "Write", + "description": "Grants permission to update an API key resource", + "privilege": "UpdateKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rootcatalog*" + "resource_type": "api-key*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a schema container", - "privilege": "DeleteSchema", + "description": "Grants permission to update a map resource", + "privilege": "UpdateMap", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "registry*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "schema*" + "resource_type": "map*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a range of schema versions", - "privilege": "DeleteSchemaVersions", + "description": "Grants permission to update a place index resource", + "privilege": "UpdatePlaceIndex", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "registry*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "schema*" + "resource_type": "place-index*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a security configuration", - "privilege": "DeleteSecurityConfiguration", + "description": "Grants permission to update a route calculator resource", + "privilege": "UpdateRouteCalculator", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "route-calculator*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an interactive session after stopping the session if not already stopped", - "privilege": "DeleteSession", + "description": "Grants permission to update a tracker resource", + "privilege": "UpdateTracker", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "session*" + "resource_type": "tracker*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a table", - "privilege": "DeleteTable", + "access_level": "Read", + "description": "Grants permission to verify a device position", + "privilege": "VerifyDevicePosition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "rootcatalog*" + "resource_type": "tracker*" }, { - "condition_keys": [], + "condition_keys": [ + "geo:DeviceIds" + ], "dependent_actions": [], - "resource_type": "table*" - }, + "resource_type": "" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:geo:${Region}:${Account}:api-key/${KeyName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "api-key" + }, + { + "arn": "arn:${Partition}:geo:${Region}:${Account}:geofence-collection/${GeofenceCollectionName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "geo:GeofenceIds" + ], + "resource": "geofence-collection" + }, + { + "arn": "arn:${Partition}:geo:${Region}:${Account}:map/${MapName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "map" + }, + { + "arn": "arn:${Partition}:geo:${Region}:${Account}:place-index/${IndexName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "place-index" + }, + { + "arn": "arn:${Partition}:geo:${Region}:${Account}:route-calculator/${CalculatorName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "route-calculator" + }, + { + "arn": "arn:${Partition}:geo:${Region}:${Account}:tracker/${TrackerName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "geo:DeviceIds" + ], + "resource": "tracker" + } + ], + "service_name": "Amazon Location" + }, + { + "conditions": [], + "prefix": "geo-maps", + "privileges": [ + { + "access_level": "Read", + "description": "Grants permission to retrieve the static map", + "privilege": "GetStaticMap", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog" + "resource_type": "provider*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an optimizer and all associated metadata for a table. The optimization will no longer be performed on the table", - "privilege": "DeleteTableOptimizer", + "access_level": "Read", + "description": "Grants permission to retrieve the map tile", + "privilege": "GetTile", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "glue:GetTable" - ], - "resource_type": "database*" - }, + "dependent_actions": [], + "resource_type": "provider*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:geo-maps:${Region}::provider/default", + "condition_keys": [], + "resource": "provider" + } + ], + "service_name": "Amazon Location Service Maps" + }, + { + "conditions": [], + "prefix": "geo-places", + "privileges": [ + { + "access_level": "Read", + "description": "Grants permission to autocomplete text input with potential places and addresses as the user types", + "privilege": "Autocomplete", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rootcatalog*" - }, + "resource_type": "provider*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to geocode a textual address or place into geographic coordinates", + "privilege": "Geocode", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "provider*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a version of a table", - "privilege": "DeleteTableVersion", + "access_level": "Read", + "description": "Grants permission to query a place by it's unqiue place ID", + "privilege": "GetPlace", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" - }, + "resource_type": "provider*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to convert geographic coordinates into a human-readable address or place", + "privilege": "ReverseGeocode", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rootcatalog*" - }, + "resource_type": "provider*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve places near a position which match to a set of user defined restrictions such as category or food type offered by the place", + "privilege": "SearchNearby", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" - }, + "resource_type": "provider*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to query for places using a single free-form text input", + "privilege": "SearchText", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog" + "resource_type": "provider*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a trigger", - "privilege": "DeleteTrigger", + "access_level": "Read", + "description": "Grants permission to suggest potential places based on the user's input", + "privilege": "Suggest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "trigger*" + "resource_type": "provider*" } ] - }, + } + ], + "resources": [ { - "access_level": "Write", - "description": "Grants permission to delete a usage profile", - "privilege": "DeleteUsageProfile", + "arn": "arn:${Partition}:geo-places:${Region}::provider/default", + "condition_keys": [], + "resource": "provider" + } + ], + "service_name": "Amazon Location Service Places" + }, + { + "conditions": [], + "prefix": "geo-routes", + "privileges": [ + { + "access_level": "Read", + "description": "Grants permission to determine destinations or service areas reachable within a specified time", + "privilege": "CalculateIsolines", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "usageProfile*" + "resource_type": "provider*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a function definition", - "privilege": "DeleteUserDefinedFunction", + "access_level": "Read", + "description": "Grants permission to calculate routing matrice which providing travel time and distances between sets of origins and destinations", + "privilege": "CalculateRouteMatrix", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" - }, + "resource_type": "provider*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to calculates routes between two or more locations", + "privilege": "CalculateRoutes", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rootcatalog*" - }, + "resource_type": "provider*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to calculate the most efficient sequence for visiting multiple waypoints or locations along a route", + "privilege": "OptimizeWaypoints", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userdefinedfunction*" - }, + "resource_type": "provider*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to enhances the accuracy of geographic positioning by aligning GPS coordinates to the nearest road segments on a digital map", + "privilege": "SnapToRoads", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog" + "resource_type": "provider*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:geo-routes:${Region}::provider/default", + "condition_keys": [], + "resource": "provider" + } + ], + "service_name": "Amazon Location Service Routes" + }, + { + "conditions": [ + { + "condition": "glacier:ArchiveAgeInDays", + "description": "Filters access by how long an archive has been stored in the vault, in days", + "type": "String" }, + { + "condition": "glacier:ResourceTag/", + "description": "Filters access by a customer-defined tag", + "type": "String" + } + ], + "prefix": "glacier", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to delete a workflow", - "privilege": "DeleteWorkflow", + "description": "Grants permission to abort a multipart upload identified by the upload ID", + "privilege": "AbortMultipartUpload", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow*" + "resource_type": "vault*" } ] }, { "access_level": "Permissions management", - "description": "Grants permission to terminate Glue Studio Notebook session", - "privilege": "DeregisterDataPreview", + "description": "Grants permission to abort the vault locking process if the vault lock is not in the Locked state", + "privilege": "AbortVaultLock", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "vault*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to describe connection type in glue studio", - "privilege": "DescribeConnectionType", + "access_level": "Tagging", + "description": "Grants permission to add the specified tags to a vault", + "privilege": "AddTagsToVault", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "vault*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to describe entity in glue studio", - "privilege": "DescribeEntity", + "access_level": "Write", + "description": "Grants permission to complete a multipart upload process", + "privilege": "CompleteMultipartUpload", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connection*" - }, + "resource_type": "vault*" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to complete the vault locking process", + "privilege": "CompleteVaultLock", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rootcatalog*" + "resource_type": "vault*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the inbound integrations", - "privilege": "DescribeInboundIntegrations", + "access_level": "Write", + "description": "Grants permission to create a new vault with the specified name", + "privilege": "CreateVault", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "vault*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe zero-ETL integrations", - "privilege": "DescribeIntegrations", + "access_level": "Write", + "description": "Grants permission to delete an archive from a vault", + "privilege": "DeleteArchive", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "integration*" + "resource_type": "vault*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "glacier:ArchiveAgeInDays" ], "dependent_actions": [], "resource_type": "" @@ -146453,277 +150420,232 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a blueprint", - "privilege": "GetBlueprint", + "access_level": "Write", + "description": "Grants permission to delete a vault", + "privilege": "DeleteVault", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "blueprint*" + "resource_type": "vault*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a blueprint run", - "privilege": "GetBlueprintRun", + "access_level": "Permissions management", + "description": "Grants permission to delete the access policy associated with the specified vault", + "privilege": "DeleteVaultAccessPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "blueprint*" + "resource_type": "vault*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve all runs of a blueprint", - "privilege": "GetBlueprintRuns", + "access_level": "Write", + "description": "Grants permission to delete the notification configuration set for a vault", + "privilege": "DeleteVaultNotifications", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "blueprint*" + "resource_type": "vault*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve a catalog", - "privilege": "GetCatalog", + "description": "Grants permission to get information about a job previously initiated", + "privilege": "DescribeJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rootcatalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "catalog" - }, - { - "condition_keys": [ - "glue:EnabledForRedshiftAutoDiscovery" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "vault*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the catalog import status", - "privilege": "GetCatalogImportStatus", + "description": "Grants permission to get information about a vault", + "privilege": "DescribeVault", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rootcatalog*" + "resource_type": "vault*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve all catalogs", - "privilege": "GetCatalogs", + "description": "Grants permission to get the data retrieval policy", + "privilege": "GetDataRetrievalPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rootcatalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "catalog" - }, - { - "condition_keys": [ - "glue:EnabledForRedshiftAutoDiscovery" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve a classifier", - "privilege": "GetClassifier", + "description": "Grants permission to download the output of the job specified", + "privilege": "GetJobOutput", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "vault*" } ] }, { "access_level": "Read", - "description": "Grants permission to list all classifiers", - "privilege": "GetClassifiers", + "description": "Grants permission to retrieve the access-policy subresource set on the vault", + "privilege": "GetVaultAccessPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "vault*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve partition statistics of columns", - "privilege": "GetColumnStatisticsForPartition", + "description": "Grants permission to retrieve attributes from the lock-policy subresource set on the specified vault", + "privilege": "GetVaultLock", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "rootcatalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "catalog" + "resource_type": "vault*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve table statistics of columns", - "privilege": "GetColumnStatisticsForTable", + "description": "Grants permission to retrieve the notification-configuration subresource set on the vault", + "privilege": "GetVaultNotifications", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "rootcatalog*" - }, + "resource_type": "vault*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to initiate a job of the specified type", + "privilege": "InitiateJob", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "vault*" }, { - "condition_keys": [], + "condition_keys": [ + "glacier:ArchiveAgeInDays" + ], "dependent_actions": [], - "resource_type": "catalog" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve Column Statistics run information for the table based on run-id", - "privilege": "GetColumnStatisticsTaskRun", + "access_level": "Write", + "description": "Grants permission to initiate a multipart upload", + "privilege": "InitiateMultipartUpload", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "vault*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve Column Statistics run information for the table based on run-ids", - "privilege": "GetColumnStatisticsTaskRuns", + "access_level": "Permissions management", + "description": "Grants permission to initiate the vault locking process", + "privilege": "InitiateVaultLock", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "vault*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve settings for a column statistics task", - "privilege": "GetColumnStatisticsTaskSettings", + "access_level": "List", + "description": "Grants permission to list jobs for a vault that are in-progress and jobs that have recently finished", + "privilege": "ListJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "vault*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get generated response for a completion request in Glue from AWS Q", - "privilege": "GetCompletion", + "access_level": "List", + "description": "Grants permission to list in-progress multipart uploads for the specified vault", + "privilege": "ListMultipartUploads", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "completion*" + "resource_type": "vault*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a connection", - "privilege": "GetConnection", + "access_level": "List", + "description": "Grants permission to list the parts of an archive that have been uploaded in a specific multipart upload", + "privilege": "ListParts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connection*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "rootcatalog*" + "resource_type": "vault*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a list of connections", - "privilege": "GetConnections", + "access_level": "List", + "description": "Grants permission to list the provisioned capacity for the specified AWS account", + "privilege": "ListProvisionedCapacity", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connection*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "rootcatalog*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a crawler", - "privilege": "GetCrawler", + "access_level": "List", + "description": "Grants permission to list all the tags attached to a vault", + "privilege": "ListTagsForVault", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "crawler*" + "resource_type": "vault*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve metrics about crawlers", - "privilege": "GetCrawlerMetrics", + "access_level": "List", + "description": "Grants permission to list all vaults", + "privilege": "ListVaults", "resource_types": [ { "condition_keys": [], @@ -146733,9 +150655,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve all crawlers", - "privilege": "GetCrawlers", + "access_level": "Write", + "description": "Grants permission to purchases a provisioned capacity unit for an AWS account", + "privilege": "PurchaseProvisionedCapacity", "resource_types": [ { "condition_keys": [], @@ -146745,340 +150667,350 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to read a Custom Entity Type", - "privilege": "GetCustomEntityType", + "access_level": "Tagging", + "description": "Grants permission to remove one or more tags from the set of tags attached to a vault", + "privilege": "RemoveTagsFromVault", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "vault*" } ] }, { - "access_level": "Read", - "description": "Grants permission to generate presigned url for accessing spark live UI", - "privilege": "GetDashboardUrl", + "access_level": "Permissions management", + "description": "Grants permission to set and then enacts a data retrieval policy in the region specified in the PUT request", + "privilege": "SetDataRetrievalPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "session*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve catalog encryption settings", - "privilege": "GetDataCatalogEncryptionSettings", + "access_level": "Permissions management", + "description": "Grants permission to configure an access policy for a vault; will overwrite an existing policy", + "privilege": "SetVaultAccessPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rootcatalog*" + "resource_type": "vault*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to get Data Preview Statement", - "privilege": "GetDataPreviewStatement", + "access_level": "Write", + "description": "Grants permission to configure vault notifications", + "privilege": "SetVaultNotifications", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "vault*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the training status of the prediction model for a statistic", - "privilege": "GetDataQualityModel", + "access_level": "Write", + "description": "Grants permission to upload an archive to a vault", + "privilege": "UploadArchive", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataQualityRuleset*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "job*" + "resource_type": "vault*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the predictions for a statistic from the latest model", - "privilege": "GetDataQualityModelResult", + "access_level": "Write", + "description": "Grants permission to upload a part of an archive", + "privilege": "UploadMultipartPart", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataQualityRuleset*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "job*" + "resource_type": "vault*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:glacier:${Region}:${Account}:vaults/${VaultName}", + "condition_keys": [], + "resource": "vault" + } + ], + "service_name": "Amazon S3 Glacier" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request", + "type": "String" }, { - "access_level": "Read", - "description": "Grants permission to retrieve a Data Quality result", - "privilege": "GetDataQualityResult", + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the presence of tag keys in the request", + "type": "ArrayOfString" + } + ], + "prefix": "globalaccelerator", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to add a virtual private cloud (VPC) subnet endpoint to a custom routing accelerator endpoint group", + "privilege": "AddCustomRoutingEndpoints", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataQualityRuleset*" + "resource_type": "endpointgroup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a Data Quality rule recommendation run", - "privilege": "GetDataQualityRuleRecommendationRun", + "access_level": "Write", + "description": "Grants permission to add an endpoint to a standard accelerator endpoint group", + "privilege": "AddEndpoints", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "dataQualityRuleset*" + "dependent_actions": [ + "globalaccelerator:UpdateEndpointGroup" + ], + "resource_type": "endpointgroup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a Data Quality ruleset", - "privilege": "GetDataQualityRuleset", + "access_level": "Write", + "description": "Grants permission to advertises an IPv4 address range that is provisioned for use with your accelerator through bring your own IP addresses (BYOIP)", + "privilege": "AdvertiseByoipCidr", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataQualityRuleset*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a Data Quality rule recommendation run", - "privilege": "GetDataQualityRulesetEvaluationRun", + "access_level": "Write", + "description": "Grants permission to allows custom routing of user traffic to a private destination IP:PORT in a specific VPC subnet", + "privilege": "AllowCustomRoutingTraffic", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataQualityRuleset*" + "resource_type": "endpointgroup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a database", - "privilege": "GetDatabase", + "access_level": "Write", + "description": "Grants permission to create a standard accelerator", + "privilege": "CreateAccelerator", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "database*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "rootcatalog*" - }, - { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "catalog" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve all databases", - "privilege": "GetDatabases", + "access_level": "Write", + "description": "Grants permission to create a CrossAccountAttachment", + "privilege": "CreateCrossAccountAttachment", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "database*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "rootcatalog*" - }, - { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "catalog" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to transform a script into a directed acyclic graph (DAG)", - "privilege": "GetDataflowGraph", + "access_level": "Write", + "description": "Grants permission to create a Custom Routing accelerator", + "privilege": "CreateCustomRoutingAccelerator", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a development endpoint", - "privilege": "GetDevEndpoint", + "access_level": "Write", + "description": "Grants permission to create an endpoint group for the specified listener for a custom routing accelerator", + "privilege": "CreateCustomRoutingEndpointGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "devendpoint*" + "resource_type": "listener*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve all development endpoints", - "privilege": "GetDevEndpoints", + "access_level": "Write", + "description": "Grants permission to create a listener to process inbound connections from clients to a custom routing accelerator", + "privilege": "CreateCustomRoutingListener", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "accelerator*" } ] }, { - "access_level": "Read", - "description": "Grants permission to preview entity records in glue", - "privilege": "GetEntityRecords", + "access_level": "Write", + "description": "Grants permission to add an endpoint group to a standard accelerator listener", + "privilege": "CreateEndpointGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "connection" + "resource_type": "listener*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to get environment details for SparkUI", - "privilege": "GetEnvironment", + "access_level": "Write", + "description": "Grants permission to add a listener to a standard accelerator", + "privilege": "CreateListener", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "accelerator*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to get executors for SparkUI", - "privilege": "GetExecutors", + "access_level": "Write", + "description": "Grants permission to delete a standard accelerator", + "privilege": "DeleteAccelerator", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "accelerator*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to get executor threads for SparkUI", - "privilege": "GetExecutorsThreads", + "access_level": "Write", + "description": "Grants permission to delete a CrossAccountAttachment", + "privilege": "DeleteCrossAccountAttachment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "attachment*" } ] }, { - "access_level": "Read", - "description": "Transforms a directed acyclic graph (DAG) into code", - "privilege": "GetGeneratedCode", + "access_level": "Write", + "description": "Grants permission to delete a custom routing accelerator", + "privilege": "DeleteCustomRoutingAccelerator", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "accelerator*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the integration resource property", - "privilege": "GetIntegrationResourceProperty", + "access_level": "Write", + "description": "Grants permission to delete an endpoint group from a listener for a custom routing accelerator", + "privilege": "DeleteCustomRoutingEndpointGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "connection*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "database*" + "resource_type": "endpointgroup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the integration table properties", - "privilege": "GetIntegrationTableProperties", + "access_level": "Write", + "description": "Grants permission to delete a listener for a custom routing accelerator", + "privilege": "DeleteCustomRoutingListener", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" - }, + "resource_type": "listener*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an endpoint group associated with a standard accelerator listener", + "privilege": "DeleteEndpointGroup", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connection*" - }, + "resource_type": "endpointgroup*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a listener from a standard accelerator", + "privilege": "DeleteListener", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" + "resource_type": "listener*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a job", - "privilege": "GetJob", + "access_level": "Write", + "description": "Grants permission to disallows custom routing of user traffic to a private destination IP:PORT in a specific VPC subnet", + "privilege": "DenyCustomRoutingTraffic", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job*" + "resource_type": "endpointgroup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a job bookmark", - "privilege": "GetJobBookmark", + "access_level": "Write", + "description": "Grants permission to releases the specified address range that you provisioned for use with your accelerator through bring your own IP addresses (BYOIP)", + "privilege": "DeprovisionByoipCidr", "resource_types": [ { "condition_keys": [], @@ -147089,116 +151021,116 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve a job run", - "privilege": "GetJobRun", + "description": "Grants permissions to describe a standard accelerator", + "privilege": "DescribeAccelerator", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job*" + "resource_type": "accelerator*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve all job runs of a job", - "privilege": "GetJobRuns", + "description": "Grants permission to describe a standard accelerator attributes", + "privilege": "DescribeAcceleratorAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job*" + "resource_type": "accelerator*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve an upgrade analysis for a job", - "privilege": "GetJobUpgradeAnalysis", + "description": "Grants permissions to describe a CrossAccountAttachment", + "privilege": "DescribeCrossAccountAttachment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job*" + "resource_type": "attachment*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve all current jobs", - "privilege": "GetJobs", + "description": "Grants permission to describe a custom routing accelerator", + "privilege": "DescribeCustomRoutingAccelerator", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "accelerator*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to get log parsing status for SparkUI", - "privilege": "GetLogParsingStatus", + "access_level": "Read", + "description": "Grants permission to describe the attributes of a custom routing accelerator", + "privilege": "DescribeCustomRoutingAcceleratorAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "accelerator*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve an ML Task Run", - "privilege": "GetMLTaskRun", + "description": "Grants permission to describe an endpoint group for a custom routing accelerator", + "privilege": "DescribeCustomRoutingEndpointGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "mlTransform*" + "resource_type": "endpointgroup*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve all ML Task Runs", - "privilege": "GetMLTaskRuns", + "access_level": "Read", + "description": "Grants permission to describe a listener for a custom routing accelerator", + "privilege": "DescribeCustomRoutingListener", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "mlTransform*" + "resource_type": "listener*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve an ML Transform", - "privilege": "GetMLTransform", + "description": "Grants permission to describe a standard accelerator endpoint group", + "privilege": "DescribeEndpointGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "mlTransform*" + "resource_type": "endpointgroup*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve all ML Transforms", - "privilege": "GetMLTransforms", + "access_level": "Read", + "description": "Grants permission to describe a standard accelerator listener", + "privilege": "DescribeListener", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "mlTransform*" + "resource_type": "listener*" } ] }, { - "access_level": "Read", - "description": "Grants permission to create a mapping", - "privilege": "GetMapping", + "access_level": "List", + "description": "Grants permission to list all standard accelerators", + "privilege": "ListAccelerators", "resource_types": [ { "condition_keys": [], @@ -147208,9 +151140,9 @@ ] }, { - "access_level": "Permissions management", - "description": "Grants permission to retrieve Glue Studio Notebooks session status", - "privilege": "GetNotebookInstanceStatus", + "access_level": "List", + "description": "Grants permission to list the BYOIP cidrs", + "privilege": "ListByoipCidrs", "resource_types": [ { "condition_keys": [], @@ -147220,90 +151152,45 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a partition", - "privilege": "GetPartition", + "access_level": "List", + "description": "Grants permission to list all CrossAccountAttachments", + "privilege": "ListCrossAccountAttachments", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "rootcatalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "catalog" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve partition indexes for a table", - "privilege": "GetPartitionIndexes", + "access_level": "List", + "description": "Grants permission to list accounts with CrossAccountAttachments listing caller as a principal", + "privilege": "ListCrossAccountResourceAccounts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "rootcatalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "catalog" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the partitions of a table", - "privilege": "GetPartitions", + "access_level": "List", + "description": "Grants permission to list all CrossAccountAttachment resources usable by caller", + "privilege": "ListCrossAccountResources", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "rootcatalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "catalog" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a mapping for a script", - "privilege": "GetPlan", + "access_level": "List", + "description": "Grants permission to list the custom routing accelerators for an AWS account", + "privilege": "ListCustomRoutingAccelerators", "resource_types": [ { "condition_keys": [], @@ -147313,269 +151200,281 @@ ] }, { - "access_level": "Permissions management", - "description": "Grants permission to get queries for SparkUI", - "privilege": "GetQueries", + "access_level": "List", + "description": "Grants permission to list the endpoint groups that are associated with a listener for a custom routing accelerator", + "privilege": "ListCustomRoutingEndpointGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "listener*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to get a specific query for SparkUI", - "privilege": "GetQuery", + "access_level": "List", + "description": "Grants permission to list the listeners for a custom routing accelerator", + "privilege": "ListCustomRoutingListeners", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "accelerator*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to get the result of a Data Preparation Recipe statement", - "privilege": "GetRecipeAction", + "access_level": "List", + "description": "Grants permission to list the port mappings for a custom routing accelerator", + "privilege": "ListCustomRoutingPortMappings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "accelerator*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a schema registry", - "privilege": "GetRegistry", + "access_level": "List", + "description": "Grants permission to list the port mappings for a specific endpoint IP address (a destination address) in a subnet", + "privilege": "ListCustomRoutingPortMappingsByDestination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "registry*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve resource policies", - "privilege": "GetResourcePolicies", + "access_level": "List", + "description": "Grants permission to list all endpoint groups associated with a standard accelerator listener", + "privilege": "ListEndpointGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rootcatalog*" + "resource_type": "listener*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a resource policy", - "privilege": "GetResourcePolicy", + "access_level": "List", + "description": "Grants permission to list all listeners associated with a standard accelerator", + "privilege": "ListListeners", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rootcatalog*" + "resource_type": "accelerator*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve a schema container", - "privilege": "GetSchema", + "description": "Grants permission to list tags for a globalaccelerator resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "registry*" + "resource_type": "accelerator" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "schema*" + "resource_type": "attachment" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a schema version based on schema definition", - "privilege": "GetSchemaByDefinition", + "access_level": "Write", + "description": "Grants permission to provisions an address range for use with your accelerator through bring your own IP addresses (BYOIP)", + "privilege": "ProvisionByoipCidr", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "registry*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "schema*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a schema version", - "privilege": "GetSchemaVersion", + "access_level": "Write", + "description": "Grants permission to remove virtual private cloud (VPC) subnet endpoints from a custom routing accelerator endpoint group", + "privilege": "RemoveCustomRoutingEndpoints", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "registry" - }, + "resource_type": "endpointgroup*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to remove an endpoint from a standard accelerator endpoint group", + "privilege": "RemoveEndpoints", + "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "schema" + "dependent_actions": [ + "globalaccelerator:UpdateEndpointGroup" + ], + "resource_type": "endpointgroup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to compare two schema versions in schema registry", - "privilege": "GetSchemaVersionsDiff", + "access_level": "Tagging", + "description": "Grants permission to add tags to a globalaccelerator resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "registry*" + "resource_type": "accelerator" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "schema*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve a security configuration", - "privilege": "GetSecurityConfiguration", - "resource_types": [ + "resource_type": "attachment" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve one or more security configurations", - "privilege": "GetSecurityConfigurations", + "access_level": "Tagging", + "description": "Grants permission to remove tags from a globalaccelerator resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "accelerator" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "attachment" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve an interactive session", - "privilege": "GetSession", + "access_level": "Write", + "description": "Grants permission to update a standard accelerator", + "privilege": "UpdateAccelerator", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "session*" + "resource_type": "accelerator*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to get a stage for SparkUI", - "privilege": "GetStage", + "access_level": "Write", + "description": "Grants permission to update a standard accelerator attributes", + "privilege": "UpdateAcceleratorAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "accelerator*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to get a stage attempt for SparkUI", - "privilege": "GetStageAttempt", + "access_level": "Write", + "description": "Grants permission to update a CrossAccountAttachment", + "privilege": "UpdateCrossAccountAttachment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "attachment*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to get the task list for a stage attempt for SparkUI", - "privilege": "GetStageAttemptTaskList", + "access_level": "Write", + "description": "Grants permission to update a custom routing accelerator", + "privilege": "UpdateCustomRoutingAccelerator", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "accelerator*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to get the task summary for a stage attempt for SparkUI", - "privilege": "GetStageAttemptTaskSummary", + "access_level": "Write", + "description": "Grants permission to update the attributes for a custom routing accelerator", + "privilege": "UpdateCustomRoutingAcceleratorAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "accelerator*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to get stage files for SparkUI", - "privilege": "GetStageFiles", + "access_level": "Write", + "description": "Grants permission to update a listener for a custom routing accelerator", + "privilege": "UpdateCustomRoutingListener", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "listener*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to get stages for SparkUI", - "privilege": "GetStages", + "access_level": "Write", + "description": "Grants permission to update an endpoint group on a standard accelerator listener", + "privilege": "UpdateEndpointGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "endpointgroup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve result and information about a statement in an interactive session", - "privilege": "GetStatement", + "access_level": "Write", + "description": "Grants permission to update a listener on a standard accelerator", + "privilege": "UpdateListener", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "session*" + "resource_type": "listener*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to get storage details for SparkUI", - "privilege": "GetStorage", + "access_level": "Write", + "description": "Grants permission to stops advertising a BYOIP IPv4 address", + "privilege": "WithdrawByoipCidr", "resource_types": [ { "condition_keys": [], @@ -147583,23 +151482,111 @@ "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:globalaccelerator::${Account}:accelerator/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "accelerator" }, { - "access_level": "Permissions management", - "description": "Grants permission to get storage unit details for SparkUI", - "privilege": "GetStorageUnit", + "arn": "arn:${Partition}:globalaccelerator::${Account}:accelerator/${ResourceId}/listener/${ListenerId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "listener" + }, + { + "arn": "arn:${Partition}:globalaccelerator::${Account}:accelerator/${ResourceId}/listener/${ListenerId}/endpoint-group/${EndpointGroupId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "endpointgroup" + }, + { + "arn": "arn:${Partition}:globalaccelerator::${Account}:attachment/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "attachment" + } + ], + "service_name": "AWS Global Accelerator" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the presence of tag keys in the request", + "type": "ArrayOfString" + }, + { + "condition": "glue:CredentialIssuingService", + "description": "Filters access by the service from which the credentials of the request is issued", + "type": "String" + }, + { + "condition": "glue:EnabledForRedshiftAutoDiscovery", + "description": "Filters access by the presence of the key configured for role's identity-based policy", + "type": "Bool" + }, + { + "condition": "glue:LakeFormationPermissions", + "description": "Filters access by whether Lake Formation permission checks will be performed for a given caller and the Glue resource", + "type": "String" + }, + { + "condition": "glue:RoleAssumedBy", + "description": "Filters access by the service from which the credentials of the request is obtained by assuming the customer role", + "type": "String" + }, + { + "condition": "glue:SecurityGroupIds", + "description": "Filters access by the ID of security groups configured for the Glue job", + "type": "ArrayOfString" + }, + { + "condition": "glue:SubnetIds", + "description": "Filters access by the ID of subnets configured for the Glue job", + "type": "ArrayOfString" + }, + { + "condition": "glue:VpcIds", + "description": "Filters access by the ID of the VPC configured for the Glue job", + "type": "ArrayOfString" + } + ], + "prefix": "glue", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to Glue to continuously validate that the target Arn can receive data replicated from the source ARN", + "privilege": "AuthorizeInboundIntegration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "integration*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a table", - "privilege": "GetTable", + "access_level": "Write", + "description": "Grants permission to create one or more partitions", + "privilege": "BatchCreatePartition", "resource_types": [ { "condition_keys": [], @@ -147620,42 +151607,25 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "catalog" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to return the configuration of all optimizers associated with a specified table", - "privilege": "GetTableOptimizer", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "glue:GetTable" - ], - "resource_type": "database*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "rootcatalog*" }, { - "condition_keys": [], + "condition_keys": [ + "glue:LakeFormationPermissions" + ], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a version of a table", - "privilege": "GetTableVersion", + "access_level": "Write", + "description": "Grants permission to delete one or more connections", + "privilege": "BatchDeleteConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" + "resource_type": "connection*" }, { "condition_keys": [], @@ -147663,21 +151633,18 @@ "resource_type": "rootcatalog*" }, { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" - }, - { - "condition_keys": [], + "condition_keys": [ + "glue:LakeFormationPermissions" + ], "dependent_actions": [], - "resource_type": "catalog" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a list of versions of a table", - "privilege": "GetTableVersions", + "access_level": "Write", + "description": "Grants permission to delete one or more partitions", + "privilege": "BatchDeletePartition", "resource_types": [ { "condition_keys": [], @@ -147698,13 +151665,20 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "catalog" + }, + { + "condition_keys": [ + "glue:LakeFormationPermissions" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the tables in a database", - "privilege": "GetTables", + "access_level": "Write", + "description": "Grants permission to delete one or more tables", + "privilege": "BatchDeleteTable", "resource_types": [ { "condition_keys": [], @@ -147725,96 +151699,114 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "catalog" + }, + { + "condition_keys": [ + "glue:LakeFormationPermissions" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve all tags associated with a resource", - "privilege": "GetTags", + "access_level": "Write", + "description": "Grants permission to delete one or more versions of a table", + "privilege": "BatchDeleteTableVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "blueprint" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "crawler" + "resource_type": "database*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "customEntityType" + "resource_type": "rootcatalog*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "devendpoint" + "resource_type": "table*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "job" + "resource_type": "catalog" }, { - "condition_keys": [], + "condition_keys": [ + "glue:LakeFormationPermissions" + ], "dependent_actions": [], - "resource_type": "trigger" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve one or more blueprints", + "privilege": "BatchGetBlueprints", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "usageProfile" - }, + "resource_type": "blueprint*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve one or more crawlers", + "privilege": "BatchGetCrawlers", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow" + "resource_type": "crawler*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve a trigger", - "privilege": "GetTrigger", + "description": "Grants permission to retrieve one or more Custom Entity Types", + "privilege": "BatchGetCustomEntityTypes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "trigger*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the triggers associated with a job", - "privilege": "GetTriggers", + "description": "Grants permission to retrieve one or more development endpoints", + "privilege": "BatchGetDevEndpoints", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "devendpoint*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve a usage profile", - "privilege": "GetUsageProfile", + "description": "Grants permission to retrieve one or more jobs", + "privilege": "BatchGetJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "usageProfile*" + "resource_type": "job*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve a function definition", - "privilege": "GetUserDefinedFunction", + "description": "Grants permission to retrieve one or more partitions", + "privilege": "BatchGetPartition", "resource_types": [ { "condition_keys": [], @@ -147829,58 +151821,74 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userdefinedfunction*" + "resource_type": "table*" }, { "condition_keys": [], "dependent_actions": [], "resource_type": "catalog" + }, + { + "condition_keys": [ + "glue:LakeFormationPermissions" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve multiple function definitions", - "privilege": "GetUserDefinedFunctions", + "access_level": "Permissions management", + "description": "Grants permission to batch get stage files for SparkUI", + "privilege": "BatchGetStageFiles", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return the configuration for the specified table optimizers", + "privilege": "BatchGetTableOptimizer", + "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "rootcatalog*" + "dependent_actions": [ + "glue:GetTable" + ], + "resource_type": "database*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "userdefinedfunction*" + "resource_type": "rootcatalog*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog" + "resource_type": "table*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve a workflow", - "privilege": "GetWorkflow", + "description": "Grants permission to retrieve one or more triggers", + "privilege": "BatchGetTriggers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow*" + "resource_type": "trigger*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve a workflow run", - "privilege": "GetWorkflowRun", + "description": "Grants permission to retrieve one or more workflows", + "privilege": "BatchGetWorkflows", "resource_types": [ { "condition_keys": [], @@ -147890,93 +151898,103 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve workflow run properties", - "privilege": "GetWorkflowRunProperties", + "access_level": "Write", + "description": "Grants permission to stop one or more job runs for a job", + "privilege": "BatchStopJobRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow*" + "resource_type": "job*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve all runs of a workflow", - "privilege": "GetWorkflowRuns", + "access_level": "Write", + "description": "Grants permission to update one or more partitions", + "privilege": "BatchUpdatePartition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow*" - } - ] - }, - { - "access_level": "Permissions management", - "description": "Grants permission to access Glue Studio Notebooks", - "privilege": "GlueNotebookAuthorize", - "resource_types": [ + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rootcatalog*" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "table*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "catalog" + }, + { + "condition_keys": [ + "glue:LakeFormationPermissions" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to refresh Glue Studio Notebooks credentials", - "privilege": "GlueNotebookRefreshCredentials", + "access_level": "Write", + "description": "Grants permission to stop a running Data Quality rule recommendation run", + "privilege": "CancelDataQualityRuleRecommendationRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "dataQualityRuleset*" } ] }, { "access_level": "Write", - "description": "Grants permission to import an Athena data catalog into AWS Glue", - "privilege": "ImportCatalogToGlue", + "description": "Grants permission to stop a running Data Quality ruleset evaluation run", + "privilege": "CancelDataQualityRulesetEvaluationRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rootcatalog*" + "resource_type": "dataQualityRuleset*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve all blueprints", - "privilege": "ListBlueprints", + "access_level": "Write", + "description": "Grants permission to stop a running ML Task Run", + "privilege": "CancelMLTaskRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "mlTransform*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list all Column Statistics run-ids that have been executed for the account", - "privilege": "ListColumnStatisticsTaskRuns", + "access_level": "Write", + "description": "Grants permission to cancel a statement in an interactive session", + "privilege": "CancelStatement", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "session*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to list connection types in glue studio", - "privilege": "ListConnectionTypes", + "access_level": "Read", + "description": "Grants permission to retrieve a check the validity of schema version", + "privilege": "CheckSchemaVersionValidity", "resource_types": [ { "condition_keys": [], @@ -147986,33 +152004,53 @@ ] }, { - "access_level": "List", - "description": "Grants permission to retrieve all crawlers", - "privilege": "ListCrawlers", + "access_level": "Write", + "description": "Grants permission to create a blueprint", + "privilege": "CreateBlueprint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "blueprint*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve crawl run history for a crawler", - "privilege": "ListCrawls", + "access_level": "Write", + "description": "Grants permission to create a catalog", + "privilege": "CreateCatalog", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "crawler*" + "resource_type": "catalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rootcatalog*" + }, + { + "condition_keys": [ + "glue:LakeFormationPermissions" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve all Custom Entity Types", - "privilege": "ListCustomEntityTypes", + "access_level": "Write", + "description": "Grants permission to create a classifier", + "privilege": "CreateClassifier", "resource_types": [ { "condition_keys": [], @@ -148022,98 +152060,141 @@ ] }, { - "access_level": "List", - "description": "Grants permission to retrieve all Data Quality results", - "privilege": "ListDataQualityResults", + "access_level": "Write", + "description": "Grants permission to create settings for a column statistics task", + "privilege": "CreateColumnStatisticsTaskSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataQualityRuleset*" + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rootcatalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve all Data Quality rule recommendation runs", - "privilege": "ListDataQualityRuleRecommendationRuns", + "access_level": "Write", + "description": "Grants permission to create a connection", + "privilege": "CreateConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataQualityRuleset*" + "resource_type": "rootcatalog*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "glue:LakeFormationPermissions" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve all Data Quality rule recommendation runs", - "privilege": "ListDataQualityRulesetEvaluationRuns", + "access_level": "Write", + "description": "Grants permission to create a crawler", + "privilege": "CreateCrawler", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "dataQualityRuleset*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of Data Quality rulesets", - "privilege": "ListDataQualityRulesets", + "access_level": "Write", + "description": "Grants permission to create a Custom Entity Type", + "privilege": "CreateCustomEntityType", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "dataQualityRuleset*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve all development endpoints", - "privilege": "ListDevEndpoints", + "access_level": "Write", + "description": "Grants permission to create a Data Quality ruleset", + "privilege": "CreateDataQualityRuleset", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to list entities in glue studio", - "privilege": "ListEntities", + "access_level": "Write", + "description": "Grants permission to create a database", + "privilege": "CreateDatabase", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connection*" + "resource_type": "database*" }, { "condition_keys": [], "dependent_actions": [], "resource_type": "rootcatalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "catalog" + }, + { + "condition_keys": [ + "glue:LakeFormationPermissions" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list upgrade analyses for a job", - "privilege": "ListJobUpgradeAnalyses", + "access_level": "Write", + "description": "Grants permission to create a development endpoint", + "privilege": "CreateDevEndpoint", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "job*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve all current jobs", - "privilege": "ListJobs", + "access_level": "Write", + "description": "Grants permission to connect Glue with Identity Center", + "privilege": "CreateGlueIdentityCenterConfiguration", "resource_types": [ { "condition_keys": [], @@ -148123,92 +152204,145 @@ ] }, { - "access_level": "List", - "description": "Grants permission to retrieve all ML Transforms", - "privilege": "ListMLTransforms", + "access_level": "Write", + "description": "Grants permission to the source principal to create an inbound integration for data to be replicated from the source into the target", + "privilege": "CreateInboundIntegration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "mlTransform*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of schema registries", - "privilege": "ListRegistries", + "access_level": "Write", + "description": "Grants permission to create an integration", + "privilege": "CreateIntegration", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "kms:CreateGrant", + "kms:DescribeKey" + ], + "resource_type": "catalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connection*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "integration*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of schema versions", - "privilege": "ListSchemaVersions", + "access_level": "Write", + "description": "Grants permission to create integration resource property", + "privilege": "CreateIntegrationResourceProperty", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "registry*" + "resource_type": "catalog*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "schema*" + "resource_type": "connection*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "database*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of schema containers", - "privilege": "ListSchemas", + "access_level": "Write", + "description": "Grants permission to create integration table properties", + "privilege": "CreateIntegrationTableProperties", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "registry" + "resource_type": "catalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connection*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "database*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of interactive session", - "privilege": "ListSessions", + "access_level": "Write", + "description": "Grants permission to create a job", + "privilege": "CreateJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "job*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "glue:VpcIds", + "glue:SubnetIds", + "glue:SecurityGroupIds" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of statements in an interactive session", - "privilege": "ListStatements", + "access_level": "Write", + "description": "Grants permission to create an ML Transform", + "privilege": "CreateMLTransform", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "session*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the history of previous optimizer runs for a specific table", - "privilege": "ListTableOptimizerRuns", + "access_level": "Write", + "description": "Grants permission to create a partition", + "privilege": "CreatePartition", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "glue:GetTable" - ], + "dependent_actions": [], "resource_type": "database*" }, { @@ -148220,58 +152354,94 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "table*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to retrieve all triggers", - "privilege": "ListTriggers", - "resource_types": [ + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "catalog" + }, + { + "condition_keys": [ + "glue:LakeFormationPermissions" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of usage profiles", - "privilege": "ListUsageProfiles", + "access_level": "Write", + "description": "Grants permission to create a specified partition index in an existing table", + "privilege": "CreatePartitionIndex", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rootcatalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "catalog" + }, + { + "condition_keys": [ + "glue:LakeFormationPermissions" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve all workflows", - "privilege": "ListWorkflows", + "access_level": "Write", + "description": "Grants permission to create a new schema registry", + "privilege": "CreateRegistry", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "registry*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to modify a zero-ETL integration", - "privilege": "ModifyIntegration", + "description": "Grants permission to create a new schema container", + "privilege": "CreateSchema", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "integration*" + "resource_type": "registry*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "schema*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -148280,235 +152450,376 @@ }, { "access_level": "Write", - "description": "Grants permission to notify an event to the event-driven workflow", - "privilege": "NotifyEvent", + "description": "Grants permission to create a script", + "privilege": "CreateScript", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to pass glue connection name in input for APIs that require them", - "privilege": "PassConnection", + "description": "Grants permission to create a security configuration", + "privilege": "CreateSecurityConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connection*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to publish Data Quality results", - "privilege": "PublishDataQuality", + "description": "Grants permission to create an interactive session", + "privilege": "CreateSession", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataQualityRuleset*" + "resource_type": "session*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "glue:VpcIds", + "glue:SubnetIds", + "glue:SecurityGroupIds" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update catalog encryption settings", - "privilege": "PutDataCatalogEncryptionSettings", + "description": "Grants permission to create a table", + "privilege": "CreateTable", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "database*" + }, { "condition_keys": [], "dependent_actions": [], "resource_type": "rootcatalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "catalog" + }, + { + "condition_keys": [ + "glue:LakeFormationPermissions" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to annotate all datapoints for a profile", - "privilege": "PutDataQualityProfileAnnotation", + "description": "Grants permission to create a new table optimizer for a specific function. Compaction is the only currently supported optimizer type", + "privilege": "CreateTableOptimizer", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "glue:GetTable" + ], + "resource_type": "database*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataQualityRuleset*" + "resource_type": "rootcatalog*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "job*" + "resource_type": "table*" } ] }, { "access_level": "Write", - "description": "Grants permission to annotate datapoints over time for a specific data quality statistic", - "privilege": "PutDataQualityStatisticAnnotation", + "description": "Grants permission to create a trigger", + "privilege": "CreateTrigger", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataQualityRuleset*" + "resource_type": "trigger*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "job*" + "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to update a resource policy", - "privilege": "PutResourcePolicy", + "access_level": "Write", + "description": "Grants permission to create a usage profile", + "privilege": "CreateUsageProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rootcatalog*" + "resource_type": "usageProfile*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to add metadata to schema version", - "privilege": "PutSchemaVersionMetadata", + "description": "Grants permission to create a function definition", + "privilege": "CreateUserDefinedFunction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "registry" + "resource_type": "database*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "schema" + "resource_type": "rootcatalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "catalog" + }, + { + "condition_keys": [ + "glue:LakeFormationPermissions" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update workflow run properties", - "privilege": "PutWorkflowRunProperties", + "description": "Grants permission to create a workflow", + "privilege": "CreateWorkflow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], "resource_type": "workflow*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to fetch metadata for a schema version", - "privilege": "QuerySchemaVersionMetadata", + "access_level": "Write", + "description": "Grants permission to delete a blueprint", + "privilege": "DeleteBlueprint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "registry" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "schema" + "resource_type": "blueprint*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to refresh the oauth2 tokens for connection during job execution", - "privilege": "RefreshOAuth2Tokens", + "access_level": "Write", + "description": "Grants permission to delete a catalog", + "privilege": "DeleteCatalog", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connection*" + "resource_type": "rootcatalog*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "rootcatalog*" + "resource_type": "catalog" + }, + { + "condition_keys": [ + "glue:LakeFormationPermissions" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new schema version", - "privilege": "RegisterSchemaVersion", + "description": "Grants permission to delete a classifier", + "privilege": "DeleteClassifier", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "registry*" + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the partition column statistics of a column", + "privilege": "DeleteColumnStatisticsForPartition", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "database*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "schema*" + "resource_type": "rootcatalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "catalog" + }, + { + "condition_keys": [ + "glue:LakeFormationPermissions" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to remove metadata from schema version", - "privilege": "RemoveSchemaVersionMetadata", + "description": "Grants permission to delete the table statistics of columns", + "privilege": "DeleteColumnStatisticsForTable", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "registry" + "resource_type": "database*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "schema" + "resource_type": "rootcatalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "catalog" + }, + { + "condition_keys": [ + "glue:LakeFormationPermissions" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to request log parsing for SparkUI", - "privilege": "RequestLogParsing", + "access_level": "Write", + "description": "Grants permission to delete settings for a column statistics task", + "privilege": "DeleteColumnStatisticsTaskSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rootcatalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" } ] }, { "access_level": "Write", - "description": "Grants permission to reset a job bookmark", - "privilege": "ResetJobBookmark", + "description": "Grants permission to delete a connection", + "privilege": "DeleteConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "connection*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rootcatalog*" + }, + { + "condition_keys": [ + "glue:LakeFormationPermissions" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to resume a workflow run", - "privilege": "ResumeWorkflowRun", + "description": "Grants permission to delete a crawler", + "privilege": "DeleteCrawler", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow*" + "resource_type": "crawler*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to run Data Preview Statement", - "privilege": "RunDataPreviewStatement", + "access_level": "Write", + "description": "Grants permission to delete a Custom Entity Type", + "privilege": "DeleteCustomEntityType", "resource_types": [ { "condition_keys": [], @@ -148519,20 +152830,20 @@ }, { "access_level": "Write", - "description": "Grants permission to run a code or statement in an interactive session", - "privilege": "RunStatement", + "description": "Grants permission to delete a Data Quality ruleset", + "privilege": "DeleteDataQualityRuleset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "session*" + "resource_type": "dataQualityRuleset*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the tables in the catalog", - "privilege": "SearchTables", + "access_level": "Write", + "description": "Grants permission to delete a database", + "privilege": "DeleteDatabase", "resource_types": [ { "condition_keys": [], @@ -148549,29 +152860,41 @@ "dependent_actions": [], "resource_type": "table*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "userdefinedfunction*" + }, { "condition_keys": [], "dependent_actions": [], "resource_type": "catalog" + }, + { + "condition_keys": [ + "glue:LakeFormationPermissions" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to provide feedback about a glue completion experience in AWS Q", - "privilege": "SendFeedback", + "description": "Grants permission to delete a development endpoint", + "privilege": "DeleteDevEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "devendpoint*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to execute a Data Preparation Recipe statement in data preview", - "privilege": "SendRecipeAction", + "access_level": "Write", + "description": "Grants permission to disconnect Glue with Identity Center", + "privilege": "DeleteGlueIdentityCenterConfiguration", "resource_types": [ { "condition_keys": [], @@ -148582,45 +152905,73 @@ }, { "access_level": "Write", - "description": "Grants permission to start running a blueprint", - "privilege": "StartBlueprintRun", + "description": "Grants permission to delete an integration", + "privilege": "DeleteIntegration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "blueprint*" + "resource_type": "integration*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start a run for generating Column Statistics for the table", - "privilege": "StartColumnStatisticsTaskRun", + "description": "Grants permission to delete integration table properties", + "privilege": "DeleteIntegrationTableProperties", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "glue:GetSecurityConfiguration", - "glue:GetTable" - ], - "resource_type": "database*" + "dependent_actions": [], + "resource_type": "catalog*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "rootcatalog*" + "resource_type": "connection*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "database*" } ] }, { "access_level": "Write", - "description": "Grants permission to start a column statistics task run schedule", - "privilege": "StartColumnStatisticsTaskRunSchedule", + "description": "Grants permission to delete a job", + "privilege": "DeleteJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "job*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an ML Transform", + "privilege": "DeleteMLTransform", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "mlTransform*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a partition", + "privilege": "DeletePartition", "resource_types": [ { "condition_keys": [], @@ -148636,148 +152987,224 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "table*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a completion request in Glue for AWS Q experience", - "privilege": "StartCompletion", - "resource_types": [ + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "catalog" + }, + { + "condition_keys": [ + "glue:LakeFormationPermissions" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start a crawler", - "privilege": "StartCrawler", + "description": "Grants permission to delete a specified partition index from an existing table", + "privilege": "DeletePartitionIndex", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "crawler*" + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rootcatalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "catalog" + }, + { + "condition_keys": [ + "glue:LakeFormationPermissions" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to change the schedule state of a crawler to SCHEDULED", - "privilege": "StartCrawlerSchedule", + "description": "Grants permission to delete a schema registry", + "privilege": "DeleteRegistry", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "registry*" } ] }, { - "access_level": "Write", - "description": "Grants permission to start a Data Quality rule recommendation run", - "privilege": "StartDataQualityRuleRecommendationRun", + "access_level": "Permissions management", + "description": "Grants permission to delete a resource policy", + "privilege": "DeleteResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataQualityRuleset*" + "resource_type": "rootcatalog*" } ] }, { "access_level": "Write", - "description": "Grants permission to start a Data Quality rule recommendation run", - "privilege": "StartDataQualityRulesetEvaluationRun", + "description": "Grants permission to delete a schema container", + "privilege": "DeleteSchema", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataQualityRuleset*" + "resource_type": "registry*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "schema*" } ] }, { "access_level": "Write", - "description": "Grants permission to start an Export Labels ML Task Run", - "privilege": "StartExportLabelsTaskRun", + "description": "Grants permission to delete a range of schema versions", + "privilege": "DeleteSchemaVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "mlTransform*" + "resource_type": "registry*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "schema*" } ] }, { "access_level": "Write", - "description": "Grants permission to start an Import Labels ML Task Run", - "privilege": "StartImportLabelsTaskRun", + "description": "Grants permission to delete a security configuration", + "privilege": "DeleteSecurityConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "mlTransform*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start running a job", - "privilege": "StartJobRun", + "description": "Grants permission to delete an interactive session after stopping the session if not already stopped", + "privilege": "DeleteSession", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job*" + "resource_type": "session*" } ] }, { "access_level": "Write", - "description": "Grants permission to start running upgrade analysis for a job", - "privilege": "StartJobUpgradeAnalysis", + "description": "Grants permission to delete a table", + "privilege": "DeleteTable", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job*" + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rootcatalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "catalog" + }, + { + "condition_keys": [ + "glue:LakeFormationPermissions" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start an Evaluation ML Task Run", - "privilege": "StartMLEvaluationTaskRun", + "description": "Grants permission to delete an optimizer and all associated metadata for a table. The optimization will no longer be performed on the table", + "privilege": "DeleteTableOptimizer", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "glue:GetTable" + ], + "resource_type": "database*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "mlTransform*" + "resource_type": "rootcatalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" } ] }, { "access_level": "Write", - "description": "Grants permission to start a Labeling Set Generation ML Task Run", - "privilege": "StartMLLabelingSetGenerationTaskRun", + "description": "Grants permission to delete a version of a table", + "privilege": "DeleteTableVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "mlTransform*" - } - ] - }, - { - "access_level": "Permissions management", - "description": "Grants permission to start Glue Studio Notebooks", - "privilege": "StartNotebook", - "resource_types": [ + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rootcatalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "catalog" + }, { - "condition_keys": [], + "condition_keys": [ + "glue:LakeFormationPermissions" + ], "dependent_actions": [], "resource_type": "" } @@ -148785,8 +153212,8 @@ }, { "access_level": "Write", - "description": "Grants permission to start a trigger", - "privilege": "StartTrigger", + "description": "Grants permission to delete a trigger", + "privilege": "DeleteTrigger", "resource_types": [ { "condition_keys": [], @@ -148797,20 +153224,20 @@ }, { "access_level": "Write", - "description": "Grants permission to start running a workflow", - "privilege": "StartWorkflowRun", + "description": "Grants permission to delete a usage profile", + "privilege": "DeleteUsageProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow*" + "resource_type": "usageProfile*" } ] }, { "access_level": "Write", - "description": "Grants permission to stop execution for Column Statistics run", - "privilege": "StopColumnStatisticsTaskRun", + "description": "Grants permission to delete a function definition", + "privilege": "DeleteUserDefinedFunction", "resource_types": [ { "condition_keys": [], @@ -148825,48 +153252,79 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "userdefinedfunction*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "catalog" + }, + { + "condition_keys": [ + "glue:LakeFormationPermissions" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to stop a column statistics task run schedule", - "privilege": "StopColumnStatisticsTaskRunSchedule", + "description": "Grants permission to delete a workflow", + "privilege": "DeleteWorkflow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" - }, + "resource_type": "workflow*" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to terminate Glue Studio Notebook session", + "privilege": "DeregisterDataPreview", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rootcatalog*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to describe connection type in glue studio", + "privilege": "DescribeConnectionType", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to stop a running crawler", - "privilege": "StopCrawler", + "access_level": "Permissions management", + "description": "Grants permission to describe entity in glue studio", + "privilege": "DescribeEntity", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "crawler*" + "resource_type": "connection*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rootcatalog*" } ] }, { - "access_level": "Write", - "description": "Grants permission to set the schedule state of a crawler to NOT_SCHEDULED", - "privilege": "StopCrawlerSchedule", + "access_level": "List", + "description": "Grants permission to list the inbound integrations", + "privilege": "DescribeInboundIntegrations", "resource_types": [ { "condition_keys": [], @@ -148876,137 +153334,215 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to stop an on-going upgrade analysis for a job", - "privilege": "StopJobUpgradeAnalysis", + "access_level": "List", + "description": "Grants permission to describe zero-ETL integrations", + "privilege": "DescribeIntegrations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job*" + "resource_type": "integration*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to stop an interactive session", - "privilege": "StopSession", + "access_level": "Read", + "description": "Grants permission to retrieve a blueprint", + "privilege": "GetBlueprint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "session*" + "resource_type": "blueprint*" } ] }, { - "access_level": "Write", - "description": "Grants permission to stop a trigger", - "privilege": "StopTrigger", + "access_level": "Read", + "description": "Grants permission to retrieve a blueprint run", + "privilege": "GetBlueprintRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "trigger*" + "resource_type": "blueprint*" } ] }, { - "access_level": "Write", - "description": "Grants permission to stop a workflow run", - "privilege": "StopWorkflowRun", + "access_level": "Read", + "description": "Grants permission to retrieve all runs of a blueprint", + "privilege": "GetBlueprintRuns", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow*" + "resource_type": "blueprint*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add tags to a resource", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to retrieve a catalog", + "privilege": "GetCatalog", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "blueprint" + "resource_type": "rootcatalog*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "connection" + "resource_type": "catalog" }, + { + "condition_keys": [ + "glue:EnabledForRedshiftAutoDiscovery", + "glue:LakeFormationPermissions" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the catalog import status", + "privilege": "GetCatalogImportStatus", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "crawler" + "resource_type": "rootcatalog*" }, + { + "condition_keys": [ + "glue:LakeFormationPermissions" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve all catalogs", + "privilege": "GetCatalogs", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "customEntityType" + "resource_type": "rootcatalog*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataQualityRuleset" + "resource_type": "catalog" }, + { + "condition_keys": [ + "glue:EnabledForRedshiftAutoDiscovery", + "glue:LakeFormationPermissions" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a classifier", + "privilege": "GetClassifier", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "devendpoint" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list all classifiers", + "privilege": "GetClassifiers", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "integration" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve partition statistics of columns", + "privilege": "GetColumnStatisticsForPartition", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job" + "resource_type": "database*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "mlTransform" + "resource_type": "rootcatalog*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "registry" + "resource_type": "table*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "schema" + "resource_type": "catalog" }, + { + "condition_keys": [ + "glue:LakeFormationPermissions" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve table statistics of columns", + "privilege": "GetColumnStatisticsForTable", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "session" + "resource_type": "database*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "trigger" + "resource_type": "rootcatalog*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "usageProfile" + "resource_type": "table*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow" + "resource_type": "catalog" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "glue:LakeFormationPermissions" ], "dependent_actions": [], "resource_type": "" @@ -149014,9 +153550,9 @@ ] }, { - "access_level": "Permissions management", - "description": "Grants permission to terminate Glue Studio Notebooks", - "privilege": "TerminateNotebook", + "access_level": "Read", + "description": "Grants permission to retrieve Column Statistics run information for the table based on run-id", + "privilege": "GetColumnStatisticsTaskRun", "resource_types": [ { "condition_keys": [], @@ -149026,9 +153562,9 @@ ] }, { - "access_level": "Permissions management", - "description": "Grants permission to test connection in Glue Studio", - "privilege": "TestConnection", + "access_level": "Read", + "description": "Grants permission to retrieve Column Statistics run information for the table based on run-ids", + "privilege": "GetColumnStatisticsTaskRuns", "resource_types": [ { "condition_keys": [], @@ -149038,139 +153574,247 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags associated with a resource", - "privilege": "UntagResource", + "access_level": "Read", + "description": "Grants permission to retrieve settings for a column statistics task", + "privilege": "GetColumnStatisticsTaskSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "blueprint" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get generated response for a completion request in Glue from AWS Q", + "privilege": "GetCompletion", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connection" - }, + "resource_type": "completion*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a connection", + "privilege": "GetConnection", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "crawler" + "resource_type": "connection*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "customEntityType" + "resource_type": "rootcatalog*" }, + { + "condition_keys": [ + "glue:LakeFormationPermissions" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a list of connections", + "privilege": "GetConnections", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataQualityRuleset" + "resource_type": "connection*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "devendpoint" + "resource_type": "rootcatalog*" }, + { + "condition_keys": [ + "glue:LakeFormationPermissions" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a crawler", + "privilege": "GetCrawler", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "integration" - }, + "resource_type": "crawler*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve metrics about crawlers", + "privilege": "GetCrawlerMetrics", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve all crawlers", + "privilege": "GetCrawlers", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "mlTransform" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to read a Custom Entity Type", + "privilege": "GetCustomEntityType", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "registry" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to generate presigned url for accessing spark live UI", + "privilege": "GetDashboardUrl", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "schema" - }, + "resource_type": "session*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve catalog encryption settings", + "privilege": "GetDataCatalogEncryptionSettings", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "session" - }, + "resource_type": "rootcatalog*" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to get Data Preview Statement", + "privilege": "GetDataPreviewStatement", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "trigger" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the training status of the prediction model for a statistic", + "privilege": "GetDataQualityModel", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "usageProfile" + "resource_type": "dataQualityRuleset*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow" + "resource_type": "job*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the predictions for a statistic from the latest model", + "privilege": "GetDataQualityModelResult", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dataQualityRuleset*" }, { - "condition_keys": [ - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "job*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a blueprint", - "privilege": "UpdateBlueprint", + "access_level": "Read", + "description": "Grants permission to retrieve a Data Quality result", + "privilege": "GetDataQualityResult", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "blueprint*" + "resource_type": "dataQualityRuleset*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a catalog", - "privilege": "UpdateCatalog", + "access_level": "Read", + "description": "Grants permission to retrieve a Data Quality rule recommendation run", + "privilege": "GetDataQualityRuleRecommendationRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rootcatalog*" - }, + "resource_type": "dataQualityRuleset*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a Data Quality ruleset", + "privilege": "GetDataQualityRuleset", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog" + "resource_type": "dataQualityRuleset*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a classifier", - "privilege": "UpdateClassifier", + "access_level": "Read", + "description": "Grants permission to retrieve a Data Quality rule recommendation run", + "privilege": "GetDataQualityRulesetEvaluationRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "dataQualityRuleset*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update partition statistics of columns", - "privilege": "UpdateColumnStatisticsForPartition", + "access_level": "Read", + "description": "Grants permission to retrieve a database", + "privilege": "GetDatabase", "resource_types": [ { "condition_keys": [], @@ -149185,19 +153829,21 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "catalog" }, { - "condition_keys": [], + "condition_keys": [ + "glue:LakeFormationPermissions" + ], "dependent_actions": [], - "resource_type": "catalog" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update table statistics of columns", - "privilege": "UpdateColumnStatisticsForTable", + "access_level": "Read", + "description": "Grants permission to retrieve all databases", + "privilege": "GetDatabases", "resource_types": [ { "condition_keys": [], @@ -149212,70 +153858,86 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "catalog" }, { - "condition_keys": [], + "condition_keys": [ + "glue:LakeFormationPermissions" + ], "dependent_actions": [], - "resource_type": "catalog" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update settings for a column statistics task", - "privilege": "UpdateColumnStatisticsTaskSettings", + "access_level": "Read", + "description": "Grants permission to transform a script into a directed acyclic graph (DAG)", + "privilege": "GetDataflowGraph", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a development endpoint", + "privilege": "GetDevEndpoint", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rootcatalog*" - }, + "resource_type": "devendpoint*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve all development endpoints", + "privilege": "GetDevEndpoints", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a connection", - "privilege": "UpdateConnection", + "access_level": "Read", + "description": "Grants permission to preview entity records in glue", + "privilege": "GetEntityRecords", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connection*" + "resource_type": "catalog*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "rootcatalog*" + "resource_type": "connection" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a crawler", - "privilege": "UpdateCrawler", + "access_level": "Permissions management", + "description": "Grants permission to get environment details for SparkUI", + "privilege": "GetEnvironment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "crawler*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the schedule of a crawler", - "privilege": "UpdateCrawlerSchedule", + "access_level": "Permissions management", + "description": "Grants permission to get executors for SparkUI", + "privilege": "GetExecutors", "resource_types": [ { "condition_keys": [], @@ -149285,55 +153947,45 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update a Data Quality ruleset", - "privilege": "UpdateDataQualityRuleset", + "access_level": "Permissions management", + "description": "Grants permission to get executor threads for SparkUI", + "privilege": "GetExecutorsThreads", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataQualityRuleset*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a database", - "privilege": "UpdateDatabase", + "access_level": "Read", + "description": "Transforms a directed acyclic graph (DAG) into code", + "privilege": "GetGeneratedCode", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "rootcatalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "catalog" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a development endpoint", - "privilege": "UpdateDevEndpoint", + "access_level": "Read", + "description": "Grants permission to retrieve the managed Idc application", + "privilege": "GetGlueIdentityCenterConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "devendpoint*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the integration resource property", - "privilege": "UpdateIntegrationResourceProperty", + "access_level": "Read", + "description": "Grants permission to retrieve the integration resource property", + "privilege": "GetIntegrationResourceProperty", "resource_types": [ { "condition_keys": [], @@ -149353,9 +154005,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update the integration table properties", - "privilege": "UpdateIntegrationTableProperties", + "access_level": "Read", + "description": "Grants permission to retrieve the integration table properties", + "privilege": "GetIntegrationTableProperties", "resource_types": [ { "condition_keys": [], @@ -149375,30 +154027,33 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update a job", - "privilege": "UpdateJob", + "access_level": "Read", + "description": "Grants permission to retrieve a job", + "privilege": "GetJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], "resource_type": "job*" - }, + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a job bookmark", + "privilege": "GetJobBookmark", + "resource_types": [ { - "condition_keys": [ - "glue:VpcIds", - "glue:SubnetIds", - "glue:SecurityGroupIds" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a job from source control provider", - "privilege": "UpdateJobFromSourceControl", + "access_level": "Read", + "description": "Grants permission to retrieve a job run", + "privilege": "GetJobRun", "resource_types": [ { "condition_keys": [], @@ -149408,89 +154063,129 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update an ML Transform", - "privilege": "UpdateMLTransform", + "access_level": "Read", + "description": "Grants permission to retrieve all job runs of a job", + "privilege": "GetJobRuns", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "mlTransform*" + "resource_type": "job*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a partition", - "privilege": "UpdatePartition", + "access_level": "Read", + "description": "Grants permission to retrieve an upgrade analysis for a job", + "privilege": "GetJobUpgradeAnalysis", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" - }, + "resource_type": "job*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve all current jobs", + "privilege": "GetJobs", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rootcatalog*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to get log parsing status for SparkUI", + "privilege": "GetLogParsingStatus", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve an ML Task Run", + "privilege": "GetMLTaskRun", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog" + "resource_type": "mlTransform*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a schema registry", - "privilege": "UpdateRegistry", + "access_level": "List", + "description": "Grants permission to retrieve all ML Task Runs", + "privilege": "GetMLTaskRuns", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "registry*" + "resource_type": "mlTransform*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a schema container", - "privilege": "UpdateSchema", + "access_level": "Read", + "description": "Grants permission to retrieve an ML Transform", + "privilege": "GetMLTransform", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "registry*" - }, + "resource_type": "mlTransform*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve all ML Transforms", + "privilege": "GetMLTransforms", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "schema*" + "resource_type": "mlTransform*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update source control provider from a job", - "privilege": "UpdateSourceControlFromJob", + "access_level": "Read", + "description": "Grants permission to create a mapping", + "privilege": "GetMapping", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a table", - "privilege": "UpdateTable", + "access_level": "Permissions management", + "description": "Grants permission to retrieve Glue Studio Notebooks session status", + "privilege": "GetNotebookInstanceStatus", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a partition", + "privilege": "GetPartition", "resource_types": [ { "condition_keys": [], @@ -149511,19 +154206,24 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "catalog" + }, + { + "condition_keys": [ + "glue:LakeFormationPermissions" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the configuration for an existing table optimizer", - "privilege": "UpdateTableOptimizer", + "access_level": "Read", + "description": "Grants permission to retrieve partition indexes for a table", + "privilege": "GetPartitionIndexes", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "glue:GetTable" - ], + "dependent_actions": [], "resource_type": "database*" }, { @@ -149535,37 +154235,25 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "table*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a trigger", - "privilege": "UpdateTrigger", - "resource_types": [ + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "trigger*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a usage profile", - "privilege": "UpdateUsageProfile", - "resource_types": [ + "resource_type": "catalog" + }, { - "condition_keys": [], + "condition_keys": [ + "glue:LakeFormationPermissions" + ], "dependent_actions": [], - "resource_type": "usageProfile*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a function definition", - "privilege": "UpdateUserDefinedFunction", + "access_level": "Read", + "description": "Grants permission to retrieve the partitions of a table", + "privilege": "GetPartitions", "resource_types": [ { "condition_keys": [], @@ -149580,43 +154268,50 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userdefinedfunction*" + "resource_type": "table*" }, { "condition_keys": [], "dependent_actions": [], "resource_type": "catalog" + }, + { + "condition_keys": [ + "glue:LakeFormationPermissions" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a workflow", - "privilege": "UpdateWorkflow", + "access_level": "Read", + "description": "Grants permission to retrieve a mapping for a script", + "privilege": "GetPlan", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to upgrade a job to the latest version", - "privilege": "UpgradeJob", + "access_level": "Permissions management", + "description": "Grants permission to get queries for SparkUI", + "privilege": "GetQueries", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job*" + "resource_type": "" } ] }, { "access_level": "Permissions management", - "description": "Grants permission to use Glue Studio and access its internal APIs", - "privilege": "UseGlueStudio", + "description": "Grants permission to get a specific query for SparkUI", + "privilege": "GetQuery", "resource_types": [ { "condition_keys": [], @@ -149626,440 +154321,536 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to use an ML Transform from within a Glue ETL Script", - "privilege": "UseMLTransforms", + "access_level": "Permissions management", + "description": "Grants permission to get the result of a Data Preparation Recipe statement", + "privilege": "GetRecipeAction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "mlTransform*" + "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:glue:${Region}:${Account}:catalog", - "condition_keys": [], - "resource": "rootcatalog" - }, - { - "arn": "arn:${Partition}:glue:${Region}:${Account}:catalog/${CatalogName}", - "condition_keys": [], - "resource": "catalog" - }, - { - "arn": "arn:${Partition}:glue:${Region}:${Account}:database/${DatabaseName}", - "condition_keys": [], - "resource": "database" - }, - { - "arn": "arn:${Partition}:glue:${Region}:${Account}:table/${DatabaseName}/${TableName}", - "condition_keys": [], - "resource": "table" - }, - { - "arn": "arn:${Partition}:glue:${Region}:${Account}:tableVersion/${DatabaseName}/${TableName}/${TableVersionName}", - "condition_keys": [], - "resource": "tableversion" - }, - { - "arn": "arn:${Partition}:glue:${Region}:${Account}:connection/${ConnectionName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "connection" - }, - { - "arn": "arn:${Partition}:glue:${Region}:${Account}:userDefinedFunction/${DatabaseName}/${UserDefinedFunctionName}", - "condition_keys": [], - "resource": "userdefinedfunction" - }, - { - "arn": "arn:${Partition}:glue:${Region}:${Account}:devEndpoint/${DevEndpointName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "devendpoint" - }, - { - "arn": "arn:${Partition}:glue:${Region}:${Account}:job/${JobName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "job" - }, - { - "arn": "arn:${Partition}:glue:${Region}:${Account}:trigger/${TriggerName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "trigger" - }, - { - "arn": "arn:${Partition}:glue:${Region}:${Account}:crawler/${CrawlerName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "crawler" - }, - { - "arn": "arn:${Partition}:glue:${Region}:${Account}:workflow/${WorkflowName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "workflow" - }, - { - "arn": "arn:${Partition}:glue:${Region}:${Account}:blueprint/${BlueprintName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "blueprint" - }, - { - "arn": "arn:${Partition}:glue:${Region}:${Account}:mlTransform/${TransformId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "mlTransform" }, { - "arn": "arn:${Partition}:glue:${Region}:${Account}:registry/${RegistryName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "registry" + "access_level": "Read", + "description": "Grants permission to retrieve a schema registry", + "privilege": "GetRegistry", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "registry*" + } + ] }, { - "arn": "arn:${Partition}:glue:${Region}:${Account}:schema/${SchemaName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "schema" + "access_level": "Read", + "description": "Grants permission to retrieve resource policies", + "privilege": "GetResourcePolicies", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rootcatalog*" + } + ] }, { - "arn": "arn:${Partition}:glue:${Region}:${Account}:session/${SessionId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "session" + "access_level": "Read", + "description": "Grants permission to retrieve a resource policy", + "privilege": "GetResourcePolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rootcatalog*" + } + ] }, { - "arn": "arn:${Partition}:glue:${Region}:${Account}:usageProfile/${UsageProfileId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "usageProfile" + "access_level": "Read", + "description": "Grants permission to retrieve a schema container", + "privilege": "GetSchema", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "registry*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "schema*" + } + ] }, { - "arn": "arn:${Partition}:glue:${Region}:${Account}:dataQualityRuleset/${RulesetName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "dataQualityRuleset" + "access_level": "Read", + "description": "Grants permission to retrieve a schema version based on schema definition", + "privilege": "GetSchemaByDefinition", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "registry*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "schema*" + } + ] }, { - "arn": "arn:${Partition}:glue:${Region}:${Account}:customEntityType/${CustomEntityTypeId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "customEntityType" + "access_level": "Read", + "description": "Grants permission to retrieve a schema version", + "privilege": "GetSchemaVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "registry" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "schema" + } + ] }, { - "arn": "arn:${Partition}:glue:${Region}:${Account}:completion/${CompletionId}", - "condition_keys": [], - "resource": "completion" + "access_level": "Read", + "description": "Grants permission to compare two schema versions in schema registry", + "privilege": "GetSchemaVersionsDiff", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "registry*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "schema*" + } + ] }, { - "arn": "arn:${Partition}:glue:${Region}:${Account}:integration:${IntegrationId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "integration" - } - ], - "service_name": "AWS Glue" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by actions based on the presence of tag key-value pairs in the request", - "type": "String" + "access_level": "Read", + "description": "Grants permission to retrieve a security configuration", + "privilege": "GetSecurityConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by actions based on tag key-value pairs attached to the resource", - "type": "String" + "access_level": "Read", + "description": "Grants permission to retrieve one or more security configurations", + "privilege": "GetSecurityConfigurations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "aws:TagKeys", - "description": "Filters access by actions based on the presence of tag keys in the request", - "type": "ArrayOfString" - } - ], - "prefix": "grafana", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to upgrade a workspace with a license", - "privilege": "AssociateLicense", + "access_level": "Read", + "description": "Grants permission to retrieve an interactive session", + "privilege": "GetSession", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "aws-marketplace:ViewSubscriptions" - ], - "resource_type": "workspace*" + "dependent_actions": [], + "resource_type": "session*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a workspace", - "privilege": "CreateWorkspace", + "access_level": "Permissions management", + "description": "Grants permission to get a stage for SparkUI", + "privilege": "GetStage", "resource_types": [ { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [ - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:GetManagedPrefixListEntries", - "iam:CreateServiceLinkedRole", - "organizations:DescribeOrganization", - "sso:CreateManagedApplicationInstance", - "sso:DescribeRegisteredRegions", - "sso:GetSharedSsoConfiguration" - ], + "condition_keys": [], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create API keys for a workspace", - "privilege": "CreateWorkspaceApiKey", + "access_level": "Permissions management", + "description": "Grants permission to get a stage attempt for SparkUI", + "privilege": "GetStageAttempt", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create service accounts for a workspace", - "privilege": "CreateWorkspaceServiceAccount", + "access_level": "Permissions management", + "description": "Grants permission to get the task list for a stage attempt for SparkUI", + "privilege": "GetStageAttemptTaskList", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create service account tokens for a workspace", - "privilege": "CreateWorkspaceServiceAccountToken", + "access_level": "Permissions management", + "description": "Grants permission to get the task summary for a stage attempt for SparkUI", + "privilege": "GetStageAttemptTaskSummary", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a workspace", - "privilege": "DeleteWorkspace", + "access_level": "Permissions management", + "description": "Grants permission to get stage files for SparkUI", + "privilege": "GetStageFiles", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "sso:DeleteManagedApplicationInstance" - ], - "resource_type": "workspace*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete API keys from a workspace", - "privilege": "DeleteWorkspaceApiKey", + "access_level": "Permissions management", + "description": "Grants permission to get stages for SparkUI", + "privilege": "GetStages", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete service accounts for a workspace", - "privilege": "DeleteWorkspaceServiceAccount", + "access_level": "Read", + "description": "Grants permission to retrieve result and information about a statement in an interactive session", + "privilege": "GetStatement", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "session*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete service account tokens for a workspace", - "privilege": "DeleteWorkspaceServiceAccountToken", + "access_level": "Permissions management", + "description": "Grants permission to get storage details for SparkUI", + "privilege": "GetStorage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a workspace", - "privilege": "DescribeWorkspace", + "access_level": "Permissions management", + "description": "Grants permission to get storage unit details for SparkUI", + "privilege": "GetStorageUnit", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to describe authentication providers on a workspace", - "privilege": "DescribeWorkspaceAuthentication", + "description": "Grants permission to retrieve a table", + "privilege": "GetTable", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rootcatalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "catalog" + }, + { + "condition_keys": [ + "glue:LakeFormationPermissions" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to describe the current configuration string for the given workspace", - "privilege": "DescribeWorkspaceConfiguration", + "description": "Grants permission to return the configuration of all optimizers associated with a specified table", + "privilege": "GetTableOptimizer", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "glue:GetTable" + ], + "resource_type": "database*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "rootcatalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" } ] }, { - "access_level": "Write", - "description": "Grants permission to remove a license from a workspace", - "privilege": "DisassociateLicense", + "access_level": "Read", + "description": "Grants permission to retrieve a version of a table", + "privilege": "GetTableVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rootcatalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "catalog" + }, + { + "condition_keys": [ + "glue:LakeFormationPermissions" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the permissions on a wokspace", - "privilege": "ListPermissions", + "access_level": "Read", + "description": "Grants permission to retrieve a list of versions of a table", + "privilege": "GetTableVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rootcatalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "catalog" + }, + { + "condition_keys": [ + "glue:LakeFormationPermissions" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to list tags associated with a workspace", - "privilege": "ListTagsForResource", + "description": "Grants permission to retrieve the tables in a database", + "privilege": "GetTables", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace" + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rootcatalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "catalog" + }, + { + "condition_keys": [ + "glue:LakeFormationPermissions" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all available supported Grafana versions. Optionally, include a workspace to list the versions to which it can be upgraded", - "privilege": "ListVersions", + "access_level": "Read", + "description": "Grants permission to retrieve all tags associated with a resource", + "privilege": "GetTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace" + "resource_type": "blueprint" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "crawler" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "customEntityType" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "devendpoint" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "job" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "trigger" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "usageProfile" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workflow" } ] }, { "access_level": "Read", - "description": "Grants permission to list service account tokens for a workspace", - "privilege": "ListWorkspaceServiceAccountTokens", + "description": "Grants permission to retrieve a trigger", + "privilege": "GetTrigger", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "trigger*" } ] }, { "access_level": "Read", - "description": "Grants permission to list service accounts for a workspace", - "privilege": "ListWorkspaceServiceAccounts", + "description": "Grants permission to retrieve the triggers associated with a job", + "privilege": "GetTriggers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to list workspaces", - "privilege": "ListWorkspaces", + "description": "Grants permission to retrieve a usage profile", + "privilege": "GetUsageProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "usageProfile*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add tags to, or update tag values of, a workspace", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to retrieve a function definition", + "privilege": "GetUserDefinedFunction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rootcatalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "userdefinedfunction*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "catalog" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "glue:LakeFormationPermissions" ], "dependent_actions": [], "resource_type": "" @@ -150067,18 +154858,33 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from a workspace", - "privilege": "UntagResource", + "access_level": "Read", + "description": "Grants permission to retrieve multiple function definitions", + "privilege": "GetUserDefinedFunctions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rootcatalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "userdefinedfunction*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "catalog" }, { "condition_keys": [ - "aws:TagKeys" + "glue:LakeFormationPermissions" ], "dependent_actions": [], "resource_type": "" @@ -150086,329 +154892,261 @@ ] }, { - "access_level": "Permissions management", - "description": "Grants permission to modify the permissions on a workspace", - "privilege": "UpdatePermissions", + "access_level": "Read", + "description": "Grants permission to retrieve a workflow", + "privilege": "GetWorkflow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "workflow*" } ] }, { - "access_level": "Write", - "description": "Grants permission to modify a workspace", - "privilege": "UpdateWorkspace", + "access_level": "Read", + "description": "Grants permission to retrieve a workflow run", + "privilege": "GetWorkflowRun", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:GetManagedPrefixListEntries", - "iam:CreateServiceLinkedRole" - ], - "resource_type": "workspace*" + "dependent_actions": [], + "resource_type": "workflow*" } ] }, { - "access_level": "Write", - "description": "Grants permission to modify authentication providers on a workspace", - "privilege": "UpdateWorkspaceAuthentication", + "access_level": "Read", + "description": "Grants permission to retrieve workflow run properties", + "privilege": "GetWorkflowRunProperties", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "workflow*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the configuration string for the given workspace", - "privilege": "UpdateWorkspaceConfiguration", + "access_level": "Read", + "description": "Grants permission to retrieve all runs of a workflow", + "privilege": "GetWorkflowRuns", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "workflow*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:grafana:${Region}:${Account}:/workspaces/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "workspace" - } - ], - "service_name": "Amazon Managed Grafana" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by checking tag key/value pairs included in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by checking tag key/value pairs associated with a specific resource", - "type": "String" }, - { - "condition": "aws:TagKeys", - "description": "Filters access by checking tag keys passed in the request", - "type": "ArrayOfString" - } - ], - "prefix": "greengrass", - "privileges": [ { "access_level": "Permissions management", - "description": "Grants permission to associate a role with your account. AWS IoT Greengrass uses this role to access your Lambda functions and AWS IoT resources", - "privilege": "AssociateServiceRoleToAccount", + "description": "Grants permission to access Glue Studio Notebooks", + "privilege": "GlueNotebookAuthorize", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:PassRole" - ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to associate a list of client devices with a core device", - "privilege": "BatchAssociateClientDeviceWithCoreDevice", + "access_level": "Permissions management", + "description": "Grants permission to refresh Glue Studio Notebooks credentials", + "privilege": "GlueNotebookRefreshCredentials", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "coreDevice*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate a list of client devices from a core device", - "privilege": "BatchDisassociateClientDeviceFromCoreDevice", + "description": "Grants permission to import an Athena data catalog into AWS Glue", + "privilege": "ImportCatalogToGlue", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "coreDevice*" + "resource_type": "rootcatalog*" + }, + { + "condition_keys": [ + "glue:LakeFormationPermissions" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to cancel a deployment", - "privilege": "CancelDeployment", + "access_level": "List", + "description": "Grants permission to retrieve all blueprints", + "privilege": "ListBlueprints", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iot:CancelJob", - "iot:DeleteThingShadow", - "iot:DescribeJob", - "iot:DescribeThing", - "iot:DescribeThingGroup", - "iot:GetThingShadow", - "iot:UpdateJob", - "iot:UpdateThingShadow" - ], - "resource_type": "deployment*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a component", - "privilege": "CreateComponentVersion", + "access_level": "Read", + "description": "Grants permission to list all Column Statistics run-ids that have been executed for the account", + "privilege": "ListColumnStatisticsTaskRuns", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "component*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a deployment", - "privilege": "CreateDeployment", + "access_level": "Permissions management", + "description": "Grants permission to list connection types in glue studio", + "privilege": "ListConnectionTypes", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "iot:CancelJob", - "iot:CreateJob", - "iot:DeleteThingShadow", - "iot:DescribeJob", - "iot:DescribeThing", - "iot:DescribeThingGroup", - "iot:GetThingShadow", - "iot:UpdateJob", - "iot:UpdateThingShadow" - ], + "condition_keys": [], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a component", - "privilege": "DeleteComponent", + "access_level": "List", + "description": "Grants permission to retrieve all crawlers", + "privilege": "ListCrawlers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "componentVersion*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a AWS IoT Greengrass core device, which is an AWS IoT thing. This operation removes the core device from the list of core devices. This operation doesn't delete the AWS IoT thing", - "privilege": "DeleteCoreDevice", + "access_level": "List", + "description": "Grants permission to retrieve crawl run history for a crawler", + "privilege": "ListCrawls", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iot:DescribeJobExecution" - ], - "resource_type": "coreDevice*" + "dependent_actions": [], + "resource_type": "crawler*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a deployment. To delete an active deployment, it needs to be cancelled first", - "privilege": "DeleteDeployment", + "access_level": "List", + "description": "Grants permission to retrieve all Custom Entity Types", + "privilege": "ListCustomEntityTypes", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iot:DeleteJob" - ], - "resource_type": "deployment*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve metadata for a version of a component", - "privilege": "DescribeComponent", + "access_level": "List", + "description": "Grants permission to retrieve all Data Quality results", + "privilege": "ListDataQualityResults", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "componentVersion*" + "resource_type": "dataQualityRuleset*" } ] }, { - "access_level": "Write", - "description": "Grants permission to disassociate the service role from an account. Without a service role, deployments will not work", - "privilege": "DisassociateServiceRoleFromAccount", + "access_level": "List", + "description": "Grants permission to retrieve all Data Quality rule recommendation runs", + "privilege": "ListDataQualityRuleRecommendationRuns", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "dataQualityRuleset*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the recipe for a version of a component", - "privilege": "GetComponent", + "access_level": "List", + "description": "Grants permission to retrieve all Data Quality rule recommendation runs", + "privilege": "ListDataQualityRulesetEvaluationRuns", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "componentVersion*" + "resource_type": "dataQualityRuleset*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the pre-signed URL to download a public component artifact", - "privilege": "GetComponentVersionArtifact", + "access_level": "List", + "description": "Grants permission to retrieve a list of Data Quality rulesets", + "privilege": "ListDataQualityRulesets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "componentVersion*" + "resource_type": "dataQualityRuleset*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the connectivity information for a Greengrass core device", - "privilege": "GetConnectivityInfo", + "access_level": "List", + "description": "Grants permission to retrieve all development endpoints", + "privilege": "ListDevEndpoints", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iot:GetThingShadow" - ], - "resource_type": "connectivityInfo*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieves metadata for a AWS IoT Greengrass core device", - "privilege": "GetCoreDevice", + "access_level": "Permissions management", + "description": "Grants permission to list entities in glue studio", + "privilege": "ListEntities", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "coreDevice*" + "resource_type": "connection*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rootcatalog*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a deployment", - "privilege": "GetDeployment", + "access_level": "List", + "description": "Grants permission to list upgrade analyses for a job", + "privilege": "ListJobUpgradeAnalyses", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iot:DescribeJob", - "iot:DescribeThing", - "iot:DescribeThingGroup", - "iot:GetThingShadow" - ], - "resource_type": "deployment*" + "dependent_actions": [], + "resource_type": "job*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the service role that is attached to an account", - "privilege": "GetServiceRoleForAccount", + "access_level": "List", + "description": "Grants permission to retrieve all current jobs", + "privilege": "ListJobs", "resource_types": [ { "condition_keys": [], @@ -150419,128 +155157,154 @@ }, { "access_level": "List", - "description": "Grants permission to retrieve a paginated list of client devices associated to a AWS IoT Greengrass core device", - "privilege": "ListClientDevicesAssociatedWithCoreDevice", + "description": "Grants permission to retrieve all ML Transforms", + "privilege": "ListMLTransforms", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "coreDevice*" + "resource_type": "mlTransform*" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve a paginated list of all versions for a component", - "privilege": "ListComponentVersions", + "description": "Grants permission to retrieve a list of schema registries", + "privilege": "ListRegistries", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "component*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve a paginated list of component summaries", - "privilege": "ListComponents", + "description": "Grants permission to retrieve a list of schema versions", + "privilege": "ListSchemaVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "registry*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "schema*" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve a paginated list of AWS IoT Greengrass core devices", - "privilege": "ListCoreDevices", + "description": "Grants permission to retrieve a list of schema containers", + "privilege": "ListSchemas", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "registry" } ] }, { "access_level": "List", - "description": "Grants permission to retrieves a paginated list of deployments", - "privilege": "ListDeployments", + "description": "Grants permission to retrieve a list of interactive session", + "privilege": "ListSessions", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iot:DescribeJob", - "iot:DescribeThing", - "iot:DescribeThingGroup", - "iot:GetThingShadow" - ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to retrieves a paginated list of deployment jobs that AWS IoT Greengrass sends to AWS IoT Greengrass core devices", - "privilege": "ListEffectiveDeployments", + "description": "Grants permission to retrieve a list of statements in an interactive session", + "privilege": "ListStatements", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iot:DescribeJob", - "iot:DescribeJobExecution", - "iot:DescribeThing", - "iot:DescribeThingGroup", - "iot:GetThingShadow" - ], - "resource_type": "coreDevice*" + "dependent_actions": [], + "resource_type": "session*" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve a paginated list of the components that a AWS IoT Greengrass core device runs", - "privilege": "ListInstalledComponents", + "description": "Grants permission to list the history of previous optimizer runs for a specific table", + "privilege": "ListTableOptimizerRuns", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "glue:GetTable" + ], + "resource_type": "database*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "coreDevice*" + "resource_type": "rootcatalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list the tags for a resource", - "privilege": "ListTagsForResource", + "access_level": "List", + "description": "Grants permission to retrieve all triggers", + "privilege": "ListTriggers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "component" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve a list of usage profiles", + "privilege": "ListUsageProfiles", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "componentVersion" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve all workflows", + "privilege": "ListWorkflows", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "coreDevice" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify a zero-ETL integration", + "privilege": "ModifyIntegration", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deployment" + "resource_type": "integration*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -150548,221 +155312,203 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list components that meet the component, version, and platform requirements of a deployment", - "privilege": "ResolveComponentCandidates", + "access_level": "Write", + "description": "Grants permission to notify an event to the event-driven workflow", + "privilege": "NotifyEvent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "componentVersion*" + "resource_type": "workflow*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add tags to a resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to pass glue connection name in input for APIs that require them", + "privilege": "PassConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "component" - }, + "resource_type": "connection*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to publish Data Quality results", + "privilege": "PublishDataQuality", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "componentVersion" - }, + "resource_type": "dataQualityRuleset*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update catalog encryption settings", + "privilege": "PutDataCatalogEncryptionSettings", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "coreDevice" - }, + "resource_type": "rootcatalog*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to annotate all datapoints for a profile", + "privilege": "PutDataQualityProfileAnnotation", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deployment" + "resource_type": "dataQualityRuleset*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "job*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from a resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to annotate datapoints over time for a specific data quality statistic", + "privilege": "PutDataQualityStatisticAnnotation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "component" + "resource_type": "dataQualityRuleset*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "componentVersion" - }, + "resource_type": "job*" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to update a resource policy", + "privilege": "PutResourcePolicy", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "coreDevice" - }, + "resource_type": "rootcatalog*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to add metadata to schema version", + "privilege": "PutSchemaVersionMetadata", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deployment" + "resource_type": "registry" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "schema" } ] }, { "access_level": "Write", - "description": "Grants permission to update the connectivity information for a Greengrass core. Any devices that belong to the group that has this core will receive this information in order to find the location of the core and connect to it", - "privilege": "UpdateConnectivityInfo", + "description": "Grants permission to update workflow run properties", + "privilege": "PutWorkflowRunProperties", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iot:GetThingShadow", - "iot:UpdateThingShadow" - ], - "resource_type": "connectivityInfo*" + "dependent_actions": [], + "resource_type": "workflow*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/things/${ThingName}/connectivityInfo", - "condition_keys": [], - "resource": "connectivityInfo" - }, - { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:components:${ComponentName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "component" - }, - { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:components:${ComponentName}:versions:${ComponentVersion}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "componentVersion" }, { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:coreDevices:${CoreDeviceThingName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "coreDevice" - }, - { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:deployments:${DeploymentId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "deployment" - } - ], - "service_name": "AWS IoT Greengrass V2" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the allowed set of values for each of the mandatory tags", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tag value associated with the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the presence of mandatory tags in the request", - "type": "ArrayOfString" - } - ], - "prefix": "greengrass", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to associate a role with a group. The role's permissions must allow Greengrass core Lambda functions and connectors to perform actions in other AWS services", - "privilege": "AssociateRoleToGroup", + "access_level": "List", + "description": "Grants permission to fetch metadata for a schema version", + "privilege": "QuerySchemaVersionMetadata", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" + "resource_type": "registry" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "schema" } ] }, { "access_level": "Permissions management", - "description": "Grants permission to associate a role with your account. AWS IoT Greengrass uses this role to access your Lambda functions and AWS IoT resources", - "privilege": "AssociateServiceRoleToAccount", + "description": "Grants permission to refresh the oauth2 tokens for connection during job execution", + "privilege": "RefreshOAuth2Tokens", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "connection*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rootcatalog*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a connector definition", - "privilege": "CreateConnectorDefinition", + "description": "Grants permission to create a new schema version", + "privilege": "RegisterSchemaVersion", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "registry*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "schema*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a version of an existing connector definition", - "privilege": "CreateConnectorDefinitionVersion", + "description": "Grants permission to remove metadata from schema version", + "privilege": "RemoveSchemaVersionMetadata", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connectorDefinition*" + "resource_type": "registry" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "schema" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a core definition", - "privilege": "CreateCoreDefinition", + "access_level": "Permissions management", + "description": "Grants permission to request log parsing for SparkUI", + "privilege": "RequestLogParsing", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -150770,38 +155516,35 @@ }, { "access_level": "Write", - "description": "Grants permission to create a version of an existing core definition. Greengrass groups must each contain exactly one Greengrass core", - "privilege": "CreateCoreDefinitionVersion", + "description": "Grants permission to reset a job bookmark", + "privilege": "ResetJobBookmark", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "coreDefinition*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a deployment", - "privilege": "CreateDeployment", + "description": "Grants permission to resume a workflow run", + "privilege": "ResumeWorkflowRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" + "resource_type": "workflow*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a device definition", - "privilege": "CreateDeviceDefinition", + "access_level": "Permissions management", + "description": "Grants permission to run Data Preview Statement", + "privilege": "RunDataPreviewStatement", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -150809,92 +155552,140 @@ }, { "access_level": "Write", - "description": "Grants permission to create a version of an existing device definition", - "privilege": "CreateDeviceDefinitionVersion", + "description": "Grants permission to run a code or statement in an interactive session", + "privilege": "RunStatement", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deviceDefinition*" + "resource_type": "session*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the tables in the catalog", + "privilege": "SearchTables", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rootcatalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "catalog" + }, + { + "condition_keys": [ + "glue:LakeFormationPermissions" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a Lambda function definition to be used in a group that contains a list of Lambda functions and their configurations", - "privilege": "CreateFunctionDefinition", + "description": "Grants permission to provide feedback about a glue completion experience in AWS Q", + "privilege": "SendFeedback", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a version of an existing Lambda function definition", - "privilege": "CreateFunctionDefinitionVersion", + "access_level": "Permissions management", + "description": "Grants permission to execute a Data Preparation Recipe statement in data preview", + "privilege": "SendRecipeAction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "functionDefinition*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a group", - "privilege": "CreateGroup", + "description": "Grants permission to start running a blueprint", + "privilege": "StartBlueprintRun", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "blueprint*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a CA for the group, or rotate the existing CA", - "privilege": "CreateGroupCertificateAuthority", + "description": "Grants permission to start a run for generating Column Statistics for the table", + "privilege": "StartColumnStatisticsTaskRun", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "glue:GetSecurityConfiguration", + "glue:GetTable" + ], + "resource_type": "database*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" + "resource_type": "rootcatalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a version of a group that has already been defined", - "privilege": "CreateGroupVersion", + "description": "Grants permission to start a column statistics task run schedule", + "privilege": "StartColumnStatisticsTaskRunSchedule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rootcatalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a logger definition", - "privilege": "CreateLoggerDefinition", + "description": "Grants permission to create a completion request in Glue for AWS Q experience", + "privilege": "StartCompletion", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -150902,26 +155693,23 @@ }, { "access_level": "Write", - "description": "Grants permission to create a version of an existing logger definition", - "privilege": "CreateLoggerDefinitionVersion", + "description": "Grants permission to start a crawler", + "privilege": "StartCrawler", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "loggerDefinition*" + "resource_type": "crawler*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a resource definition that contains a list of resources to be used in a group", - "privilege": "CreateResourceDefinition", + "description": "Grants permission to change the schedule state of a crawler to SCHEDULED", + "privilege": "StartCrawlerSchedule", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -150929,589 +155717,497 @@ }, { "access_level": "Write", - "description": "Grants permission to create a version of an existing resource definition", - "privilege": "CreateResourceDefinitionVersion", + "description": "Grants permission to start a Data Quality rule recommendation run", + "privilege": "StartDataQualityRuleRecommendationRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "resourceDefinition*" + "resource_type": "dataQualityRuleset*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an AWS IoT job that will trigger your Greengrass cores to update the software they are running", - "privilege": "CreateSoftwareUpdateJob", + "description": "Grants permission to start a Data Quality rule recommendation run", + "privilege": "StartDataQualityRulesetEvaluationRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "dataQualityRuleset*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a subscription definition", - "privilege": "CreateSubscriptionDefinition", + "description": "Grants permission to start an Export Labels ML Task Run", + "privilege": "StartExportLabelsTaskRun", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "mlTransform*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a version of an existing subscription definition", - "privilege": "CreateSubscriptionDefinitionVersion", + "description": "Grants permission to start an Import Labels ML Task Run", + "privilege": "StartImportLabelsTaskRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "subscriptionDefinition*" + "resource_type": "mlTransform*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a connector definition", - "privilege": "DeleteConnectorDefinition", + "description": "Grants permission to start running a job", + "privilege": "StartJobRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connectorDefinition*" + "resource_type": "job*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a core definition. Deleting a definition that is currently in use in a deployment affects future deployments", - "privilege": "DeleteCoreDefinition", + "description": "Grants permission to start running upgrade analysis for a job", + "privilege": "StartJobUpgradeAnalysis", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "coreDefinition*" + "resource_type": "job*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a device definition. Deleting a definition that is currently in use in a deployment affects future deployments", - "privilege": "DeleteDeviceDefinition", + "description": "Grants permission to start an Evaluation ML Task Run", + "privilege": "StartMLEvaluationTaskRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deviceDefinition*" + "resource_type": "mlTransform*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a Lambda function definition. Deleting a definition that is currently in use in a deployment affects future deployments", - "privilege": "DeleteFunctionDefinition", + "description": "Grants permission to start a Labeling Set Generation ML Task Run", + "privilege": "StartMLLabelingSetGenerationTaskRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "functionDefinition*" + "resource_type": "mlTransform*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a group that is not currently in use in a deployment", - "privilege": "DeleteGroup", + "access_level": "Permissions management", + "description": "Grants permission to start Glue Studio Notebooks", + "privilege": "StartNotebook", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a logger definition. Deleting a definition that is currently in use in a deployment affects future deployments", - "privilege": "DeleteLoggerDefinition", + "description": "Grants permission to start a trigger", + "privilege": "StartTrigger", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "loggerDefinition*" + "resource_type": "trigger*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a resource definition", - "privilege": "DeleteResourceDefinition", + "description": "Grants permission to start running a workflow", + "privilege": "StartWorkflowRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "resourceDefinition*" + "resource_type": "workflow*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a subscription definition. Deleting a definition that is currently in use in a deployment affects future deployments", - "privilege": "DeleteSubscriptionDefinition", + "description": "Grants permission to stop execution for Column Statistics run", + "privilege": "StopColumnStatisticsTaskRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "subscriptionDefinition*" + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rootcatalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate the role from a group", - "privilege": "DisassociateRoleFromGroup", + "description": "Grants permission to stop a column statistics task run schedule", + "privilege": "StopColumnStatisticsTaskRunSchedule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rootcatalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate the service role from an account. Without a service role, deployments will not work", - "privilege": "DisassociateServiceRoleFromAccount", + "description": "Grants permission to stop a running crawler", + "privilege": "StopCrawler", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "crawler*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information required to connect to a Greengrass core", - "privilege": "Discover", + "access_level": "Write", + "description": "Grants permission to set the schedule state of a crawler to NOT_SCHEDULED", + "privilege": "StopCrawlerSchedule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "thing*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the role associated with a group", - "privilege": "GetAssociatedRole", + "access_level": "Write", + "description": "Grants permission to stop an on-going upgrade analysis for a job", + "privilege": "StopJobUpgradeAnalysis", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" + "resource_type": "job*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return the status of a bulk deployment", - "privilege": "GetBulkDeploymentStatus", + "access_level": "Write", + "description": "Grants permission to stop an interactive session", + "privilege": "StopSession", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bulkDeployment*" + "resource_type": "session*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the connectivity information for a core", - "privilege": "GetConnectivityInfo", + "access_level": "Write", + "description": "Grants permission to stop a trigger", + "privilege": "StopTrigger", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connectivityInfo*" + "resource_type": "trigger*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about a connector definition", - "privilege": "GetConnectorDefinition", + "access_level": "Write", + "description": "Grants permission to stop a workflow run", + "privilege": "StopWorkflowRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connectorDefinition*" + "resource_type": "workflow*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about a connector definition version", - "privilege": "GetConnectorDefinitionVersion", + "access_level": "Tagging", + "description": "Grants permission to add tags to a resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connectorDefinition*" + "resource_type": "blueprint" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "connectorDefinitionVersion*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve information about a core definition", - "privilege": "GetCoreDefinition", - "resource_types": [ + "resource_type": "connection" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "coreDefinition*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve information about a core definition version", - "privilege": "GetCoreDefinitionVersion", - "resource_types": [ + "resource_type": "crawler" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "coreDefinition*" + "resource_type": "customEntityType" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "coreDefinitionVersion*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to return the status of a deployment", - "privilege": "GetDeploymentStatus", - "resource_types": [ + "resource_type": "dataQualityRuleset" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "deployment*" + "resource_type": "devendpoint" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve information about a device definition", - "privilege": "GetDeviceDefinition", - "resource_types": [ + "resource_type": "integration" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "deviceDefinition*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve information about a device definition version", - "privilege": "GetDeviceDefinitionVersion", - "resource_types": [ + "resource_type": "job" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "deviceDefinition*" + "resource_type": "mlTransform" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "deviceDefinitionVersion*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve information about a Lambda function definition, such as its creation time and latest version", - "privilege": "GetFunctionDefinition", - "resource_types": [ + "resource_type": "registry" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "functionDefinition*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve information about a Lambda function definition version, such as which Lambda functions are included in the version and their configurations", - "privilege": "GetFunctionDefinitionVersion", - "resource_types": [ + "resource_type": "schema" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "functionDefinition*" + "resource_type": "session" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "functionDefinitionVersion*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve information about a group", - "privilege": "GetGroup", - "resource_types": [ + "resource_type": "trigger" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" + "resource_type": "usageProfile" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workflow" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}", + "glue:LakeFormationPermissions" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return the public key of the CA associated with a group", - "privilege": "GetGroupCertificateAuthority", + "access_level": "Permissions management", + "description": "Grants permission to terminate Glue Studio Notebooks", + "privilege": "TerminateNotebook", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "certificateAuthority*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "group*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the current configuration for the CA used by a group", - "privilege": "GetGroupCertificateConfiguration", + "access_level": "Permissions management", + "description": "Grants permission to test connection in Glue Studio", + "privilege": "TestConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about a group version", - "privilege": "GetGroupVersion", + "access_level": "Tagging", + "description": "Grants permission to remove tags associated with a resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" + "resource_type": "blueprint" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "groupVersion*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve information about a logger definition", - "privilege": "GetLoggerDefinition", - "resource_types": [ + "resource_type": "connection" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "loggerDefinition*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve information about a logger definition version", - "privilege": "GetLoggerDefinitionVersion", - "resource_types": [ + "resource_type": "crawler" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "loggerDefinition*" + "resource_type": "customEntityType" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "loggerDefinitionVersion*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve information about a resource definition, such as its creation time and latest version", - "privilege": "GetResourceDefinition", - "resource_types": [ + "resource_type": "dataQualityRuleset" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "resourceDefinition*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve information about a resource definition version, such as which resources are included in the version", - "privilege": "GetResourceDefinitionVersion", - "resource_types": [ + "resource_type": "devendpoint" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "resourceDefinition*" + "resource_type": "integration" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "resourceDefinitionVersion*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve the service role that is attached to an account", - "privilege": "GetServiceRoleForAccount", - "resource_types": [ + "resource_type": "job" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve information about a subscription definition", - "privilege": "GetSubscriptionDefinition", - "resource_types": [ + "resource_type": "mlTransform" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "subscriptionDefinition*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve information about a subscription definition version", - "privilege": "GetSubscriptionDefinitionVersion", - "resource_types": [ + "resource_type": "registry" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "subscriptionDefinition*" + "resource_type": "schema" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "subscriptionDefinitionVersion*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve runtime configuration of a thing", - "privilege": "GetThingRuntimeConfiguration", - "resource_types": [ + "resource_type": "session" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "thingRuntimeConfig*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve a paginated list of the deployments that have been started in a bulk deployment operation and their current deployment status", - "privilege": "ListBulkDeploymentDetailedReports", - "resource_types": [ + "resource_type": "trigger" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "bulkDeployment*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to retrieve a list of bulk deployments", - "privilege": "ListBulkDeployments", - "resource_types": [ + "resource_type": "usageProfile" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "workflow" + }, + { + "condition_keys": [ + "aws:TagKeys", + "glue:LakeFormationPermissions" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the versions of a connector definition", - "privilege": "ListConnectorDefinitionVersions", + "access_level": "Write", + "description": "Grants permission to update a blueprint", + "privilege": "UpdateBlueprint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connectorDefinition*" + "resource_type": "blueprint*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of connector definitions", - "privilege": "ListConnectorDefinitions", + "access_level": "Write", + "description": "Grants permission to update a catalog", + "privilege": "UpdateCatalog", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list the versions of a core definition", - "privilege": "ListCoreDefinitionVersions", - "resource_types": [ + "resource_type": "rootcatalog*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "coreDefinition*" + "resource_type": "catalog" + }, + { + "condition_keys": [ + "glue:LakeFormationPermissions" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of core definitions", - "privilege": "ListCoreDefinitions", + "access_level": "Write", + "description": "Grants permission to update a classifier", + "privilege": "UpdateClassifier", "resource_types": [ { "condition_keys": [], @@ -151521,117 +156217,135 @@ ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of all deployments for a group", - "privilege": "ListDeployments", + "access_level": "Write", + "description": "Grants permission to update partition statistics of columns", + "privilege": "UpdateColumnStatisticsForPartition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list the versions of a device definition", - "privilege": "ListDeviceDefinitionVersions", - "resource_types": [ + "resource_type": "database*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "deviceDefinition*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to retrieve a list of device definitions", - "privilege": "ListDeviceDefinitions", - "resource_types": [ + "resource_type": "rootcatalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "catalog" + }, + { + "condition_keys": [ + "glue:LakeFormationPermissions" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the versions of a Lambda function definition", - "privilege": "ListFunctionDefinitionVersions", + "access_level": "Write", + "description": "Grants permission to update table statistics of columns", + "privilege": "UpdateColumnStatisticsForTable", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "functionDefinition*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to retrieve a list of Lambda function definitions", - "privilege": "ListFunctionDefinitions", - "resource_types": [ + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rootcatalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "catalog" + }, + { + "condition_keys": [ + "glue:LakeFormationPermissions" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of current CAs for a group", - "privilege": "ListGroupCertificateAuthorities", + "access_level": "Write", + "description": "Grants permission to update settings for a column statistics task", + "privilege": "UpdateColumnStatisticsTaskSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list the versions of a group", - "privilege": "ListGroupVersions", - "resource_types": [ + "resource_type": "database*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" + "resource_type": "rootcatalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of groups", - "privilege": "ListGroups", + "access_level": "Write", + "description": "Grants permission to update a connection", + "privilege": "UpdateConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "connection*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rootcatalog*" + }, + { + "condition_keys": [ + "glue:LakeFormationPermissions" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the versions of a logger definition", - "privilege": "ListLoggerDefinitionVersions", + "access_level": "Write", + "description": "Grants permission to update a crawler", + "privilege": "UpdateCrawler", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "loggerDefinition*" + "resource_type": "crawler*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of logger definitions", - "privilege": "ListLoggerDefinitions", + "access_level": "Write", + "description": "Grants permission to update the schedule of a crawler", + "privilege": "UpdateCrawlerSchedule", "resource_types": [ { "condition_keys": [], @@ -151641,45 +156355,62 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the versions of a resource definition", - "privilege": "ListResourceDefinitionVersions", + "access_level": "Write", + "description": "Grants permission to update a Data Quality ruleset", + "privilege": "UpdateDataQualityRuleset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "resourceDefinition*" + "resource_type": "dataQualityRuleset*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of resource definitions", - "privilege": "ListResourceDefinitions", + "access_level": "Write", + "description": "Grants permission to update a database", + "privilege": "UpdateDatabase", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rootcatalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "catalog" + }, + { + "condition_keys": [ + "glue:LakeFormationPermissions" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the versions of a subscription definition", - "privilege": "ListSubscriptionDefinitionVersions", + "access_level": "Write", + "description": "Grants permission to update a development endpoint", + "privilege": "UpdateDevEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "subscriptionDefinition*" + "resource_type": "devendpoint*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of subscription definitions", - "privilege": "ListSubscriptionDefinitions", + "access_level": "Write", + "description": "Grants permission to update the managed Idc application", + "privilege": "UpdateGlueIdentityCenterConfiguration", "resource_types": [ { "condition_keys": [], @@ -151689,59 +156420,64 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list the tags for a resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to update the integration resource property", + "privilege": "UpdateIntegrationResourceProperty", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bulkDeployment" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "connectorDefinition" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "coreDefinition" + "resource_type": "catalog*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "deviceDefinition" + "resource_type": "connection*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "functionDefinition" - }, + "resource_type": "database*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the integration table properties", + "privilege": "UpdateIntegrationTableProperties", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group" + "resource_type": "catalog*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "loggerDefinition" + "resource_type": "connection*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "resourceDefinition" - }, + "resource_type": "database*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a job", + "privilege": "UpdateJob", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "subscriptionDefinition" + "resource_type": "job*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "glue:VpcIds", + "glue:SubnetIds", + "glue:SecurityGroupIds" ], "dependent_actions": [], "resource_type": "" @@ -151750,97 +156486,56 @@ }, { "access_level": "Write", - "description": "Grants permission to reset a group's deployments", - "privilege": "ResetDeployments", + "description": "Grants permission to update a job from source control provider", + "privilege": "UpdateJobFromSourceControl", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to deploy multiple groups in one operation", - "privilege": "StartBulkDeployment", - "resource_types": [ - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "job*" } ] }, { "access_level": "Write", - "description": "Grants permission to stop the execution of a bulk deployment", - "privilege": "StopBulkDeployment", + "description": "Grants permission to update an ML Transform", + "privilege": "UpdateMLTransform", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bulkDeployment*" + "resource_type": "mlTransform*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add tags to a resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to update a partition", + "privilege": "UpdatePartition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bulkDeployment" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "connectorDefinition" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "coreDefinition" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "deviceDefinition" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "functionDefinition" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "group" + "resource_type": "database*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "loggerDefinition" + "resource_type": "rootcatalog*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "resourceDefinition" + "resource_type": "table*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "subscriptionDefinition" + "resource_type": "catalog" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "glue:LakeFormationPermissions" ], "dependent_actions": [], "resource_type": "" @@ -151848,58 +156543,74 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from a resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to update a schema registry", + "privilege": "UpdateRegistry", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bulkDeployment" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "connectorDefinition" - }, + "resource_type": "registry*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a schema container", + "privilege": "UpdateSchema", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "coreDefinition" + "resource_type": "registry*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "deviceDefinition" - }, + "resource_type": "schema*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update source control provider from a job", + "privilege": "UpdateSourceControlFromJob", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "functionDefinition" - }, + "resource_type": "job*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a table", + "privilege": "UpdateTable", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group" + "resource_type": "database*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "loggerDefinition" + "resource_type": "rootcatalog*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "resourceDefinition" + "resource_type": "table*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "subscriptionDefinition" + "resource_type": "catalog" }, { "condition_keys": [ - "aws:TagKeys" + "glue:LakeFormationPermissions" ], "dependent_actions": [], "resource_type": "" @@ -151908,566 +156619,535 @@ }, { "access_level": "Write", - "description": "Grants permission to update the connectivity information for a Greengrass core. Any devices that belong to the group that has this core will receive this information in order to find the location of the core and connect to it", - "privilege": "UpdateConnectivityInfo", + "description": "Grants permission to update the configuration for an existing table optimizer", + "privilege": "UpdateTableOptimizer", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "glue:GetTable" + ], + "resource_type": "database*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "connectivityInfo*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a connector definition", - "privilege": "UpdateConnectorDefinition", - "resource_types": [ + "resource_type": "rootcatalog*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "connectorDefinition*" + "resource_type": "table*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a core definition", - "privilege": "UpdateCoreDefinition", + "description": "Grants permission to update a trigger", + "privilege": "UpdateTrigger", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "coreDefinition*" + "resource_type": "trigger*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a device definition", - "privilege": "UpdateDeviceDefinition", + "description": "Grants permission to update a usage profile", + "privilege": "UpdateUsageProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deviceDefinition*" + "resource_type": "usageProfile*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a Lambda function definition", - "privilege": "UpdateFunctionDefinition", + "description": "Grants permission to update a function definition", + "privilege": "UpdateUserDefinedFunction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "functionDefinition*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a group", - "privilege": "UpdateGroup", - "resource_types": [ + "resource_type": "database*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update the certificate expiry time for a group", - "privilege": "UpdateGroupCertificateConfiguration", - "resource_types": [ + "resource_type": "rootcatalog*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" + "resource_type": "userdefinedfunction*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "catalog" + }, + { + "condition_keys": [ + "glue:LakeFormationPermissions" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a logger definition", - "privilege": "UpdateLoggerDefinition", + "description": "Grants permission to update a workflow", + "privilege": "UpdateWorkflow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "loggerDefinition*" + "resource_type": "workflow*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a resource definition", - "privilege": "UpdateResourceDefinition", + "description": "Grants permission to upgrade a job to the latest version", + "privilege": "UpgradeJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "resourceDefinition*" + "resource_type": "job*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a subscription definition", - "privilege": "UpdateSubscriptionDefinition", + "access_level": "Permissions management", + "description": "Grants permission to use Glue Studio and access its internal APIs", + "privilege": "UseGlueStudio", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "subscriptionDefinition*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update runtime configuration of a thing", - "privilege": "UpdateThingRuntimeConfiguration", + "description": "Grants permission to use an ML Transform from within a Glue ETL Script", + "privilege": "UseMLTransforms", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "thingRuntimeConfig*" + "resource_type": "mlTransform*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/things/${ThingName}/connectivityInfo", + "arn": "arn:${Partition}:glue:${Region}:${Account}:catalog", "condition_keys": [], - "resource": "connectivityInfo" + "resource": "rootcatalog" }, { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/groups/${GroupId}/certificateauthorities/${CertificateAuthorityId}", + "arn": "arn:${Partition}:glue:${Region}:${Account}:catalog/${CatalogName}", "condition_keys": [], - "resource": "certificateAuthority" + "resource": "catalog" + }, + { + "arn": "arn:${Partition}:glue:${Region}:${Account}:database/${DatabaseName}", + "condition_keys": [], + "resource": "database" + }, + { + "arn": "arn:${Partition}:glue:${Region}:${Account}:table/${DatabaseName}/${TableName}", + "condition_keys": [], + "resource": "table" + }, + { + "arn": "arn:${Partition}:glue:${Region}:${Account}:tableVersion/${DatabaseName}/${TableName}/${TableVersionName}", + "condition_keys": [], + "resource": "tableversion" + }, + { + "arn": "arn:${Partition}:glue:${Region}:${Account}:connection/${ConnectionName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "connection" }, { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/groups/${GroupId}/deployments/${DeploymentId}", + "arn": "arn:${Partition}:glue:${Region}:${Account}:userDefinedFunction/${DatabaseName}/${UserDefinedFunctionName}", "condition_keys": [], - "resource": "deployment" + "resource": "userdefinedfunction" }, { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/bulk/deployments/${BulkDeploymentId}", + "arn": "arn:${Partition}:glue:${Region}:${Account}:devEndpoint/${DevEndpointName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "bulkDeployment" + "resource": "devendpoint" }, { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/groups/${GroupId}", + "arn": "arn:${Partition}:glue:${Region}:${Account}:job/${JobName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "group" - }, - { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/groups/${GroupId}/versions/${VersionId}", - "condition_keys": [], - "resource": "groupVersion" + "resource": "job" }, { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/cores/${CoreDefinitionId}", + "arn": "arn:${Partition}:glue:${Region}:${Account}:trigger/${TriggerName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "coreDefinition" - }, - { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/cores/${CoreDefinitionId}/versions/${VersionId}", - "condition_keys": [], - "resource": "coreDefinitionVersion" + "resource": "trigger" }, { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/devices/${DeviceDefinitionId}", + "arn": "arn:${Partition}:glue:${Region}:${Account}:crawler/${CrawlerName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "deviceDefinition" - }, - { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/devices/${DeviceDefinitionId}/versions/${VersionId}", - "condition_keys": [], - "resource": "deviceDefinitionVersion" + "resource": "crawler" }, { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/functions/${FunctionDefinitionId}", + "arn": "arn:${Partition}:glue:${Region}:${Account}:workflow/${WorkflowName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "functionDefinition" - }, - { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/functions/${FunctionDefinitionId}/versions/${VersionId}", - "condition_keys": [], - "resource": "functionDefinitionVersion" + "resource": "workflow" }, { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/subscriptions/${SubscriptionDefinitionId}", + "arn": "arn:${Partition}:glue:${Region}:${Account}:blueprint/${BlueprintName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "subscriptionDefinition" + "resource": "blueprint" }, { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/subscriptions/${SubscriptionDefinitionId}/versions/${VersionId}", - "condition_keys": [], - "resource": "subscriptionDefinitionVersion" + "arn": "arn:${Partition}:glue:${Region}:${Account}:mlTransform/${TransformId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "mlTransform" }, { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/loggers/${LoggerDefinitionId}", + "arn": "arn:${Partition}:glue:${Region}:${Account}:registry/${RegistryName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "loggerDefinition" + "resource": "registry" }, { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/loggers/${LoggerDefinitionId}/versions/${VersionId}", - "condition_keys": [], - "resource": "loggerDefinitionVersion" + "arn": "arn:${Partition}:glue:${Region}:${Account}:schema/${SchemaName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "schema" }, { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/resources/${ResourceDefinitionId}", + "arn": "arn:${Partition}:glue:${Region}:${Account}:session/${SessionId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "resourceDefinition" + "resource": "session" }, { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/resources/${ResourceDefinitionId}/versions/${VersionId}", - "condition_keys": [], - "resource": "resourceDefinitionVersion" + "arn": "arn:${Partition}:glue:${Region}:${Account}:usageProfile/${UsageProfileId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "usageProfile" }, { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/connectors/${ConnectorDefinitionId}", + "arn": "arn:${Partition}:glue:${Region}:${Account}:dataQualityRuleset/${RulesetName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "connectorDefinition" + "resource": "dataQualityRuleset" }, { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/connectors/${ConnectorDefinitionId}/versions/${VersionId}", - "condition_keys": [], - "resource": "connectorDefinitionVersion" + "arn": "arn:${Partition}:glue:${Region}:${Account}:customEntityType/${CustomEntityTypeId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "customEntityType" }, { - "arn": "arn:${Partition}:iot:${Region}:${Account}:thing/${ThingName}", + "arn": "arn:${Partition}:glue:${Region}:${Account}:completion/${CompletionId}", "condition_keys": [], - "resource": "thing" + "resource": "completion" }, { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/things/${ThingName}/runtimeconfig", - "condition_keys": [], - "resource": "thingRuntimeConfig" + "arn": "arn:${Partition}:glue:${Region}:${Account}:integration:${IntegrationId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "integration" } ], - "service_name": "AWS IoT Greengrass" + "service_name": "AWS Glue" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", + "description": "Filters access by actions based on the presence of tag key-value pairs in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", + "description": "Filters access by actions based on tag key-value pairs attached to the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", + "description": "Filters access by actions based on the presence of tag keys in the request", "type": "ArrayOfString" - }, - { - "condition": "groundstation:AgentId", - "description": "Filters access by the ID of an agent", - "type": "String" - }, - { - "condition": "groundstation:ConfigId", - "description": "Filters access by the ID of a config", - "type": "String" - }, - { - "condition": "groundstation:ConfigType", - "description": "Filters access by the type of a config", - "type": "String" - }, - { - "condition": "groundstation:ContactId", - "description": "Filters access by the ID of a contact", - "type": "String" - }, - { - "condition": "groundstation:DataflowEndpointGroupId", - "description": "Filters access by the ID of a dataflow endpoint group", - "type": "String" - }, - { - "condition": "groundstation:EphemerisId", - "description": "Filters access by the ID of an ephemeris", - "type": "String" - }, - { - "condition": "groundstation:GroundStationId", - "description": "Filters access by the ID of a ground station", - "type": "String" - }, - { - "condition": "groundstation:MissionProfileId", - "description": "Filters access by the ID of a mission profile", - "type": "String" - }, - { - "condition": "groundstation:SatelliteId", - "description": "Filters access by the ID of a satellite", - "type": "String" } ], - "prefix": "groundstation", + "prefix": "grafana", "privileges": [ { "access_level": "Write", - "description": "Grants permission to cancel a contact", - "privilege": "CancelContact", + "description": "Grants permission to upgrade a workspace with a license", + "privilege": "AssociateLicense", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "Contact*" + "dependent_actions": [ + "aws-marketplace:ViewSubscriptions" + ], + "resource_type": "workspace*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a configuration", - "privilege": "CreateConfig", + "description": "Grants permission to create a workspace", + "privilege": "CreateWorkspace", "resource_types": [ { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [ + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:GetManagedPrefixListEntries", + "iam:CreateServiceLinkedRole", + "organizations:DescribeOrganization", + "sso:CreateManagedApplicationInstance", + "sso:DescribeRegisteredRegions", + "sso:GetSharedSsoConfiguration" ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a data flow endpoint group", - "privilege": "CreateDataflowEndpointGroup", + "description": "Grants permission to create API keys for a workspace", + "privilege": "CreateWorkspaceApiKey", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "workspace*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an ephemeris item", - "privilege": "CreateEphemeris", + "description": "Grants permission to create service accounts for a workspace", + "privilege": "CreateWorkspaceServiceAccount", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "workspace*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a mission profile", - "privilege": "CreateMissionProfile", + "description": "Grants permission to create service account tokens for a workspace", + "privilege": "CreateWorkspaceServiceAccountToken", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "workspace*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a config", - "privilege": "DeleteConfig", + "description": "Grants permission to delete a workspace", + "privilege": "DeleteWorkspace", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "Config*" + "dependent_actions": [ + "sso:DeleteManagedApplicationInstance" + ], + "resource_type": "workspace*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a data flow endpoint group", - "privilege": "DeleteDataflowEndpointGroup", + "description": "Grants permission to delete API keys from a workspace", + "privilege": "DeleteWorkspaceApiKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "DataflowEndpointGroup*" + "resource_type": "workspace*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an ephemeris item", - "privilege": "DeleteEphemeris", + "description": "Grants permission to delete service accounts for a workspace", + "privilege": "DeleteWorkspaceServiceAccount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "EphemerisItem*" + "resource_type": "workspace*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a mission profile", - "privilege": "DeleteMissionProfile", + "description": "Grants permission to delete service account tokens for a workspace", + "privilege": "DeleteWorkspaceServiceAccountToken", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "MissionProfile*" + "resource_type": "workspace*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a contact", - "privilege": "DescribeContact", + "description": "Grants permission to describe a workspace", + "privilege": "DescribeWorkspace", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Contact*" + "resource_type": "workspace*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe an ephemeris item", - "privilege": "DescribeEphemeris", + "description": "Grants permission to describe authentication providers on a workspace", + "privilege": "DescribeWorkspaceAuthentication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "EphemerisItem*" + "resource_type": "workspace*" } ] }, { "access_level": "Read", - "description": "Grants permission to get the configuration of an agent", - "privilege": "GetAgentConfiguration", + "description": "Grants permission to describe the current configuration string for the given workspace", + "privilege": "DescribeWorkspaceConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Agent*" + "resource_type": "workspace*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return a configuration", - "privilege": "GetConfig", + "access_level": "Write", + "description": "Grants permission to remove a license from a workspace", + "privilege": "DisassociateLicense", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Config*" + "resource_type": "workspace*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return a data flow endpoint group", - "privilege": "GetDataflowEndpointGroup", + "access_level": "List", + "description": "Grants permission to list the permissions on a wokspace", + "privilege": "ListPermissions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "DataflowEndpointGroup*" + "resource_type": "workspace*" } ] }, { "access_level": "Read", - "description": "Grants permission to return minutes usage", - "privilege": "GetMinuteUsage", + "description": "Grants permission to list tags associated with a workspace", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "workspace" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a mission profile", - "privilege": "GetMissionProfile", + "access_level": "List", + "description": "Grants permission to list all available supported Grafana versions. Optionally, include a workspace to list the versions to which it can be upgraded", + "privilege": "ListVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "MissionProfile*" + "resource_type": "workspace" } ] }, { "access_level": "Read", - "description": "Grants permission to return information about a satellite", - "privilege": "GetSatellite", + "description": "Grants permission to list service account tokens for a workspace", + "privilege": "ListWorkspaceServiceAccountTokens", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Satellite*" + "resource_type": "workspace*" } ] }, { - "access_level": "List", - "description": "Grants permission to return a list of past configurations", - "privilege": "ListConfigs", + "access_level": "Read", + "description": "Grants permission to list service accounts for a workspace", + "privilege": "ListWorkspaceServiceAccounts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "workspace*" } ] }, { - "access_level": "List", - "description": "Grants permission to return a list of contacts", - "privilege": "ListContacts", + "access_level": "Read", + "description": "Grants permission to list workspaces", + "privilege": "ListWorkspaces", "resource_types": [ { "condition_keys": [], @@ -152477,96 +157157,145 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list data flow endpoint groups", - "privilege": "ListDataflowEndpointGroups", + "access_level": "Tagging", + "description": "Grants permission to add tags to, or update tag values of, a workspace", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "workspace*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list ephemerides", - "privilege": "ListEphemerides", + "access_level": "Tagging", + "description": "Grants permission to remove tags from a workspace", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "workspace*" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list ground stations", - "privilege": "ListGroundStations", + "access_level": "Permissions management", + "description": "Grants permission to modify the permissions on a workspace", + "privilege": "UpdatePermissions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "workspace*" } ] }, { - "access_level": "List", - "description": "Grants permission to return a list of mission profiles", - "privilege": "ListMissionProfiles", + "access_level": "Write", + "description": "Grants permission to modify a workspace", + "privilege": "UpdateWorkspace", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:GetManagedPrefixListEntries", + "iam:CreateServiceLinkedRole" + ], + "resource_type": "workspace*" } ] }, { - "access_level": "List", - "description": "Grants permission to list satellites", - "privilege": "ListSatellites", + "access_level": "Write", + "description": "Grants permission to modify authentication providers on a workspace", + "privilege": "UpdateWorkspaceAuthentication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "workspace*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list tags for a resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to update the configuration string for the given workspace", + "privilege": "UpdateWorkspaceConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Config" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Contact" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "DataflowEndpointGroup" - }, + "resource_type": "workspace*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:grafana:${Region}:${Account}:/workspaces/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "workspace" + } + ], + "service_name": "Amazon Managed Grafana" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the allowed set of values for each of the mandatory tags", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tag value associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the presence of mandatory tags in the request", + "type": "ArrayOfString" + } + ], + "prefix": "greengrass", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to associate a role with a group. The role's permissions must allow Greengrass core Lambda functions and connectors to perform actions in other AWS services", + "privilege": "AssociateRoleToGroup", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "MissionProfile" + "resource_type": "group*" } ] }, { - "access_level": "Write", - "description": "Grants permission to register an agent", - "privilege": "RegisterAgent", + "access_level": "Permissions management", + "description": "Grants permission to associate a role with your account. AWS IoT Greengrass uses this role to access your Lambda functions and AWS IoT resources", + "privilege": "AssociateServiceRoleToAccount", "resource_types": [ { "condition_keys": [], @@ -152577,8 +157306,8 @@ }, { "access_level": "Write", - "description": "Grants permission to reserve a contact", - "privilege": "ReserveContact", + "description": "Grants permission to create a connector definition", + "privilege": "CreateConnectorDefinition", "resource_types": [ { "condition_keys": [ @@ -152591,77 +157320,25 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to assign a resource tag", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to create a version of an existing connector definition", + "privilege": "CreateConnectorDefinitionVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Config" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Contact" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "DataflowEndpointGroup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "EphemerisItem" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "MissionProfile" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "connectorDefinition*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to unassign a resource tag", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to create a core definition", + "privilege": "CreateCoreDefinition", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Config" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Contact" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "DataflowEndpointGroup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "EphemerisItem" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "MissionProfile" - }, { "condition_keys": [ + "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -152671,130 +157348,65 @@ }, { "access_level": "Write", - "description": "Grants permission to update the status of an agent", - "privilege": "UpdateAgentStatus", + "description": "Grants permission to create a version of an existing core definition. Greengrass groups must each contain exactly one Greengrass core", + "privilege": "CreateCoreDefinitionVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Agent*" + "resource_type": "coreDefinition*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a configuration", - "privilege": "UpdateConfig", + "description": "Grants permission to create a deployment", + "privilege": "CreateDeployment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Config*" + "resource_type": "group*" } ] }, { "access_level": "Write", - "description": "Grants permission to update an ephemeris item", - "privilege": "UpdateEphemeris", + "description": "Grants permission to create a device definition", + "privilege": "CreateDeviceDefinition", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "EphemerisItem*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a mission profile", - "privilege": "UpdateMissionProfile", + "description": "Grants permission to create a version of an existing device definition", + "privilege": "CreateDeviceDefinitionVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "MissionProfile*" + "resource_type": "deviceDefinition*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:groundstation:${Region}:${Account}:config/${ConfigType}/${ConfigId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "groundstation:ConfigId", - "groundstation:ConfigType" - ], - "resource": "Config" - }, - { - "arn": "arn:${Partition}:groundstation:${Region}:${Account}:contact/${ContactId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "groundstation:ContactId" - ], - "resource": "Contact" - }, - { - "arn": "arn:${Partition}:groundstation:${Region}:${Account}:dataflow-endpoint-group/${DataflowEndpointGroupId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "groundstation:DataflowEndpointGroupId" - ], - "resource": "DataflowEndpointGroup" - }, - { - "arn": "arn:${Partition}:groundstation:${Region}:${Account}:ephemeris/${EphemerisId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "groundstation:EphemerisId" - ], - "resource": "EphemerisItem" - }, - { - "arn": "arn:${Partition}:groundstation:${Region}:${Account}:groundstation:${GroundStationId}", - "condition_keys": [ - "groundstation:GroundStationId" - ], - "resource": "GroundStationResource" - }, - { - "arn": "arn:${Partition}:groundstation:${Region}:${Account}:mission-profile/${MissionProfileId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "groundstation:MissionProfileId" - ], - "resource": "MissionProfile" - }, - { - "arn": "arn:${Partition}:groundstation:${Region}:${Account}:satellite/${SatelliteId}", - "condition_keys": [ - "groundstation:SatelliteId" - ], - "resource": "Satellite" }, - { - "arn": "arn:${Partition}:groundstation:${Region}:${Account}:agent/${AgentId}", - "condition_keys": [ - "groundstation:AgentId" - ], - "resource": "Agent" - } - ], - "service_name": "AWS Ground Station" - }, - { - "conditions": [], - "prefix": "groundtruthlabeling", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to associate a patch file with the manifest file to update the manifest file", - "privilege": "AssociatePatchToManifestJob", + "description": "Grants permission to create a Lambda function definition to be used in a group that contains a list of Lambda functions and their configurations", + "privilege": "CreateFunctionDefinition", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -152802,23 +157414,26 @@ }, { "access_level": "Write", - "description": "Grants permission to create a GT+ Batch", - "privilege": "CreateBatch", + "description": "Grants permission to create a version of an existing Lambda function definition", + "privilege": "CreateFunctionDefinitionVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "functionDefinition*" } ] }, { "access_level": "Write", - "description": "Grants permission to create intake form", - "privilege": "CreateIntakeForm", + "description": "Grants permission to create a group", + "privilege": "CreateGroup", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -152826,35 +157441,38 @@ }, { "access_level": "Write", - "description": "Grants permission to create a GT+ Project", - "privilege": "CreateProject", + "description": "Grants permission to create a CA for the group, or rotate the existing CA", + "privilege": "CreateGroupCertificateAuthority", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "group*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a GT+ Workflow Definition", - "privilege": "CreateWorkflowDefinition", + "description": "Grants permission to create a version of a group that has already been defined", + "privilege": "CreateGroupVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "group*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get status of GroundTruthLabeling Jobs", - "privilege": "DescribeConsoleJob", + "access_level": "Write", + "description": "Grants permission to create a logger definition", + "privilege": "CreateLoggerDefinition", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -152862,44 +157480,47 @@ }, { "access_level": "Write", - "description": "Grants permission to generate LiDAR Preview Task", - "privilege": "GenerateLIDARPreviewTaskConfigJob", + "description": "Grants permission to create a version of an existing logger definition", + "privilege": "CreateLoggerDefinitionVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "loggerDefinition*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a GT+ Batch", - "privilege": "GetBatch", + "access_level": "Write", + "description": "Grants permission to create a resource definition that contains a list of resources to be used in a group", + "privilege": "CreateResourceDefinition", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a intake forms", - "privilege": "GetIntakeFormStatus", + "access_level": "Write", + "description": "Grants permission to create a version of an existing resource definition", + "privilege": "CreateResourceDefinitionVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "resourceDefinition*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list a GT+ Batchs", - "privilege": "ListBatches", + "access_level": "Write", + "description": "Grants permission to create an AWS IoT job that will trigger your Greengrass cores to update the software they are running", + "privilege": "CreateSoftwareUpdateJob", "resource_types": [ { "condition_keys": [], @@ -152909,515 +157530,453 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list dataset objects in a manifest file", - "privilege": "ListDatasetObjects", + "access_level": "Write", + "description": "Grants permission to create a subscription definition", + "privilege": "CreateSubscriptionDefinition", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list a GT+ Projects", - "privilege": "ListProjects", + "access_level": "Write", + "description": "Grants permission to create a version of an existing subscription definition", + "privilege": "CreateSubscriptionDefinitionVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "subscriptionDefinition*" } ] }, { "access_level": "Write", - "description": "Grants permission to filter records from a manifest file using S3 select. Get sample entries based on random sampling", - "privilege": "RunFilterOrSampleDatasetJob", + "description": "Grants permission to delete a connector definition", + "privilege": "DeleteConnectorDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "connectorDefinition*" } ] }, { "access_level": "Write", - "description": "Grants permission to list a S3 prefix and create manifest files from objects in that location", - "privilege": "RunGenerateManifestByCrawlingJob", + "description": "Grants permission to delete a core definition. Deleting a definition that is currently in use in a deployment affects future deployments", + "privilege": "DeleteCoreDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "coreDefinition*" } ] }, { "access_level": "Write", - "description": "Grants permission to generate metrics from objects in manifest", - "privilege": "RunGenerateManifestMetricsJob", + "description": "Grants permission to delete a device definition. Deleting a definition that is currently in use in a deployment affects future deployments", + "privilege": "DeleteDeviceDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "deviceDefinition*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a GT+ Batch", - "privilege": "UpdateBatch", + "description": "Grants permission to delete a Lambda function definition. Deleting a definition that is currently in use in a deployment affects future deployments", + "privilege": "DeleteFunctionDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "functionDefinition*" } ] - } - ], - "resources": [], - "service_name": "Amazon GroundTruth Labeling" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tag key-value pairs attached to the resource", - "type": "String" }, - { - "condition": "aws:TagKeys", - "description": "Filters access by tag keys in the request", - "type": "ArrayOfString" - } - ], - "prefix": "guardduty", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to accept invitations to become a GuardDuty member account", - "privilege": "AcceptAdministratorInvitation", + "description": "Grants permission to delete a group that is not currently in use in a deployment", + "privilege": "DeleteGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "group*" } ] }, { "access_level": "Write", - "description": "Grants permission to accept invitations to become a GuardDuty member account", - "privilege": "AcceptInvitation", + "description": "Grants permission to delete a logger definition. Deleting a definition that is currently in use in a deployment affects future deployments", + "privilege": "DeleteLoggerDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "loggerDefinition*" } ] }, { "access_level": "Write", - "description": "Grants permission to archive GuardDuty findings", - "privilege": "ArchiveFindings", + "description": "Grants permission to delete a resource definition", + "privilege": "DeleteResourceDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "resourceDefinition*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a detector", - "privilege": "CreateDetector", + "description": "Grants permission to delete a subscription definition. Deleting a definition that is currently in use in a deployment affects future deployments", + "privilege": "DeleteSubscriptionDefinition", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "subscriptionDefinition*" } ] }, { "access_level": "Write", - "description": "Grants permission to create GuardDuty filters. A filters defines finding attributes and conditions used to filter findings", - "privilege": "CreateFilter", + "description": "Grants permission to disassociate the role from a group", + "privilege": "DisassociateRoleFromGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "filter*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "group*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an IPSet", - "privilege": "CreateIPSet", + "description": "Grants permission to disassociate the service role from an account. Without a service role, deployments will not work", + "privilege": "DisassociateServiceRoleFromAccount", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "iam:DeleteRolePolicy", - "iam:PutRolePolicy" - ], + "condition_keys": [], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new Malware Protection plan", - "privilege": "CreateMalwareProtectionPlan", + "access_level": "Read", + "description": "Grants permission to retrieve information required to connect to a Greengrass core", + "privilege": "Discover", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "thing*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create GuardDuty member accounts, where the account used to create a member becomes the GuardDuty administrator account", - "privilege": "CreateMembers", + "access_level": "Read", + "description": "Grants permission to retrieve the role associated with a group", + "privilege": "GetAssociatedRole", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "group*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a publishing destination", - "privilege": "CreatePublishingDestination", + "access_level": "Read", + "description": "Grants permission to return the status of a bulk deployment", + "privilege": "GetBulkDeploymentStatus", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "s3:GetObject", - "s3:ListBucket" - ], - "resource_type": "" + "dependent_actions": [], + "resource_type": "bulkDeployment*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create sample findings", - "privilege": "CreateSampleFindings", + "access_level": "Read", + "description": "Grants permission to retrieve the connectivity information for a core", + "privilege": "GetConnectivityInfo", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "connectivityInfo*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create GuardDuty ThreatIntelSets, where a ThreatIntelSet consists of known malicious IP addresses used by GuardDuty to generate findings", - "privilege": "CreateThreatIntelSet", + "access_level": "Read", + "description": "Grants permission to retrieve information about a connector definition", + "privilege": "GetConnectorDefinition", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "connectorDefinition*" } ] }, { - "access_level": "Write", - "description": "Grants permission to decline invitations to become a GuardDuty member account", - "privilege": "DeclineInvitations", + "access_level": "Read", + "description": "Grants permission to retrieve information about a connector definition version", + "privilege": "GetConnectorDefinitionVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete GuardDuty detectors", - "privilege": "DeleteDetector", - "resource_types": [ + "resource_type": "connectorDefinition*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" + "resource_type": "connectorDefinitionVersion*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete GuardDuty filters", - "privilege": "DeleteFilter", + "access_level": "Read", + "description": "Grants permission to retrieve information about a core definition", + "privilege": "GetCoreDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "filter*" + "resource_type": "coreDefinition*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete GuardDuty IPSets", - "privilege": "DeleteIPSet", + "access_level": "Read", + "description": "Grants permission to retrieve information about a core definition version", + "privilege": "GetCoreDefinitionVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ipset*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete invitations to become a GuardDuty member account", - "privilege": "DeleteInvitations", - "resource_types": [ + "resource_type": "coreDefinition*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "coreDefinitionVersion*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a Malware Protection plan", - "privilege": "DeleteMalwareProtectionPlan", + "access_level": "Read", + "description": "Grants permission to return the status of a deployment", + "privilege": "GetDeploymentStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "malwareprotectionplan*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete GuardDuty member accounts", - "privilege": "DeleteMembers", - "resource_types": [ + "resource_type": "deployment*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "group*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a publishing destination", - "privilege": "DeletePublishingDestination", + "access_level": "Read", + "description": "Grants permission to retrieve information about a device definition", + "privilege": "GetDeviceDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "publishingDestination*" + "resource_type": "deviceDefinition*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete GuardDuty ThreatIntelSets", - "privilege": "DeleteThreatIntelSet", + "access_level": "Read", + "description": "Grants permission to retrieve information about a device definition version", + "privilege": "GetDeviceDefinitionVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "threatintelset*" + "resource_type": "deviceDefinition*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "deviceDefinitionVersion*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve details about malware scans", - "privilege": "DescribeMalwareScans", + "description": "Grants permission to retrieve information about a Lambda function definition, such as its creation time and latest version", + "privilege": "GetFunctionDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "functionDefinition*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve details about the delegated administrator associated with a GuardDuty detector", - "privilege": "DescribeOrganizationConfiguration", + "description": "Grants permission to retrieve information about a Lambda function definition version, such as which Lambda functions are included in the version and their configurations", + "privilege": "GetFunctionDefinitionVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "functionDefinition*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "functionDefinitionVersion*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve details about a publishing destination", - "privilege": "DescribePublishingDestination", + "description": "Grants permission to retrieve information about a group", + "privilege": "GetGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "publishingDestination*" + "resource_type": "group*" } ] }, { - "access_level": "Write", - "description": "Grants permission to disable the organization delegated administrator for GuardDuty", - "privilege": "DisableOrganizationAdminAccount", + "access_level": "Read", + "description": "Grants permission to return the public key of the CA associated with a group", + "privilege": "GetGroupCertificateAuthority", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to disassociate a GuardDuty member account from its GuardDuty administrator account", - "privilege": "DisassociateFromAdministratorAccount", - "resource_types": [ + "resource_type": "certificateAuthority*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "group*" } ] }, { - "access_level": "Write", - "description": "Grants permission to disassociate a GuardDuty member account from its GuardDuty administrator account", - "privilege": "DisassociateFromMasterAccount", + "access_level": "Read", + "description": "Grants permission to retrieve the current configuration for the CA used by a group", + "privilege": "GetGroupCertificateConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "group*" } ] }, { - "access_level": "Write", - "description": "Grants permission to disassociate GuardDuty member accounts from their administrator GuardDuty account", - "privilege": "DisassociateMembers", + "access_level": "Read", + "description": "Grants permission to retrieve information about a group version", + "privilege": "GetGroupVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to enable an organization delegated administrator for GuardDuty", - "privilege": "EnableOrganizationAdminAccount", - "resource_types": [ + "resource_type": "group*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "groupVersion*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve details of the GuardDuty administrator account associated with a member account", - "privilege": "GetAdministratorAccount", + "description": "Grants permission to retrieve information about a logger definition", + "privilege": "GetLoggerDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "loggerDefinition*" } ] }, { "access_level": "Read", - "description": "Grants permission to list Amazon GuardDuty coverage statistics for the specified GuardDuty account in a Region", - "privilege": "GetCoverageStatistics", + "description": "Grants permission to retrieve information about a logger definition version", + "privilege": "GetLoggerDefinitionVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" + "resource_type": "loggerDefinition*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loggerDefinitionVersion*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve GuardDuty detectors", - "privilege": "GetDetector", + "description": "Grants permission to retrieve information about a resource definition, such as its creation time and latest version", + "privilege": "GetResourceDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" + "resource_type": "resourceDefinition*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve GuardDuty filters", - "privilege": "GetFilter", + "description": "Grants permission to retrieve information about a resource definition version, such as which resources are included in the version", + "privilege": "GetResourceDefinitionVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "filter*" + "resource_type": "resourceDefinition*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "resourceDefinitionVersion*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve GuardDuty findings", - "privilege": "GetFindings", + "description": "Grants permission to retrieve the service role that is attached to an account", + "privilege": "GetServiceRoleForAccount", "resource_types": [ { "condition_keys": [], @@ -153428,56 +157987,61 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve a list of GuardDuty finding statistics", - "privilege": "GetFindingsStatistics", + "description": "Grants permission to retrieve information about a subscription definition", + "privilege": "GetSubscriptionDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "subscriptionDefinition*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve GuardDuty IPSets", - "privilege": "GetIPSet", + "description": "Grants permission to retrieve information about a subscription definition version", + "privilege": "GetSubscriptionDefinitionVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ipset*" + "resource_type": "subscriptionDefinition*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "subscriptionDefinitionVersion*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the count of all GuardDuty invitations sent to a specified account, which does not include the accepted invitation", - "privilege": "GetInvitationsCount", + "description": "Grants permission to retrieve runtime configuration of a thing", + "privilege": "GetThingRuntimeConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "thingRuntimeConfig*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve a Malware Protection plan details", - "privilege": "GetMalwareProtectionPlan", + "description": "Grants permission to retrieve a paginated list of the deployments that have been started in a bulk deployment operation and their current deployment status", + "privilege": "ListBulkDeploymentDetailedReports", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "malwareprotectionplan*" + "resource_type": "bulkDeployment*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the malware scan settings", - "privilege": "GetMalwareScanSettings", + "access_level": "List", + "description": "Grants permission to retrieve a list of bulk deployments", + "privilege": "ListBulkDeployments", "resource_types": [ { "condition_keys": [], @@ -153487,21 +158051,21 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve details of the GuardDuty administrator account associated with a member account", - "privilege": "GetMasterAccount", + "access_level": "List", + "description": "Grants permission to list the versions of a connector definition", + "privilege": "ListConnectorDefinitionVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "connectorDefinition*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe which data sources are enabled for member accounts detectors", - "privilege": "GetMemberDetectors", + "access_level": "List", + "description": "Grants permission to retrieve a list of connector definitions", + "privilege": "ListConnectorDefinitions", "resource_types": [ { "condition_keys": [], @@ -153511,21 +158075,21 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the member accounts associated with an administrator account", - "privilege": "GetMembers", + "access_level": "List", + "description": "Grants permission to list the versions of a core definition", + "privilege": "ListCoreDefinitionVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "coreDefinition*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve GuardDuty protection plan coverage statistics for member accounts in a Region", - "privilege": "GetOrganizationStatistics", + "access_level": "List", + "description": "Grants permission to retrieve a list of core definitions", + "privilege": "ListCoreDefinitions", "resource_types": [ { "condition_keys": [], @@ -153535,33 +158099,33 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to provide the number of days left for each data source used in the free trial period", - "privilege": "GetRemainingFreeTrialDays", + "access_level": "List", + "description": "Grants permission to retrieve a list of all deployments for a group", + "privilege": "ListDeployments", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "group*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve GuardDuty ThreatIntelSets", - "privilege": "GetThreatIntelSet", + "access_level": "List", + "description": "Grants permission to list the versions of a device definition", + "privilege": "ListDeviceDefinitionVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "threatintelset*" + "resource_type": "deviceDefinition*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list Amazon GuardDuty usage statistics over the last 30 days for the specified detector ID", - "privilege": "GetUsageStatistics", + "access_level": "List", + "description": "Grants permission to retrieve a list of device definitions", + "privilege": "ListDeviceDefinitions", "resource_types": [ { "condition_keys": [], @@ -153571,57 +158135,57 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to invite other AWS accounts to enable GuardDuty and become GuardDuty member accounts", - "privilege": "InviteMembers", + "access_level": "List", + "description": "Grants permission to list the versions of a Lambda function definition", + "privilege": "ListFunctionDefinitionVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "functionDefinition*" } ] }, { "access_level": "List", - "description": "Grants permission to list all the resource details for a given account in a Region", - "privilege": "ListCoverage", + "description": "Grants permission to retrieve a list of Lambda function definitions", + "privilege": "ListFunctionDefinitions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve a list of GuardDuty detectors", - "privilege": "ListDetectors", + "description": "Grants permission to retrieve a list of current CAs for a group", + "privilege": "ListGroupCertificateAuthorities", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "group*" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve a list of GuardDuty filters", - "privilege": "ListFilters", + "description": "Grants permission to list the versions of a group", + "privilege": "ListGroupVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "group*" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve a list of GuardDuty findings", - "privilege": "ListFindings", + "description": "Grants permission to retrieve a list of groups", + "privilege": "ListGroups", "resource_types": [ { "condition_keys": [], @@ -153632,20 +158196,20 @@ }, { "access_level": "List", - "description": "Grants permission to retrieve a list of GuardDuty IPSets", - "privilege": "ListIPSets", + "description": "Grants permission to list the versions of a logger definition", + "privilege": "ListLoggerDefinitionVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "loggerDefinition*" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve a list of all of the GuardDuty membership invitations that were sent to an AWS account", - "privilege": "ListInvitations", + "description": "Grants permission to retrieve a list of logger definitions", + "privilege": "ListLoggerDefinitions", "resource_types": [ { "condition_keys": [], @@ -153656,20 +158220,20 @@ }, { "access_level": "List", - "description": "Grants permission to retrieve a list of Malware Protection plans", - "privilege": "ListMalwareProtectionPlans", + "description": "Grants permission to list the versions of a resource definition", + "privilege": "ListResourceDefinitionVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "resourceDefinition*" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve a list of GuardDuty member accounts associated with an administrator account", - "privilege": "ListMembers", + "description": "Grants permission to retrieve a list of resource definitions", + "privilege": "ListResourceDefinitions", "resource_types": [ { "condition_keys": [], @@ -153680,20 +158244,20 @@ }, { "access_level": "List", - "description": "Grants permission to list details about the organization delegated administrator for GuardDuty", - "privilege": "ListOrganizationAdminAccounts", + "description": "Grants permission to list the versions of a subscription definition", + "privilege": "ListSubscriptionDefinitionVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "subscriptionDefinition*" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve a list of publishing destinations", - "privilege": "ListPublishingDestinations", + "description": "Grants permission to retrieve a list of subscription definitions", + "privilege": "ListSubscriptionDefinitions", "resource_types": [ { "condition_keys": [], @@ -153704,79 +158268,86 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve a list of tags associated with a GuardDuty resource", + "description": "Grants permission to list the tags for a resource", "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector" + "resource_type": "bulkDeployment" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "filter" + "resource_type": "connectorDefinition" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ipset" + "resource_type": "coreDefinition" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "malwareprotectionplan" + "resource_type": "deviceDefinition" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "threatintelset" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to retrieve a list of GuardDuty ThreatIntelSets", - "privilege": "ListThreatIntelSets", - "resource_types": [ + "resource_type": "functionDefinition" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to send security telemetry for a specific GuardDuty account in a Region", - "privilege": "SendSecurityTelemetry", - "resource_types": [ + "resource_type": "group" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loggerDefinition" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "resourceDefinition" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "subscriptionDefinition" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to initiate a new malware scan", - "privilege": "StartMalwareScan", + "description": "Grants permission to reset a group's deployments", + "privilege": "ResetDeployments", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "group*" } ] }, { "access_level": "Write", - "description": "Grants permission to a GuardDuty administrator account to monitor findings from GuardDuty member accounts", - "privilege": "StartMonitoringMembers", + "description": "Grants permission to deploy multiple groups in one operation", + "privilege": "StartBulkDeployment", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -153784,45 +158355,65 @@ }, { "access_level": "Write", - "description": "Grants permission to disable monitoring findings from member accounts", - "privilege": "StopMonitoringMembers", + "description": "Grants permission to stop the execution of a bulk deployment", + "privilege": "StopBulkDeployment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "bulkDeployment*" } ] }, { "access_level": "Tagging", - "description": "Grants permission to add tags to a GuardDuty resource", + "description": "Grants permission to add tags to a resource", "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector" + "resource_type": "bulkDeployment" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "filter" + "resource_type": "connectorDefinition" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ipset" + "resource_type": "coreDefinition" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "malwareprotectionplan" + "resource_type": "deviceDefinition" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "threatintelset" + "resource_type": "functionDefinition" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "group" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loggerDefinition" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "resourceDefinition" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "subscriptionDefinition" }, { "condition_keys": [ @@ -153835,46 +158426,54 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to unarchive GuardDuty findings", - "privilege": "UnarchiveFindings", + "access_level": "Tagging", + "description": "Grants permission to remove tags from a resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to remove tags from a GuardDuty resource", - "privilege": "UntagResource", - "resource_types": [ + "resource_type": "bulkDeployment" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector" + "resource_type": "connectorDefinition" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "filter" + "resource_type": "coreDefinition" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ipset" + "resource_type": "deviceDefinition" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "malwareprotectionplan" + "resource_type": "functionDefinition" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "threatintelset" + "resource_type": "group" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loggerDefinition" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "resourceDefinition" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "subscriptionDefinition" }, { "condition_keys": [ @@ -153887,1035 +158486,707 @@ }, { "access_level": "Write", - "description": "Grants permission to update GuardDuty detectors", - "privilege": "UpdateDetector", + "description": "Grants permission to update the connectivity information for a Greengrass core. Any devices that belong to the group that has this core will receive this information in order to find the location of the core and connect to it", + "privilege": "UpdateConnectivityInfo", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" + "resource_type": "connectivityInfo*" } ] }, { "access_level": "Write", - "description": "Grants permission to updates GuardDuty filters", - "privilege": "UpdateFilter", + "description": "Grants permission to update a connector definition", + "privilege": "UpdateConnectorDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "filter*" + "resource_type": "connectorDefinition*" } ] }, { "access_level": "Write", - "description": "Grants permission to update findings feedback to mark GuardDuty findings as useful or not useful", - "privilege": "UpdateFindingsFeedback", + "description": "Grants permission to update a core definition", + "privilege": "UpdateCoreDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "coreDefinition*" } ] }, { "access_level": "Write", - "description": "Grants permission to update GuardDuty IPSets", - "privilege": "UpdateIPSet", + "description": "Grants permission to update a device definition", + "privilege": "UpdateDeviceDefinition", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:DeleteRolePolicy", - "iam:PutRolePolicy" - ], - "resource_type": "ipset*" + "dependent_actions": [], + "resource_type": "deviceDefinition*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the Malware Protection plan", - "privilege": "UpdateMalwareProtectionPlan", + "description": "Grants permission to update a Lambda function definition", + "privilege": "UpdateFunctionDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "malwareprotectionplan*" + "resource_type": "functionDefinition*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the malware scan settings", - "privilege": "UpdateMalwareScanSettings", + "description": "Grants permission to update a group", + "privilege": "UpdateGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "group*" } ] }, { "access_level": "Write", - "description": "Grants permission to update which data sources are enabled for member accounts detectors", - "privilege": "UpdateMemberDetectors", + "description": "Grants permission to update the certificate expiry time for a group", + "privilege": "UpdateGroupCertificateConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "group*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the delegated administrator configuration associated with a GuardDuty detector", - "privilege": "UpdateOrganizationConfiguration", + "description": "Grants permission to update a logger definition", + "privilege": "UpdateLoggerDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "loggerDefinition*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a publishing destination", - "privilege": "UpdatePublishingDestination", + "description": "Grants permission to update a resource definition", + "privilege": "UpdateResourceDefinition", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "s3:GetObject", - "s3:ListBucket" - ], - "resource_type": "publishingDestination*" + "dependent_actions": [], + "resource_type": "resourceDefinition*" } ] }, { "access_level": "Write", - "description": "Grants permission to updates the GuardDuty ThreatIntelSets", - "privilege": "UpdateThreatIntelSet", + "description": "Grants permission to update a subscription definition", + "privilege": "UpdateSubscriptionDefinition", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:DeleteRolePolicy", - "iam:PutRolePolicy" - ], - "resource_type": "threatintelset*" + "dependent_actions": [], + "resource_type": "subscriptionDefinition*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update runtime configuration of a thing", + "privilege": "UpdateThingRuntimeConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "thingRuntimeConfig*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:guardduty:${Region}:${Account}:detector/${DetectorId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "detector" + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/things/${ThingName}/connectivityInfo", + "condition_keys": [], + "resource": "connectivityInfo" }, { - "arn": "arn:${Partition}:guardduty:${Region}:${Account}:detector/${DetectorId}/filter/${FilterName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "filter" + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/groups/${GroupId}/certificateauthorities/${CertificateAuthorityId}", + "condition_keys": [], + "resource": "certificateAuthority" }, { - "arn": "arn:${Partition}:guardduty:${Region}:${Account}:detector/${DetectorId}/ipset/${IPSetId}", + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/groups/${GroupId}/deployments/${DeploymentId}", + "condition_keys": [], + "resource": "deployment" + }, + { + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/bulk/deployments/${BulkDeploymentId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "ipset" + "resource": "bulkDeployment" }, { - "arn": "arn:${Partition}:guardduty:${Region}:${Account}:detector/${DetectorId}/threatintelset/${ThreatIntelSetId}", + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/groups/${GroupId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "threatintelset" + "resource": "group" }, { - "arn": "arn:${Partition}:guardduty:${Region}:${Account}:detector/${DetectorId}/publishingDestination/${PublishingDestinationId}", + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/groups/${GroupId}/versions/${VersionId}", "condition_keys": [], - "resource": "publishingDestination" + "resource": "groupVersion" }, { - "arn": "arn:${Partition}:guardduty:${Region}:${Account}:malware-protection-plan/${MalwareProtectionPlanId}", + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/cores/${CoreDefinitionId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "malwareprotectionplan" - } - ], - "service_name": "Amazon GuardDuty" - }, - { - "conditions": [ - { - "condition": "health:eventTypeCode", - "description": "Filters access by event type", - "type": "String" + "resource": "coreDefinition" }, { - "condition": "health:service", - "description": "Filters access by impacted service", - "type": "String" - } - ], - "prefix": "health", - "privileges": [ - { - "access_level": "Read", - "description": "Grants permission to retrieve a list of accounts that have been affected by the specified events in organization", - "privilege": "DescribeAffectedAccountsForOrganization", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "organizations:ListAccounts" - ], - "resource_type": "" - } - ] + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/cores/${CoreDefinitionId}/versions/${VersionId}", + "condition_keys": [], + "resource": "coreDefinitionVersion" }, { - "access_level": "Read", - "description": "Grants permission to retrieve a list of entities that have been affected by the specified events", - "privilege": "DescribeAffectedEntities", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "event*" - }, - { - "condition_keys": [ - "health:eventTypeCode", - "health:service" - ], - "dependent_actions": [], - "resource_type": "" - } - ] + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/devices/${DeviceDefinitionId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "deviceDefinition" }, { - "access_level": "Read", - "description": "Grants permission to retrieve a list of entities that have been affected by the specified events and accounts in organization", - "privilege": "DescribeAffectedEntitiesForOrganization", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "organizations:ListAccounts" - ], - "resource_type": "" - } - ] + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/devices/${DeviceDefinitionId}/versions/${VersionId}", + "condition_keys": [], + "resource": "deviceDefinitionVersion" }, { - "access_level": "Read", - "description": "Grants permission to retrieve the number of entities that are affected by each of the specified events", - "privilege": "DescribeEntityAggregates", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/functions/${FunctionDefinitionId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "functionDefinition" }, { - "access_level": "Read", - "description": "Grants permission to retrieve the number of entities that are affected by each of the specified events in an organization", - "privilege": "DescribeEntityAggregatesForOrganization", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "organizations:ListAccounts" - ], - "resource_type": "" - } - ] + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/functions/${FunctionDefinitionId}/versions/${VersionId}", + "condition_keys": [], + "resource": "functionDefinitionVersion" }, { - "access_level": "Read", - "description": "Grants permission to retrieve the number of events of each event type (issue, scheduled change, and account notification)", - "privilege": "DescribeEventAggregates", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/subscriptions/${SubscriptionDefinitionId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "subscriptionDefinition" }, { - "access_level": "Read", - "description": "Grants permission to retrieve detailed information about one or more specified events", - "privilege": "DescribeEventDetails", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "event*" - }, - { - "condition_keys": [ - "health:eventTypeCode", - "health:service" - ], - "dependent_actions": [], - "resource_type": "" - } - ] + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/subscriptions/${SubscriptionDefinitionId}/versions/${VersionId}", + "condition_keys": [], + "resource": "subscriptionDefinitionVersion" }, { - "access_level": "Read", - "description": "Grants permission to retrieve detailed information about one or more specified events for provided accounts in organization", - "privilege": "DescribeEventDetailsForOrganization", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "organizations:ListAccounts" - ], - "resource_type": "" - } - ] + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/loggers/${LoggerDefinitionId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "loggerDefinition" }, { - "access_level": "Read", - "description": "Grants permission to retrieve the event types that meet the specified filter criteria", - "privilege": "DescribeEventTypes", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/loggers/${LoggerDefinitionId}/versions/${VersionId}", + "condition_keys": [], + "resource": "loggerDefinitionVersion" }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about events that meet the specified filter criteria", - "privilege": "DescribeEvents", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/resources/${ResourceDefinitionId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "resourceDefinition" }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about events that meet the specified filter criteria in organization", - "privilege": "DescribeEventsForOrganization", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "organizations:ListAccounts" - ], - "resource_type": "" - } - ] + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/resources/${ResourceDefinitionId}/versions/${VersionId}", + "condition_keys": [], + "resource": "resourceDefinitionVersion" }, { - "access_level": "Read", - "description": "Grants permission to retrieve the status of enabling or disabling the Organizational View feature", - "privilege": "DescribeHealthServiceStatusForOrganization", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "organizations:ListAccounts" - ], - "resource_type": "" - } - ] + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/connectors/${ConnectorDefinitionId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "connectorDefinition" }, { - "access_level": "Permissions management", - "description": "Grants permission to disable the Organizational View feature", - "privilege": "DisableHealthServiceAccessForOrganization", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "organizations:DisableAWSServiceAccess", - "organizations:ListAccounts" - ], - "resource_type": "" - } - ] + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/connectors/${ConnectorDefinitionId}/versions/${VersionId}", + "condition_keys": [], + "resource": "connectorDefinitionVersion" }, { - "access_level": "Permissions management", - "description": "Grants permission to enable the Organizational View feature", - "privilege": "EnableHealthServiceAccessForOrganization", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "iam:CreateServiceLinkedRole", - "organizations:EnableAWSServiceAccess", - "organizations:ListAccounts" - ], - "resource_type": "" - } - ] - } - ], - "resources": [ + "arn": "arn:${Partition}:iot:${Region}:${Account}:thing/${ThingName}", + "condition_keys": [], + "resource": "thing" + }, { - "arn": "arn:${Partition}:health:*::event/${Service}/${EventTypeCode}/*", + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/things/${ThingName}/runtimeconfig", "condition_keys": [], - "resource": "event" + "resource": "thingRuntimeConfig" } ], - "service_name": "AWS Health APIs and Notifications" + "service_name": "AWS IoT Greengrass" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request", + "description": "Filters access by checking tag key/value pairs included in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs attached to the resource", + "description": "Filters access by checking tag key/value pairs associated with a specific resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by the presence of tag keys in the request", + "description": "Filters access by checking tag keys passed in the request", "type": "ArrayOfString" } ], - "prefix": "healthlake", + "prefix": "greengrass", "privileges": [ { - "access_level": "Write", - "description": "Grants permission to cancel an on going FHIR Export job with Delete", - "privilege": "CancelFHIRExportJobWithDelete", + "access_level": "Permissions management", + "description": "Grants permission to associate a role with your account. AWS IoT Greengrass uses this role to access your Lambda functions and AWS IoT resources", + "privilege": "AssociateServiceRoleToAccount", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "datastore*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a datastore that can ingest and export FHIR data", - "privilege": "CreateFHIRDatastore", - "resource_types": [ - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "dependent_actions": [ + "iam:PassRole" ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create resource", - "privilege": "CreateResource", + "description": "Grants permission to associate a list of client devices with a core device", + "privilege": "BatchAssociateClientDeviceWithCoreDevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datastore*" + "resource_type": "coreDevice*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a datastore", - "privilege": "DeleteFHIRDatastore", + "description": "Grants permission to disassociate a list of client devices from a core device", + "privilege": "BatchDisassociateClientDeviceFromCoreDevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datastore*" + "resource_type": "coreDevice*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete resource", - "privilege": "DeleteResource", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "datastore*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get the properties associated with the FHIR datastore, including the datastore ID, datastore ARN, datastore name, datastore status, created at, datastore type version, and datastore endpoint", - "privilege": "DescribeFHIRDatastore", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "datastore*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to display the properties of a FHIR export job, including the ID, ARN, name, and the status of the datastore", - "privilege": "DescribeFHIRExportJob", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "datastore*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to display the properties of a FHIR export job, including the ID, ARN, name, and the status of the datastore with Get", - "privilege": "DescribeFHIRExportJobWithGet", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "datastore*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to display the properties of a FHIR import job, including the ID, ARN, name, and the status of the datastore", - "privilege": "DescribeFHIRImportJob", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "datastore*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get the capabilities of a FHIR datastore", - "privilege": "GetCapabilities", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "datastore*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to access exported files from a FHIR Export job initiated with Get", - "privilege": "GetExportedFile", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "datastore*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to read resource history", - "privilege": "GetHistoryByResourceId", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "datastore*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list all FHIR datastores that are in the user's account, regardless of datastore status", - "privilege": "ListFHIRDatastores", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to get a list of export jobs for the specified datastore", - "privilege": "ListFHIRExportJobs", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "datastore*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to get a list of import jobs for the specified datastore", - "privilege": "ListFHIRImportJobs", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "datastore*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to get a list of tags for the specified datastore", - "privilege": "ListTagsForResource", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "datastore" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to read resource", - "privilege": "ReadResource", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "datastore*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to search all resources related to a patient", - "privilege": "SearchEverything", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "datastore*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to search resources with GET method", - "privilege": "SearchWithGet", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "datastore*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to search resources with POST method", - "privilege": "SearchWithPost", + "description": "Grants permission to cancel a deployment", + "privilege": "CancelDeployment", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "datastore*" + "dependent_actions": [ + "iot:CancelJob", + "iot:DeleteThingShadow", + "iot:DescribeJob", + "iot:DescribeThing", + "iot:DescribeThingGroup", + "iot:GetThingShadow", + "iot:UpdateJob", + "iot:UpdateThingShadow" + ], + "resource_type": "deployment*" } ] }, { "access_level": "Write", - "description": "Grants permission to begin a FHIR Export job", - "privilege": "StartFHIRExportJob", + "description": "Grants permission to create a component", + "privilege": "CreateComponentVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datastore*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to begin a FHIR Export job with Get", - "privilege": "StartFHIRExportJobWithGet", - "resource_types": [ + "resource_type": "component*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "datastore*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to begin a FHIR Export job with Post", - "privilege": "StartFHIRExportJobWithPost", + "description": "Grants permission to create a deployment", + "privilege": "CreateDeployment", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "datastore*" + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "iot:CancelJob", + "iot:CreateJob", + "iot:DeleteThingShadow", + "iot:DescribeJob", + "iot:DescribeThing", + "iot:DescribeThingGroup", + "iot:GetThingShadow", + "iot:UpdateJob", + "iot:UpdateThingShadow" + ], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to begin a FHIR Import job", - "privilege": "StartFHIRImportJob", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "datastore*" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to add tags to a datastore", - "privilege": "TagResource", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "datastore" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}" - ], + "description": "Grants permission to delete a component", + "privilege": "DeleteComponent", + "resource_types": [ + { + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "componentVersion*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags associated with a datastore", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to delete a AWS IoT Greengrass core device, which is an AWS IoT thing. This operation removes the core device from the list of core devices. This operation doesn't delete the AWS IoT thing", + "privilege": "DeleteCoreDevice", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "datastore" - }, - { - "condition_keys": [ - "aws:TagKeys" + "dependent_actions": [ + "iot:DescribeJobExecution" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "coreDevice*" } ] }, { "access_level": "Write", - "description": "Grants permission to update resource", - "privilege": "UpdateResource", + "description": "Grants permission to delete a deployment. To delete an active deployment, it needs to be cancelled first", + "privilege": "DeleteDeployment", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "datastore*" + "dependent_actions": [ + "iot:DeleteJob" + ], + "resource_type": "deployment*" } ] }, { "access_level": "Read", - "description": "Grants permission to read version of a resource", - "privilege": "VersionReadResource", + "description": "Grants permission to retrieve metadata for a version of a component", + "privilege": "DescribeComponent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datastore*" + "resource_type": "componentVersion*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:healthlake:${Region}:${Account}:datastore/fhir/${DatastoreId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "datastore" - } - ], - "service_name": "AWS HealthLake" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs attached to the resource", - "type": "String" }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the presence of tag keys in the request", - "type": "ArrayOfString" - } - ], - "prefix": "healthlake", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to create a datastore that can ingest and export FHIR data", - "privilege": "CreateFHIRDatastore", + "description": "Grants permission to disassociate the service role from an account. Without a service role, deployments will not work", + "privilege": "DisassociateServiceRoleFromAccount", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create resource", - "privilege": "CreateResource", + "access_level": "Read", + "description": "Grants permission to get the recipe for a version of a component", + "privilege": "GetComponent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datastore*" + "resource_type": "componentVersion*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a datastore", - "privilege": "DeleteFHIRDatastore", + "access_level": "Read", + "description": "Grants permission to get the pre-signed URL to download a public component artifact", + "privilege": "GetComponentVersionArtifact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datastore*" + "resource_type": "componentVersion*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete resource", - "privilege": "DeleteResource", + "access_level": "Read", + "description": "Grants permission to retrieve the connectivity information for a Greengrass core device", + "privilege": "GetConnectivityInfo", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "datastore*" + "dependent_actions": [ + "iot:GetThingShadow" + ], + "resource_type": "connectivityInfo*" } ] }, { "access_level": "Read", - "description": "Grants permission to get the properties associated with the FHIR datastore, including the datastore ID, datastore ARN, datastore name, datastore status, created at, datastore type version, and datastore endpoint", - "privilege": "DescribeFHIRDatastore", + "description": "Grants permission to retrieves metadata for a AWS IoT Greengrass core device", + "privilege": "GetCoreDevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datastore*" + "resource_type": "coreDevice*" } ] }, { "access_level": "Read", - "description": "Grants permission to display the properties of a FHIR export job, including the ID, ARN, name, and the status of the datastore", - "privilege": "DescribeFHIRExportJob", + "description": "Grants permission to get a deployment", + "privilege": "GetDeployment", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "datastore*" + "dependent_actions": [ + "iot:DescribeJob", + "iot:DescribeThing", + "iot:DescribeThingGroup", + "iot:GetThingShadow" + ], + "resource_type": "deployment*" } ] }, { "access_level": "Read", - "description": "Grants permission to display the properties of a FHIR import job, including the ID, ARN, name, and the status of the datastore", - "privilege": "DescribeFHIRImportJob", + "description": "Grants permission to retrieve the service role that is attached to an account", + "privilege": "GetServiceRoleForAccount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datastore*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the capabilities of a FHIR datastore", - "privilege": "GetCapabilities", + "access_level": "List", + "description": "Grants permission to retrieve a paginated list of client devices associated to a AWS IoT Greengrass core device", + "privilege": "ListClientDevicesAssociatedWithCoreDevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datastore*" + "resource_type": "coreDevice*" } ] }, { "access_level": "List", - "description": "Grants permission to list all FHIR datastores that are in the user\u2019s account, regardless of datastore status", - "privilege": "ListFHIRDatastores", + "description": "Grants permission to retrieve a paginated list of all versions for a component", + "privilege": "ListComponentVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "component*" } ] }, { "access_level": "List", - "description": "Grants permission to get a list of export jobs for the specified datastore", - "privilege": "ListFHIRExportJobs", + "description": "Grants permission to retrieve a paginated list of component summaries", + "privilege": "ListComponents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datastore*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to get a list of import jobs for the specified datastore", - "privilege": "ListFHIRImportJobs", + "description": "Grants permission to retrieve a paginated list of AWS IoT Greengrass core devices", + "privilege": "ListCoreDevices", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datastore*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a list of tags for the specified datastore", - "privilege": "ListTagsForResource", + "access_level": "List", + "description": "Grants permission to retrieves a paginated list of deployments", + "privilege": "ListDeployments", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "datastore" + "dependent_actions": [ + "iot:DescribeJob", + "iot:DescribeThing", + "iot:DescribeThingGroup", + "iot:GetThingShadow" + ], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to read resource", - "privilege": "ReadResource", + "access_level": "List", + "description": "Grants permission to retrieves a paginated list of deployment jobs that AWS IoT Greengrass sends to AWS IoT Greengrass core devices", + "privilege": "ListEffectiveDeployments", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "datastore*" + "dependent_actions": [ + "iot:DescribeJob", + "iot:DescribeJobExecution", + "iot:DescribeThing", + "iot:DescribeThingGroup", + "iot:GetThingShadow" + ], + "resource_type": "coreDevice*" } ] }, { - "access_level": "Read", - "description": "Grants permission to search resources with GET method", - "privilege": "SearchWithGet", + "access_level": "List", + "description": "Grants permission to retrieve a paginated list of the components that a AWS IoT Greengrass core device runs", + "privilege": "ListInstalledComponents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datastore*" + "resource_type": "coreDevice*" } ] }, { "access_level": "Read", - "description": "Grants permission to search resources with POST method", - "privilege": "SearchWithPost", + "description": "Grants permission to list the tags for a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datastore*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to begin a FHIR Export job", - "privilege": "StartFHIRExportJob", - "resource_types": [ + "resource_type": "component" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "datastore*" + "resource_type": "componentVersion" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "coreDevice" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "deployment" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to begin a FHIR Import job", - "privilege": "StartFHIRImportJob", + "access_level": "List", + "description": "Grants permission to list components that meet the component, version, and platform requirements of a deployment", + "privilege": "ResolveComponentCandidates", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datastore*" + "resource_type": "componentVersion*" } ] }, { "access_level": "Tagging", - "description": "Grants permission to add tags to a datastore", + "description": "Grants permission to add tags to a resource", "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datastore" + "resource_type": "component" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "componentVersion" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "coreDevice" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "deployment" }, { "condition_keys": [ - "aws:TagKeys", "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -154924,16 +159195,32 @@ }, { "access_level": "Tagging", - "description": "Grants permission to remove tags associated with a datastore", + "description": "Grants permission to remove tags from a resource", "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datastore" + "resource_type": "component" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "componentVersion" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "coreDevice" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "deployment" }, { "condition_keys": [ + "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -154943,204 +159230,306 @@ }, { "access_level": "Write", - "description": "Grants permission to update resource", - "privilege": "UpdateResource", + "description": "Grants permission to update the connectivity information for a Greengrass core. Any devices that belong to the group that has this core will receive this information in order to find the location of the core and connect to it", + "privilege": "UpdateConnectivityInfo", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "datastore*" + "dependent_actions": [ + "iot:GetThingShadow", + "iot:UpdateThingShadow" + ], + "resource_type": "connectivityInfo*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:healthlake:${Region}:${AccountId}:datastore/fhir/${DatastoreId}", + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/things/${ThingName}/connectivityInfo", + "condition_keys": [], + "resource": "connectivityInfo" + }, + { + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:components:${ComponentName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "datastore" + "resource": "component" + }, + { + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:components:${ComponentName}:versions:${ComponentVersion}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "componentVersion" + }, + { + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:coreDevices:${CoreDeviceThingName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "coreDevice" + }, + { + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:deployments:${DeploymentId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "deployment" } ], - "service_name": "Amazon HealthLake" + "service_name": "AWS IoT Greengrass V2" }, { - "conditions": [], - "prefix": "honeycode", + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + }, + { + "condition": "groundstation:AgentId", + "description": "Filters access by the ID of an agent", + "type": "String" + }, + { + "condition": "groundstation:ConfigId", + "description": "Filters access by the ID of a config", + "type": "String" + }, + { + "condition": "groundstation:ConfigType", + "description": "Filters access by the type of a config", + "type": "String" + }, + { + "condition": "groundstation:ContactId", + "description": "Filters access by the ID of a contact", + "type": "String" + }, + { + "condition": "groundstation:DataflowEndpointGroupId", + "description": "Filters access by the ID of a dataflow endpoint group", + "type": "String" + }, + { + "condition": "groundstation:EphemerisId", + "description": "Filters access by the ID of an ephemeris", + "type": "String" + }, + { + "condition": "groundstation:GroundStationId", + "description": "Filters access by the ID of a ground station", + "type": "String" + }, + { + "condition": "groundstation:MissionProfileId", + "description": "Filters access by the ID of a mission profile", + "type": "String" + }, + { + "condition": "groundstation:SatelliteId", + "description": "Filters access by the ID of a satellite", + "type": "String" + } + ], + "prefix": "groundstation", "privileges": [ { "access_level": "Write", - "description": "Grants permission to approve a team association request for your AWS Account", - "privilege": "ApproveTeamAssociation", + "description": "Grants permission to cancel a contact", + "privilege": "CancelContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Contact*" } ] }, { "access_level": "Write", - "description": "Grants permission to create new rows in a table", - "privilege": "BatchCreateTableRows", + "description": "Grants permission to create a configuration", + "privilege": "CreateConfig", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete rows from a table", - "privilege": "BatchDeleteTableRows", + "description": "Grants permission to create a data flow endpoint group", + "privilege": "CreateDataflowEndpointGroup", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update rows in a table", - "privilege": "BatchUpdateTableRows", + "description": "Grants permission to create an ephemeris item", + "privilege": "CreateEphemeris", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to upsert rows in a table", - "privilege": "BatchUpsertTableRows", + "description": "Grants permission to create a mission profile", + "privilege": "CreateMissionProfile", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new Amazon Honeycode team for your AWS Account", - "privilege": "CreateTeam", + "description": "Grants permission to delete a config", + "privilege": "DeleteConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Config*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new tenant within Amazon Honeycode for your AWS Account", - "privilege": "CreateTenant", + "description": "Grants permission to delete a data flow endpoint group", + "privilege": "DeleteDataflowEndpointGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "DataflowEndpointGroup*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete Amazon Honeycode domains for your AWS Account", - "privilege": "DeleteDomains", + "description": "Grants permission to delete an ephemeris item", + "privilege": "DeleteEphemeris", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "EphemerisItem*" } ] }, { "access_level": "Write", - "description": "Grants permission to remove groups from an Amazon Honeycode team for your AWS Account", - "privilege": "DeregisterGroups", + "description": "Grants permission to delete a mission profile", + "privilege": "DeleteMissionProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "MissionProfile*" } ] }, { "access_level": "Read", - "description": "Grants permission to get details about a table data import job", - "privilege": "DescribeTableDataImportJob", + "description": "Grants permission to describe a contact", + "privilege": "DescribeContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "Contact*" } ] }, { "access_level": "Read", - "description": "Grants permission to get details about Amazon Honeycode teams for your AWS Account", - "privilege": "DescribeTeam", + "description": "Grants permission to describe an ephemeris item", + "privilege": "DescribeEphemeris", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "EphemerisItem*" } ] }, { "access_level": "Read", - "description": "Grants permission to load the data from a screen", - "privilege": "GetScreenData", + "description": "Grants permission to get the configuration of an agent", + "privilege": "GetAgentConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "screen*" + "resource_type": "Agent*" } ] }, { - "access_level": "Write", - "description": "Grants permission to invoke a screen automation", - "privilege": "InvokeScreenAutomation", + "access_level": "Read", + "description": "Grants permission to return a configuration", + "privilege": "GetConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "screen-automation*" + "resource_type": "Config*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all Amazon Honeycode domains and their verification status for your AWS Account", - "privilege": "ListDomains", + "access_level": "Read", + "description": "Grants permission to return a data flow endpoint group", + "privilege": "GetDataflowEndpointGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "DataflowEndpointGroup*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all groups in an Amazon Honeycode team for your AWS Account", - "privilege": "ListGroups", + "access_level": "Read", + "description": "Grants permission to return minutes usage", + "privilege": "GetMinuteUsage", "resource_types": [ { "condition_keys": [], @@ -155150,45 +159539,45 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the columns in a table", - "privilege": "ListTableColumns", + "access_level": "Read", + "description": "Grants permission to retrieve a mission profile", + "privilege": "GetMissionProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "MissionProfile*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the rows in a table", - "privilege": "ListTableRows", + "access_level": "Read", + "description": "Grants permission to return information about a satellite", + "privilege": "GetSatellite", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "Satellite*" } ] }, { "access_level": "List", - "description": "Grants permission to list the tables in a workbook", - "privilege": "ListTables", + "description": "Grants permission to return a list of past configurations", + "privilege": "ListConfigs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workbook*" + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to list all tags for a resource", - "privilege": "ListTagsForResource", + "access_level": "List", + "description": "Grants permission to return a list of contacts", + "privilege": "ListContacts", "resource_types": [ { "condition_keys": [], @@ -155199,8 +159588,8 @@ }, { "access_level": "List", - "description": "Grants permission to list all pending and approved team associations with your AWS Account", - "privilege": "ListTeamAssociations", + "description": "Grants permission to list data flow endpoint groups", + "privilege": "ListDataflowEndpointGroups", "resource_types": [ { "condition_keys": [], @@ -155211,8 +159600,8 @@ }, { "access_level": "List", - "description": "Grants permission to list all tenants of Amazon Honeycode for your AWS Account", - "privilege": "ListTenants", + "description": "Grants permission to list ephemerides", + "privilege": "ListEphemerides", "resource_types": [ { "condition_keys": [], @@ -155222,21 +159611,21 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to query the rows of a table using a filter", - "privilege": "QueryTableRows", + "access_level": "List", + "description": "Grants permission to list ground stations", + "privilege": "ListGroundStations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to request verification of the Amazon Honeycode domains for your AWS Account", - "privilege": "RegisterDomainForVerification", + "access_level": "List", + "description": "Grants permission to return a list of mission profiles", + "privilege": "ListMissionProfiles", "resource_types": [ { "condition_keys": [], @@ -155246,9 +159635,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to add groups to an Amazon Honeycode team for your AWS Account", - "privilege": "RegisterGroups", + "access_level": "List", + "description": "Grants permission to list satellites", + "privilege": "ListSatellites", "resource_types": [ { "condition_keys": [], @@ -155258,21 +159647,36 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to reject a team association request for your AWS Account", - "privilege": "RejectTeamAssociation", + "access_level": "Read", + "description": "Grants permission to list tags for a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Config" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Contact" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "DataflowEndpointGroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "MissionProfile" } ] }, { "access_level": "Write", - "description": "Grants permission to restart verification of the Amazon Honeycode domains for your AWS Account", - "privilege": "RestartDomainVerification", + "description": "Grants permission to register an agent", + "privilege": "RegisterAgent", "resource_types": [ { "condition_keys": [], @@ -155283,277 +159687,353 @@ }, { "access_level": "Write", - "description": "Grants permission to start a table data import job", - "privilege": "StartTableDataImportJob", + "description": "Grants permission to reserve a contact", + "privilege": "ReserveContact", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "" } ] }, { "access_level": "Tagging", - "description": "Grants permission to tag a resource", + "description": "Grants permission to assign a resource tag", "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "Config" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Contact" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "DataflowEndpointGroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "EphemerisItem" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "MissionProfile" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Tagging", - "description": "Grants permission to untag a resource", + "description": "Grants permission to unassign a resource tag", "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "Config" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Contact" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "DataflowEndpointGroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "EphemerisItem" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "MissionProfile" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update an Amazon Honeycode team for your AWS Account", - "privilege": "UpdateTeam", + "description": "Grants permission to update the status of an agent", + "privilege": "UpdateAgentStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Agent*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:honeycode:${Region}:${Account}:workbook:workbook/${WorkbookId}", - "condition_keys": [], - "resource": "workbook" }, { - "arn": "arn:${Partition}:honeycode:${Region}:${Account}:table:workbook/${WorkbookId}/table/${TableId}", - "condition_keys": [], - "resource": "table" + "access_level": "Write", + "description": "Grants permission to update a configuration", + "privilege": "UpdateConfig", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Config*" + } + ] }, { - "arn": "arn:${Partition}:honeycode:${Region}:${Account}:screen:workbook/${WorkbookId}/app/${AppId}/screen/${ScreenId}", - "condition_keys": [], - "resource": "screen" + "access_level": "Write", + "description": "Grants permission to update an ephemeris item", + "privilege": "UpdateEphemeris", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "EphemerisItem*" + } + ] }, { - "arn": "arn:${Partition}:honeycode:${Region}:${Account}:screen-automation:workbook/${WorkbookId}/app/${AppId}/screen/${ScreenId}/automation/${AutomationId}", - "condition_keys": [], - "resource": "screen-automation" + "access_level": "Write", + "description": "Grants permission to update a mission profile", + "privilege": "UpdateMissionProfile", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "MissionProfile*" + } + ] } ], - "service_name": "Amazon Honeycode" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access based on the tags that are passed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access based on the tags associated with the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access based on the tag keys that are passed in the request", - "type": "ArrayOfString" - }, - { - "condition": "iam:AWSServiceName", - "description": "Filters access by the AWS service to which this role is attached", - "type": "String" - }, - { - "condition": "iam:AssociatedResourceArn", - "description": "Filters access by the resource that the role will be used on behalf of", - "type": "ARN" - }, - { - "condition": "iam:FIDO-FIPS-140-2-certification", - "description": "Filters access by the MFA device FIPS-140-2 validation certification level at the time of registration of a FIDO security key", - "type": "String" - }, + "resources": [ { - "condition": "iam:FIDO-FIPS-140-3-certification", - "description": "Filters access by the MFA device FIPS-140-3 validation certification level at the time of registration of a FIDO security key", - "type": "String" + "arn": "arn:${Partition}:groundstation:${Region}:${Account}:config/${ConfigType}/${ConfigId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "groundstation:ConfigId", + "groundstation:ConfigType" + ], + "resource": "Config" }, { - "condition": "iam:FIDO-certification", - "description": "Filters access by the MFA device FIDO certification level at the time of registration of a FIDO security key", - "type": "String" + "arn": "arn:${Partition}:groundstation:${Region}:${Account}:contact/${ContactId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "groundstation:ContactId" + ], + "resource": "Contact" }, { - "condition": "iam:OrganizationsPolicyId", - "description": "Filters access by the ID of an AWS Organizations policy", - "type": "String" + "arn": "arn:${Partition}:groundstation:${Region}:${Account}:dataflow-endpoint-group/${DataflowEndpointGroupId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "groundstation:DataflowEndpointGroupId" + ], + "resource": "DataflowEndpointGroup" }, { - "condition": "iam:PassedToService", - "description": "Filters access by the AWS service to which this role is passed", - "type": "String" + "arn": "arn:${Partition}:groundstation:${Region}:${Account}:ephemeris/${EphemerisId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "groundstation:EphemerisId" + ], + "resource": "EphemerisItem" }, { - "condition": "iam:PermissionsBoundary", - "description": "Filters access if the specified policy is set as the permissions boundary on the IAM entity (user or role)", - "type": "ARN" + "arn": "arn:${Partition}:groundstation:${Region}:${Account}:groundstation:${GroundStationId}", + "condition_keys": [ + "groundstation:GroundStationId" + ], + "resource": "GroundStationResource" }, { - "condition": "iam:PolicyARN", - "description": "Filters access by the ARN of an IAM policy", - "type": "ARN" + "arn": "arn:${Partition}:groundstation:${Region}:${Account}:mission-profile/${MissionProfileId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "groundstation:MissionProfileId" + ], + "resource": "MissionProfile" }, { - "condition": "iam:RegisterSecurityKey", - "description": "Filters access by the current state of MFA device enablement", - "type": "String" + "arn": "arn:${Partition}:groundstation:${Region}:${Account}:satellite/${SatelliteId}", + "condition_keys": [ + "groundstation:SatelliteId" + ], + "resource": "Satellite" }, { - "condition": "iam:ResourceTag/${TagKey}", - "description": "Filters access by the tags attached to an IAM entity (user or role)", - "type": "String" + "arn": "arn:${Partition}:groundstation:${Region}:${Account}:agent/${AgentId}", + "condition_keys": [ + "groundstation:AgentId" + ], + "resource": "Agent" } ], - "prefix": "iam", + "service_name": "AWS Ground Station" + }, + { + "conditions": [], + "prefix": "groundtruthlabeling", "privileges": [ { "access_level": "Write", - "description": "Grants permission to add a new client ID (audience) to the list of registered IDs for the specified IAM OpenID Connect (OIDC) provider resource", - "privilege": "AddClientIDToOpenIDConnectProvider", + "description": "Grants permission to associate a patch file with the manifest file to update the manifest file", + "privilege": "AssociatePatchToManifestJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "oidc-provider*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to add an IAM role to the specified instance profile", - "privilege": "AddRoleToInstanceProfile", + "description": "Grants permission to create a GT+ Batch", + "privilege": "CreateBatch", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:PassRole" - ], - "resource_type": "instance-profile*" + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to add an IAM user to the specified IAM group", - "privilege": "AddUserToGroup", + "description": "Grants permission to create intake form", + "privilege": "CreateIntakeForm", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" + "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to attach a managed policy to the specified IAM group", - "privilege": "AttachGroupPolicy", + "access_level": "Write", + "description": "Grants permission to create a GT+ Project", + "privilege": "CreateProject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a GT+ Workflow Definition", + "privilege": "CreateWorkflowDefinition", + "resource_types": [ { - "condition_keys": [ - "iam:PolicyARN" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to attach a managed policy to the specified IAM role", - "privilege": "AttachRolePolicy", + "access_level": "Read", + "description": "Grants permission to get status of GroundTruthLabeling Jobs", + "privilege": "DescribeConsoleJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "role*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to generate LiDAR Preview Task", + "privilege": "GenerateLIDARPreviewTaskConfigJob", + "resource_types": [ { - "condition_keys": [ - "iam:PolicyARN", - "iam:PermissionsBoundary" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to attach a managed policy to the specified IAM user", - "privilege": "AttachUserPolicy", + "access_level": "Read", + "description": "Grants permission to get a GT+ Batch", + "privilege": "GetBatch", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a intake forms", + "privilege": "GetIntakeFormStatus", + "resource_types": [ { - "condition_keys": [ - "iam:PolicyARN", - "iam:PermissionsBoundary" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to an IAM user to change their own password", - "privilege": "ChangePassword", + "access_level": "Read", + "description": "Grants permission to list a GT+ Batchs", + "privilege": "ListBatches", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create access key and secret access key for the specified IAM user", - "privilege": "CreateAccessKey", + "access_level": "Read", + "description": "Grants permission to list dataset objects in a manifest file", + "privilege": "ListDatasetObjects", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an alias for your AWS account", - "privilege": "CreateAccountAlias", + "access_level": "Read", + "description": "Grants permission to list a GT+ Projects", + "privilege": "ListProjects", "resource_types": [ { "condition_keys": [], @@ -155564,115 +160044,142 @@ }, { "access_level": "Write", - "description": "Grants permission to create a new group", - "privilege": "CreateGroup", + "description": "Grants permission to filter records from a manifest file using S3 select. Get sample entries based on random sampling", + "privilege": "RunFilterOrSampleDatasetJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new instance profile", - "privilege": "CreateInstanceProfile", + "description": "Grants permission to list a S3 prefix and create manifest files from objects in that location", + "privilege": "RunGenerateManifestByCrawlingJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance-profile*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a password for the specified IAM user", - "privilege": "CreateLoginProfile", + "description": "Grants permission to generate metrics from objects in manifest", + "privilege": "RunGenerateManifestMetricsJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create an IAM resource that describes an identity provider (IdP) that supports OpenID Connect (OIDC)", - "privilege": "CreateOpenIDConnectProvider", + "description": "Grants permission to update a GT+ Batch", + "privilege": "UpdateBatch", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "oidc-provider*" - }, + "resource_type": "" + } + ] + } + ], + "resources": [], + "service_name": "Amazon GroundTruth Labeling" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by tag keys in the request", + "type": "ArrayOfString" + } + ], + "prefix": "guardduty", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to accept invitations to become a GuardDuty member account", + "privilege": "AcceptAdministratorInvitation", + "resource_types": [ { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to create a new managed policy", - "privilege": "CreatePolicy", + "access_level": "Write", + "description": "Grants permission to accept invitations to become a GuardDuty member account", + "privilege": "AcceptInvitation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to archive GuardDuty findings", + "privilege": "ArchiveFindings", + "resource_types": [ { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to create a new version of the specified managed policy", - "privilege": "CreatePolicyVersion", + "access_level": "Write", + "description": "Grants permission to create a detector", + "privilege": "CreateDetector", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "policy*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new role", - "privilege": "CreateRole", + "description": "Grants permission to create GuardDuty filters. A filters defines finding attributes and conditions used to filter findings", + "privilege": "CreateFilter", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "role*" + "resource_type": "filter*" }, { "condition_keys": [ - "iam:PermissionsBoundary", - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -155681,37 +160188,33 @@ }, { "access_level": "Write", - "description": "Grants permission to create an IAM resource that describes an identity provider (IdP) that supports SAML 2.0", - "privilege": "CreateSAMLProvider", + "description": "Grants permission to create an IPSet", + "privilege": "CreateIPSet", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "saml-provider*" - }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "iam:DeleteRolePolicy", + "iam:PutRolePolicy" ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create an IAM role that allows an AWS service to perform actions on your behalf", - "privilege": "CreateServiceLinkedRole", + "description": "Grants permission to create a new Malware Protection plan", + "privilege": "CreateMalwareProtectionPlan", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "role*" - }, { "condition_keys": [ - "iam:AWSServiceName" + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -155720,85 +160223,101 @@ }, { "access_level": "Write", - "description": "Grants permission to create a new service-specific credential for an IAM user", - "privilege": "CreateServiceSpecificCredential", + "description": "Grants permission to create GuardDuty member accounts, where the account used to create a member becomes the GuardDuty administrator account", + "privilege": "CreateMembers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new IAM user", - "privilege": "CreateUser", + "description": "Grants permission to create a publishing destination", + "privilege": "CreatePublishingDestination", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "user*" - }, { "condition_keys": [ - "iam:PermissionsBoundary", - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "s3:GetObject", + "s3:ListBucket" ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new virtual MFA device", - "privilege": "CreateVirtualMFADevice", + "description": "Grants permission to create sample findings", + "privilege": "CreateSampleFindings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "mfa*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create GuardDuty ThreatEntitySets, where a ThreatEntitySet consists of known malicious IP addresses and/or domains used by GuardDuty to generate findings", + "privilege": "CreateThreatEntitySet", + "resource_types": [ { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "s3:GetObject" ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to deactivate the specified MFA device and remove its association with the IAM user for which it was originally enabled", - "privilege": "DeactivateMFADevice", + "description": "Grants permission to create GuardDuty ThreatIntelSets, where a ThreatIntelSet consists of known malicious IP addresses used by GuardDuty to generate findings", + "privilege": "CreateThreatIntelSet", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the access key pair that is associated with the specified IAM user", - "privilege": "DeleteAccessKey", + "description": "Grants permission to create a TrustedEntitySet", + "privilege": "CreateTrustedEntitySet", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "user*" + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "s3:GetObject" + ], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the specified AWS account alias", - "privilege": "DeleteAccountAlias", + "description": "Grants permission to decline invitations to become a GuardDuty member account", + "privilege": "DeclineInvitations", "resource_types": [ { "condition_keys": [], @@ -155808,365 +160327,309 @@ ] }, { - "access_level": "Permissions management", - "description": "Grants permission to delete the password policy for the AWS account", - "privilege": "DeleteAccountPasswordPolicy", + "access_level": "Write", + "description": "Grants permission to delete GuardDuty detectors", + "privilege": "DeleteDetector", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "detector*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an existing CloudFront public key", - "privilege": "DeleteCloudFrontPublicKey", + "description": "Grants permission to delete GuardDuty filters", + "privilege": "DeleteFilter", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "filter*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the specified IAM group", - "privilege": "DeleteGroup", + "description": "Grants permission to delete GuardDuty IPSets", + "privilege": "DeleteIPSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" + "resource_type": "ipset*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to delete the specified inline policy from its group", - "privilege": "DeleteGroupPolicy", + "access_level": "Write", + "description": "Grants permission to delete invitations to become a GuardDuty member account", + "privilege": "DeleteInvitations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the specified instance profile", - "privilege": "DeleteInstanceProfile", + "description": "Grants permission to delete a Malware Protection plan", + "privilege": "DeleteMalwareProtectionPlan", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance-profile*" + "resource_type": "malwareprotectionplan*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the password for the specified IAM user", - "privilege": "DeleteLoginProfile", + "description": "Grants permission to delete GuardDuty member accounts", + "privilege": "DeleteMembers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an OpenID Connect identity provider (IdP) resource object in IAM", - "privilege": "DeleteOpenIDConnectProvider", + "description": "Grants permission to delete a publishing destination", + "privilege": "DeletePublishingDestination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "oidc-provider*" + "resource_type": "publishingDestination*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to delete the specified managed policy and remove it from any IAM entities (users, groups, or roles) to which it is attached", - "privilege": "DeletePolicy", + "access_level": "Write", + "description": "Grants permission to delete GuardDuty ThreatEntitySets", + "privilege": "DeleteThreatEntitySet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" + "resource_type": "threatentityset*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to delete a version from the specified managed policy", - "privilege": "DeletePolicyVersion", + "access_level": "Write", + "description": "Grants permission to delete GuardDuty ThreatIntelSets", + "privilege": "DeleteThreatIntelSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" + "resource_type": "threatintelset*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the specified role", - "privilege": "DeleteRole", + "description": "Grants permission to delete GuardDuty TrustedEntitySets", + "privilege": "DeleteTrustedEntitySet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "role*" + "resource_type": "trustedentityset*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to remove the permissions boundary from a role", - "privilege": "DeleteRolePermissionsBoundary", + "access_level": "Read", + "description": "Grants permission to retrieve details about malware scans", + "privilege": "DescribeMalwareScans", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "role*" - }, - { - "condition_keys": [ - "iam:PermissionsBoundary" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to delete the specified inline policy from the specified role", - "privilege": "DeleteRolePolicy", + "access_level": "Read", + "description": "Grants permission to retrieve details about the delegated administrator associated with a GuardDuty detector", + "privilege": "DescribeOrganizationConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "role*" - }, - { - "condition_keys": [ - "iam:PermissionsBoundary" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a SAML provider resource in IAM", - "privilege": "DeleteSAMLProvider", + "access_level": "Read", + "description": "Grants permission to retrieve details about a publishing destination", + "privilege": "DescribePublishingDestination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "saml-provider*" + "resource_type": "publishingDestination*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the specified SSH public key", - "privilege": "DeleteSSHPublicKey", + "description": "Grants permission to disable the organization delegated administrator for GuardDuty", + "privilege": "DisableOrganizationAdminAccount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the specified server certificate", - "privilege": "DeleteServerCertificate", + "description": "Grants permission to disassociate a GuardDuty member account from its GuardDuty administrator account", + "privilege": "DisassociateFromAdministratorAccount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "server-certificate*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an IAM role that is linked to a specific AWS service, if the service is no longer using it", - "privilege": "DeleteServiceLinkedRole", + "description": "Grants permission to disassociate a GuardDuty member account from its GuardDuty administrator account", + "privilege": "DisassociateFromMasterAccount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "role*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the specified service-specific credential for an IAM user", - "privilege": "DeleteServiceSpecificCredential", + "description": "Grants permission to disassociate GuardDuty member accounts from their administrator GuardDuty account", + "privilege": "DisassociateMembers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a signing certificate that is associated with the specified IAM user", - "privilege": "DeleteSigningCertificate", + "description": "Grants permission to enable an organization delegated administrator for GuardDuty", + "privilege": "EnableOrganizationAdminAccount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified IAM user", - "privilege": "DeleteUser", + "access_level": "Read", + "description": "Grants permission to retrieve details of the GuardDuty administrator account associated with a member account", + "privilege": "GetAdministratorAccount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to remove the permissions boundary from the specified IAM user", - "privilege": "DeleteUserPermissionsBoundary", + "access_level": "Read", + "description": "Grants permission to list Amazon GuardDuty coverage statistics for the specified GuardDuty account in a Region", + "privilege": "GetCoverageStatistics", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" - }, - { - "condition_keys": [ - "iam:PermissionsBoundary" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "detector*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to delete the specified inline policy from an IAM user", - "privilege": "DeleteUserPolicy", + "access_level": "Read", + "description": "Grants permission to retrieve GuardDuty detectors", + "privilege": "GetDetector", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" - }, - { - "condition_keys": [ - "iam:PermissionsBoundary" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "detector*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a virtual MFA device", - "privilege": "DeleteVirtualMFADevice", + "access_level": "Read", + "description": "Grants permission to retrieve GuardDuty filters", + "privilege": "GetFilter", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "mfa" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "sms-mfa" + "resource_type": "filter*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to detach a managed policy from the specified IAM group", - "privilege": "DetachGroupPolicy", + "access_level": "Read", + "description": "Grants permission to retrieve GuardDuty findings", + "privilege": "GetFindings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" - }, - { - "condition_keys": [ - "iam:PolicyARN" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to detach a managed policy from the specified role", - "privilege": "DetachRolePolicy", + "access_level": "Read", + "description": "Grants permission to retrieve a list of GuardDuty finding statistics", + "privilege": "GetFindingsStatistics", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "role*" - }, - { - "condition_keys": [ - "iam:PolicyARN", - "iam:PermissionsBoundary" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to detach a managed policy from the specified IAM user", - "privilege": "DetachUserPolicy", + "access_level": "Read", + "description": "Grants permission to retrieve GuardDuty IPSets", + "privilege": "GetIPSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" - }, - { - "condition_keys": [ - "iam:PolicyARN", - "iam:PermissionsBoundary" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "ipset*" } ] }, { - "access_level": "Write", - "description": "Grants permission to disable the management of member account root user credentials for an organization managed under the current account", - "privilege": "DisableOrganizationsRootCredentialsManagement", + "access_level": "Read", + "description": "Grants permission to retrieve the count of all GuardDuty invitations sent to a specified account, which does not include the accepted invitation", + "privilege": "GetInvitationsCount", "resource_types": [ { "condition_keys": [], @@ -156176,43 +160639,33 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to disable privileged root actions in member accounts for an organization managed under the current account", - "privilege": "DisableOrganizationsRootSessions", + "access_level": "Read", + "description": "Grants permission to retrieve a Malware Protection plan details", + "privilege": "GetMalwareProtectionPlan", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "malwareprotectionplan*" } ] }, { - "access_level": "Write", - "description": "Grants permission to enable an MFA device and associate it with the specified IAM user", - "privilege": "EnableMFADevice", + "access_level": "Read", + "description": "Grants permission to retrieve the malware scan settings", + "privilege": "GetMalwareScanSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" - }, - { - "condition_keys": [ - "iam:RegisterSecurityKey", - "iam:FIDO-FIPS-140-2-certification", - "iam:FIDO-FIPS-140-3-certification", - "iam:FIDO-certification" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to enable the management of member account root user credentials for an organization managed under the current account", - "privilege": "EnableOrganizationsRootCredentialsManagement", + "access_level": "Read", + "description": "Grants permission to retrieve details of the GuardDuty administrator account associated with a member account", + "privilege": "GetMasterAccount", "resource_types": [ { "condition_keys": [], @@ -156222,9 +160675,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to enable privileged root actions in member accounts for an organization managed under the current account", - "privilege": "EnableOrganizationsRootSessions", + "access_level": "Read", + "description": "Grants permission to describe which data sources are enabled for member accounts detectors", + "privilege": "GetMemberDetectors", "resource_types": [ { "condition_keys": [], @@ -156235,8 +160688,8 @@ }, { "access_level": "Read", - "description": "Grants permission to generate a credential report for the AWS account", - "privilege": "GenerateCredentialReport", + "description": "Grants permission to retrieve the member accounts associated with an administrator account", + "privilege": "GetMembers", "resource_types": [ { "condition_keys": [], @@ -156247,25 +160700,11 @@ }, { "access_level": "Read", - "description": "Grants permission to generate an access report for an AWS Organizations entity", - "privilege": "GenerateOrganizationsAccessReport", + "description": "Grants permission to retrieve GuardDuty protection plan coverage statistics for member accounts in a Region", + "privilege": "GetOrganizationStatistics", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "organizations:DescribePolicy", - "organizations:ListChildren", - "organizations:ListParents", - "organizations:ListPoliciesForTarget", - "organizations:ListRoots", - "organizations:ListTargetsForPolicy" - ], - "resource_type": "access-report*" - }, - { - "condition_keys": [ - "iam:OrganizationsPolicyId" - ], "dependent_actions": [], "resource_type": "" } @@ -156273,71 +160712,56 @@ }, { "access_level": "Read", - "description": "Grants permission to generate a service last accessed data report for an IAM resource", - "privilege": "GenerateServiceLastAccessedDetails", + "description": "Grants permission to provide the number of days left for each data source used in the free trial period", + "privilege": "GetRemainingFreeTrialDays", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "policy*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "role*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "user*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve information about when the specified access key was last used", - "privilege": "GetAccessKeyLastUsed", + "description": "Grants permission to retrieve GuardDuty ThreatEntitySets", + "privilege": "GetThreatEntitySet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "threatentityset*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve information about all IAM users, groups, roles, and policies in your AWS account, including their relationships to one another", - "privilege": "GetAccountAuthorizationDetails", + "description": "Grants permission to retrieve GuardDuty ThreatIntelSets", + "privilege": "GetThreatIntelSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "threatintelset*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the email address that is associated with the account", - "privilege": "GetAccountEmailAddress", + "description": "Grants permission to retrieve GuardDuty TrustedEntitySets", + "privilege": "GetTrustedEntitySet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "trustedentityset*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the account name that is associated with the account", - "privilege": "GetAccountName", + "description": "Grants permission to list Amazon GuardDuty usage statistics over the last 30 days for the specified detector ID", + "privilege": "GetUsageStatistics", "resource_types": [ { "condition_keys": [], @@ -156347,9 +160771,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the password policy for the AWS account", - "privilege": "GetAccountPasswordPolicy", + "access_level": "Write", + "description": "Grants permission to invite other AWS accounts to enable GuardDuty and become GuardDuty member accounts", + "privilege": "InviteMembers", "resource_types": [ { "condition_keys": [], @@ -156360,20 +160784,20 @@ }, { "access_level": "List", - "description": "Grants permission to retrieve information about IAM entity usage and IAM quotas in the AWS account", - "privilege": "GetAccountSummary", + "description": "Grants permission to list all the resource details for a given account in a Region", + "privilege": "ListCoverage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "detector*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about the specified CloudFront public key", - "privilege": "GetCloudFrontPublicKey", + "access_level": "List", + "description": "Grants permission to retrieve a list of GuardDuty detectors", + "privilege": "ListDetectors", "resource_types": [ { "condition_keys": [], @@ -156383,9 +160807,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a list of all of the context keys that are referenced in the specified policy", - "privilege": "GetContextKeysForCustomPolicy", + "access_level": "List", + "description": "Grants permission to retrieve a list of GuardDuty filters", + "privilege": "ListFilters", "resource_types": [ { "condition_keys": [], @@ -156395,31 +160819,21 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a list of all context keys that are referenced in all IAM policies that are attached to the specified IAM identity (user, group, or role)", - "privilege": "GetContextKeysForPrincipalPolicy", + "access_level": "List", + "description": "Grants permission to retrieve a list of GuardDuty findings", + "privilege": "ListFindings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "role" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "user" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a credential report for the AWS account", - "privilege": "GetCredentialReport", + "access_level": "List", + "description": "Grants permission to retrieve a list of GuardDuty IPSets", + "privilege": "ListIPSets", "resource_types": [ { "condition_keys": [], @@ -156429,81 +160843,116 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a list of IAM users in the specified IAM group", - "privilege": "GetGroup", + "access_level": "List", + "description": "Grants permission to retrieve a list of all of the GuardDuty membership invitations that were sent to an AWS account", + "privilege": "ListInvitations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve an inline policy document that is embedded in the specified IAM group", - "privilege": "GetGroupPolicy", + "access_level": "List", + "description": "Grants permission to retrieve a list of Malware Protection plans", + "privilege": "ListMalwareProtectionPlans", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about the specified instance profile, including the instance profile's path, GUID, ARN, and role", - "privilege": "GetInstanceProfile", + "access_level": "List", + "description": "Grants permission to retrieve a list of GuardDuty member accounts associated with an administrator account", + "privilege": "ListMembers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance-profile*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve the user name and password creation date for the specified IAM user", - "privilege": "GetLoginProfile", + "description": "Grants permission to list details about the organization delegated administrator for GuardDuty", + "privilege": "ListOrganizationAdminAccounts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about an MFA device for the specified user", - "privilege": "GetMFADevice", + "access_level": "List", + "description": "Grants permission to retrieve a list of publishing destinations", + "privilege": "ListPublishingDestinations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve information about the specified OpenID Connect (OIDC) provider resource in IAM", - "privilege": "GetOpenIDConnectProvider", + "description": "Grants permission to retrieve a list of tags associated with a GuardDuty resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "oidc-provider*" + "resource_type": "detector" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "filter" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ipset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "malwareprotectionplan" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "publishingDestination" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "threatentityset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "threatintelset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "trustedentityset" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve an AWS Organizations access report", - "privilege": "GetOrganizationsAccessReport", + "access_level": "List", + "description": "Grants permission to retrieve a list of GuardDuty ThreatEntitySets", + "privilege": "ListThreatEntitySets", "resource_types": [ { "condition_keys": [], @@ -156513,105 +160962,136 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about the specified managed policy, including the policy's default version and the total number of identities to which the policy is attached", - "privilege": "GetPolicy", + "access_level": "List", + "description": "Grants permission to retrieve a list of GuardDuty ThreatIntelSets", + "privilege": "ListThreatIntelSets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about a version of the specified managed policy, including the policy document", - "privilege": "GetPolicyVersion", + "access_level": "List", + "description": "Grants permission to retrieve a list of GuardDuty TrustedEntitySets", + "privilege": "ListTrustedEntitySets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about the specified role, including the role's path, GUID, ARN, and the role's trust policy", - "privilege": "GetRole", + "access_level": "Write", + "description": "Grants permission to send security telemetry for a specific GuardDuty account in a Region", + "privilege": "SendSecurityTelemetry", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "role*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve an inline policy document that is embedded with the specified IAM role", - "privilege": "GetRolePolicy", + "access_level": "Write", + "description": "Grants permission to initiate a new malware scan", + "privilege": "StartMalwareScan", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "role*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the SAML provider metadocument that was uploaded when the IAM SAML provider resource was created or updated", - "privilege": "GetSAMLProvider", + "access_level": "Write", + "description": "Grants permission to a GuardDuty administrator account to monitor findings from GuardDuty member accounts", + "privilege": "StartMonitoringMembers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "saml-provider*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the specified SSH public key, including metadata about the key", - "privilege": "GetSSHPublicKey", + "access_level": "Write", + "description": "Grants permission to disable monitoring findings from member accounts", + "privilege": "StopMonitoringMembers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about the specified server certificate stored in IAM", - "privilege": "GetServerCertificate", + "access_level": "Tagging", + "description": "Grants permission to add tags to a GuardDuty resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "server-certificate*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve information about the service last accessed data report", - "privilege": "GetServiceLastAccessedDetails", - "resource_types": [ + "resource_type": "detector" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "filter" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ipset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "malwareprotectionplan" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "publishingDestination" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "threatentityset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "threatintelset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "trustedentityset" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about the entities from the service last accessed data report", - "privilege": "GetServiceLastAccessedDetailsWithEntities", + "access_level": "Write", + "description": "Grants permission to unarchive GuardDuty findings", + "privilege": "UnarchiveFindings", "resource_types": [ { "condition_keys": [], @@ -156621,57 +161101,87 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve an IAM service-linked role deletion status", - "privilege": "GetServiceLinkedRoleDeletionStatus", + "access_level": "Tagging", + "description": "Grants permission to remove tags from a GuardDuty resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "role*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve information about the specified IAM user, including the user's creation date, path, unique ID, and ARN", - "privilege": "GetUser", - "resource_types": [ + "resource_type": "detector" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "filter" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ipset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "malwareprotectionplan" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "publishingDestination" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "threatentityset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "threatintelset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "trustedentityset" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve an inline policy document that is embedded in the specified IAM user", - "privilege": "GetUserPolicy", + "access_level": "Write", + "description": "Grants permission to update GuardDuty detectors", + "privilege": "UpdateDetector", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "detector*" } ] }, { - "access_level": "List", - "description": "Grants permission to list information about the access key IDs that are associated with the specified IAM user", - "privilege": "ListAccessKeys", + "access_level": "Write", + "description": "Grants permission to updates GuardDuty filters", + "privilege": "UpdateFilter", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "filter*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the account alias that is associated with the AWS account", - "privilege": "ListAccountAliases", + "access_level": "Write", + "description": "Grants permission to update findings feedback to mark GuardDuty findings as useful or not useful", + "privilege": "UpdateFindingsFeedback", "resource_types": [ { "condition_keys": [], @@ -156681,45 +161191,48 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all managed policies that are attached to the specified IAM group", - "privilege": "ListAttachedGroupPolicies", + "access_level": "Write", + "description": "Grants permission to update GuardDuty IPSets", + "privilege": "UpdateIPSet", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "group*" + "dependent_actions": [ + "iam:DeleteRolePolicy", + "iam:PutRolePolicy" + ], + "resource_type": "ipset*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all managed policies that are attached to the specified IAM role", - "privilege": "ListAttachedRolePolicies", + "access_level": "Write", + "description": "Grants permission to update the Malware Protection plan", + "privilege": "UpdateMalwareProtectionPlan", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "role*" + "resource_type": "malwareprotectionplan*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all managed policies that are attached to the specified IAM user", - "privilege": "ListAttachedUserPolicies", + "access_level": "Write", + "description": "Grants permission to update the malware scan settings", + "privilege": "UpdateMalwareScanSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all current CloudFront public keys for the account", - "privilege": "ListCloudFrontPublicKeys", + "access_level": "Write", + "description": "Grants permission to update which data sources are enabled for member accounts detectors", + "privilege": "UpdateMemberDetectors", "resource_types": [ { "condition_keys": [], @@ -156729,129 +161242,229 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all IAM identities to which the specified managed policy is attached", - "privilege": "ListEntitiesForPolicy", + "access_level": "Write", + "description": "Grants permission to update the delegated administrator configuration associated with a GuardDuty detector", + "privilege": "UpdateOrganizationConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the names of the inline policies that are embedded in the specified IAM group", - "privilege": "ListGroupPolicies", + "access_level": "Write", + "description": "Grants permission to update a publishing destination", + "privilege": "UpdatePublishingDestination", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "group*" + "dependent_actions": [ + "s3:GetObject", + "s3:ListBucket" + ], + "resource_type": "publishingDestination*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the IAM groups that have the specified path prefix", - "privilege": "ListGroups", + "access_level": "Write", + "description": "Grants permission to update GuardDuty ThreatEntitySets", + "privilege": "UpdateThreatEntitySet", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "s3:GetObject" + ], + "resource_type": "threatentityset*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the IAM groups that the specified IAM user belongs to", - "privilege": "ListGroupsForUser", + "access_level": "Write", + "description": "Grants permission to updates the GuardDuty ThreatIntelSets", + "privilege": "UpdateThreatIntelSet", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "user*" + "dependent_actions": [ + "iam:DeleteRolePolicy", + "iam:PutRolePolicy" + ], + "resource_type": "threatintelset*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the tags that are attached to the specified instance profile", - "privilege": "ListInstanceProfileTags", + "access_level": "Write", + "description": "Grants permission to update GuardDuty TrustedEntitySets", + "privilege": "UpdateTrustedEntitySet", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "instance-profile*" + "dependent_actions": [ + "s3:GetObject" + ], + "resource_type": "trustedentityset*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:guardduty:${Region}:${Account}:detector/${DetectorId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "detector" }, { - "access_level": "List", - "description": "Grants permission to list the instance profiles that have the specified path prefix", - "privilege": "ListInstanceProfiles", + "arn": "arn:${Partition}:guardduty:${Region}:${Account}:detector/${DetectorId}/filter/${FilterName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "filter" + }, + { + "arn": "arn:${Partition}:guardduty:${Region}:${Account}:detector/${DetectorId}/ipset/${IPSetId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "ipset" + }, + { + "arn": "arn:${Partition}:guardduty:${Region}:${Account}:detector/${DetectorId}/threatintelset/${ThreatIntelSetId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "threatintelset" + }, + { + "arn": "arn:${Partition}:guardduty:${Region}:${Account}:detector/${DetectorId}/trustedentityset/${TrustedEntitySetId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "trustedentityset" + }, + { + "arn": "arn:${Partition}:guardduty:${Region}:${Account}:detector/${DetectorId}/threatentityset/${ThreatEntitySetId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "threatentityset" + }, + { + "arn": "arn:${Partition}:guardduty:${Region}:${Account}:detector/${DetectorId}/publishingdestination/${PublishingDestinationId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "publishingDestination" + }, + { + "arn": "arn:${Partition}:guardduty:${Region}:${Account}:malware-protection-plan/${MalwareProtectionPlanId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "malwareprotectionplan" + } + ], + "service_name": "Amazon GuardDuty" + }, + { + "conditions": [ + { + "condition": "health:eventTypeCode", + "description": "Filters access by event type", + "type": "String" + }, + { + "condition": "health:service", + "description": "Filters access by impacted service", + "type": "String" + } + ], + "prefix": "health", + "privileges": [ + { + "access_level": "Read", + "description": "Grants permission to retrieve a list of accounts that have been affected by the specified events in organization", + "privilege": "DescribeAffectedAccountsForOrganization", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "organizations:ListAccounts" + ], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the instance profiles that have the specified associated IAM role", - "privilege": "ListInstanceProfilesForRole", + "access_level": "Read", + "description": "Grants permission to retrieve a list of entities that have been affected by the specified events", + "privilege": "DescribeAffectedEntities", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "role*" + "resource_type": "event*" + }, + { + "condition_keys": [ + "health:eventTypeCode", + "health:service" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the tags that are attached to the specified virtual mfa device", - "privilege": "ListMFADeviceTags", + "access_level": "Read", + "description": "Grants permission to retrieve a list of entities that have been affected by the specified events and accounts in organization", + "privilege": "DescribeAffectedEntitiesForOrganization", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "mfa*" + "dependent_actions": [ + "organizations:ListAccounts" + ], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the MFA devices for an IAM user", - "privilege": "ListMFADevices", + "access_level": "Read", + "description": "Grants permission to retrieve the number of entities that are affected by each of the specified events", + "privilege": "DescribeEntityAggregates", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the tags that are attached to the specified OpenID Connect provider", - "privilege": "ListOpenIDConnectProviderTags", + "access_level": "Read", + "description": "Grants permission to retrieve the number of entities that are affected by each of the specified events in an organization", + "privilege": "DescribeEntityAggregatesForOrganization", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "oidc-provider*" + "dependent_actions": [ + "organizations:ListAccounts" + ], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list information about the IAM OpenID Connect (OIDC) provider resource objects that are defined in the AWS account", - "privilege": "ListOpenIDConnectProviders", + "access_level": "Read", + "description": "Grants permission to retrieve the number of events of each event type (issue, scheduled change, and account notification)", + "privilege": "DescribeEventAggregates", "resource_types": [ { "condition_keys": [], @@ -156861,567 +161474,554 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the centralized root access features enabled for your organization", - "privilege": "ListOrganizationsFeatures", + "access_level": "Read", + "description": "Grants permission to retrieve detailed information about one or more specified events", + "privilege": "DescribeEventDetails", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "event*" + }, + { + "condition_keys": [ + "health:eventTypeCode", + "health:service" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all managed policies", - "privilege": "ListPolicies", + "access_level": "Read", + "description": "Grants permission to retrieve detailed information about one or more specified events for provided accounts in organization", + "privilege": "DescribeEventDetailsForOrganization", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "organizations:ListAccounts" + ], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list information about the policies that grant an entity access to a specific service", - "privilege": "ListPoliciesGrantingServiceAccess", + "access_level": "Read", + "description": "Grants permission to retrieve the event types that meet the specified filter criteria", + "privilege": "DescribeEventTypes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "role*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "user*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the tags that are attached to the specified managed policy", - "privilege": "ListPolicyTags", + "access_level": "Read", + "description": "Grants permission to retrieve information about events that meet the specified filter criteria", + "privilege": "DescribeEvents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list information about the versions of the specified managed policy, including the version that is currently set as the policy's default version", - "privilege": "ListPolicyVersions", + "access_level": "Read", + "description": "Grants permission to retrieve information about events that meet the specified filter criteria in organization", + "privilege": "DescribeEventsForOrganization", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "policy*" + "dependent_actions": [ + "organizations:ListAccounts" + ], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the names of the inline policies that are embedded in the specified IAM role", - "privilege": "ListRolePolicies", + "access_level": "Read", + "description": "Grants permission to retrieve the status of enabling or disabling the Organizational View feature", + "privilege": "DescribeHealthServiceStatusForOrganization", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "role*" + "dependent_actions": [ + "organizations:ListAccounts" + ], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the tags that are attached to the specified IAM role", - "privilege": "ListRoleTags", + "access_level": "Permissions management", + "description": "Grants permission to disable the Organizational View feature", + "privilege": "DisableHealthServiceAccessForOrganization", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "role*" + "dependent_actions": [ + "organizations:DisableAWSServiceAccess", + "organizations:ListAccounts" + ], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the IAM roles that have the specified path prefix", - "privilege": "ListRoles", + "access_level": "Permissions management", + "description": "Grants permission to enable the Organizational View feature", + "privilege": "EnableHealthServiceAccessForOrganization", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "iam:CreateServiceLinkedRole", + "organizations:EnableAWSServiceAccess", + "organizations:ListAccounts" + ], "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:health:*::event/${Service}/${EventTypeCode}/*", + "condition_keys": [], + "resource": "event" + } + ], + "service_name": "AWS Health APIs and Notifications" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request", + "type": "String" }, { - "access_level": "List", - "description": "Grants permission to list the tags that are attached to the specified SAML provider", - "privilege": "ListSAMLProviderTags", + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the presence of tag keys in the request", + "type": "ArrayOfString" + } + ], + "prefix": "healthlake", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to cancel an on going FHIR Export job with Delete", + "privilege": "CancelFHIRExportJobWithDelete", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "saml-provider*" + "resource_type": "datastore*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the SAML provider resources in IAM", - "privilege": "ListSAMLProviders", + "access_level": "Write", + "description": "Grants permission to create a datastore that can ingest and export FHIR data", + "privilege": "CreateFHIRDatastore", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list information about the SSH public keys that are associated with the specified IAM user", - "privilege": "ListSSHPublicKeys", + "access_level": "Write", + "description": "Grants permission to create resource", + "privilege": "CreateResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "datastore*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the status of all active STS regional endpoints", - "privilege": "ListSTSRegionalEndpointsStatus", + "access_level": "Write", + "description": "Grants permission to delete a datastore", + "privilege": "DeleteFHIRDatastore", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "datastore*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the tags that are attached to the specified server certificate", - "privilege": "ListServerCertificateTags", + "access_level": "Write", + "description": "Grants permission to delete resource", + "privilege": "DeleteResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "server-certificate*" + "resource_type": "datastore*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the server certificates that have the specified path prefix", - "privilege": "ListServerCertificates", + "access_level": "Read", + "description": "Grants permission to get the properties associated with the FHIR datastore, including the datastore ID, datastore ARN, datastore name, datastore status, created at, datastore type version, and datastore endpoint", + "privilege": "DescribeFHIRDatastore", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "datastore*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the service-specific credentials that are associated with the specified IAM user", - "privilege": "ListServiceSpecificCredentials", + "access_level": "Read", + "description": "Grants permission to display the properties of a FHIR export job, including the ID, ARN, name, and the status of the datastore", + "privilege": "DescribeFHIRExportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "datastore*" } ] }, { - "access_level": "List", - "description": "Grants permission to list information about the signing certificates that are associated with the specified IAM user", - "privilege": "ListSigningCertificates", + "access_level": "Read", + "description": "Grants permission to display the properties of a FHIR export job, including the ID, ARN, name, and the status of the datastore with Get", + "privilege": "DescribeFHIRExportJobWithGet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "datastore*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the names of the inline policies that are embedded in the specified IAM user", - "privilege": "ListUserPolicies", + "access_level": "Read", + "description": "Grants permission to display the properties of a FHIR import job, including the ID, ARN, name, and the status of the datastore", + "privilege": "DescribeFHIRImportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "datastore*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the tags that are attached to the specified IAM user", - "privilege": "ListUserTags", + "access_level": "Read", + "description": "Grants permission to search and expand ValueSet resource", + "privilege": "ExpandValueSetWithGet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "datastore*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the IAM users that have the specified path prefix", - "privilege": "ListUsers", + "access_level": "Read", + "description": "Grants permission to search and expand ValueSet resource", + "privilege": "ExpandValueSetWithPost", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "datastore*" } ] }, { - "access_level": "List", - "description": "Grants permission to list virtual MFA devices by assignment status", - "privilege": "ListVirtualMFADevices", + "access_level": "Write", + "description": "Grants permission to generate a clinical document resource", + "privilege": "GenerateDocumentWithGet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "datastore*" } ] }, { "access_level": "Write", - "description": "Grants permission to pass a role to a service", - "privilege": "PassRole", + "description": "Grants permission to generate a clinical document resource", + "privilege": "GenerateDocumentWithPost", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "role*" - }, - { - "condition_keys": [ - "iam:AssociatedResourceArn", - "iam:PassedToService" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "datastore*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to create or update an inline policy document that is embedded in the specified IAM group", - "privilege": "PutGroupPolicy", + "access_level": "Read", + "description": "Grants permission to get the capabilities of a FHIR datastore", + "privilege": "GetCapabilities", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" + "resource_type": "datastore*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to set a managed policy as a permissions boundary for a role", - "privilege": "PutRolePermissionsBoundary", + "access_level": "Read", + "description": "Grants permission to access exported files from a FHIR Export job initiated with Get", + "privilege": "GetExportedFile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "role*" - }, - { - "condition_keys": [ - "iam:PermissionsBoundary" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "datastore*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to create or update an inline policy document that is embedded in the specified IAM role", - "privilege": "PutRolePolicy", + "access_level": "Read", + "description": "Grants permission to read resource history", + "privilege": "GetHistoryByResourceId", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "role*" - }, - { - "condition_keys": [ - "iam:PermissionsBoundary" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "datastore*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to set a managed policy as a permissions boundary for an IAM user", - "privilege": "PutUserPermissionsBoundary", + "access_level": "List", + "description": "Grants permission to list all FHIR datastores that are in the user's account, regardless of datastore status", + "privilege": "ListFHIRDatastores", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" - }, - { - "condition_keys": [ - "iam:PermissionsBoundary" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to create or update an inline policy document that is embedded in the specified IAM user", - "privilege": "PutUserPolicy", + "access_level": "List", + "description": "Grants permission to get a list of export jobs for the specified datastore", + "privilege": "ListFHIRExportJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" - }, - { - "condition_keys": [ - "iam:PermissionsBoundary" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "datastore*" } ] }, { - "access_level": "Write", - "description": "Grants permission to remove the client ID (audience) from the list of client IDs in the specified IAM OpenID Connect (OIDC) provider resource", - "privilege": "RemoveClientIDFromOpenIDConnectProvider", + "access_level": "List", + "description": "Grants permission to get a list of import jobs for the specified datastore", + "privilege": "ListFHIRImportJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "oidc-provider*" + "resource_type": "datastore*" } ] }, { - "access_level": "Write", - "description": "Grants permission to remove an IAM role from the specified EC2 instance profile", - "privilege": "RemoveRoleFromInstanceProfile", + "access_level": "List", + "description": "Grants permission to get a list of tags for the specified datastore", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance-profile*" + "resource_type": "datastore" } ] }, { - "access_level": "Write", - "description": "Grants permission to remove an IAM user from the specified group", - "privilege": "RemoveUserFromGroup", + "access_level": "Read", + "description": "Grants permission to retrieve Codes for a CodeSystem resource", + "privilege": "LookupCodeSystemWithGet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" + "resource_type": "datastore*" } ] }, { - "access_level": "Write", - "description": "Grants permission to reset the password for an existing service-specific credential for an IAM user", - "privilege": "ResetServiceSpecificCredential", + "access_level": "Read", + "description": "Grants permission to retrieve Codes for a CodeSystem resource", + "privilege": "LookupCodeSystemWithPost", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "datastore*" } ] }, { "access_level": "Write", - "description": "Grants permission to synchronize the specified MFA device with its IAM entity (user or role)", - "privilege": "ResyncMFADevice", + "description": "Grants permission to patch a resource", + "privilege": "PatchResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "datastore*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to set the version of the specified policy as the policy's default version", - "privilege": "SetDefaultPolicyVersion", + "access_level": "Write", + "description": "Grants permission to bundle multiple resource operations", + "privilege": "ProcessBundle", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" + "resource_type": "datastore*" } ] }, { - "access_level": "Write", - "description": "Grants permission to activate or deactivate an STS regional endpoint", - "privilege": "SetSTSRegionalEndpointStatus", + "access_level": "Read", + "description": "Grants permission to read resource", + "privilege": "ReadResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "datastore*" } ] }, { - "access_level": "Write", - "description": "Grants permission to set the STS global endpoint token version", - "privilege": "SetSecurityTokenServicePreferences", + "access_level": "Read", + "description": "Grants permission to search all resources related to a patient", + "privilege": "SearchEverything", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "datastore*" } ] }, { "access_level": "Read", - "description": "Grants permission to simulate whether an identity-based policy or resource-based policy provides permissions for specific API operations and resources", - "privilege": "SimulateCustomPolicy", + "description": "Grants permission to search resources with GET method", + "privilege": "SearchWithGet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "datastore*" } ] }, { "access_level": "Read", - "description": "Grants permission to simulate whether an identity-based policy that is attached to a specified IAM entity (user or role) provides permissions for specific API operations and resources", - "privilege": "SimulatePrincipalPolicy", + "description": "Grants permission to search resources with POST method", + "privilege": "SearchWithPost", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "role" - }, + "resource_type": "datastore*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to begin a FHIR Export job", + "privilege": "StartFHIRExportJob", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user" + "resource_type": "datastore*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add tags to an instance profile", - "privilege": "TagInstanceProfile", + "access_level": "Write", + "description": "Grants permission to begin a FHIR Export job with Get", + "privilege": "StartFHIRExportJobWithGet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance-profile*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "datastore*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add tags to a virtual mfa device", - "privilege": "TagMFADevice", + "access_level": "Write", + "description": "Grants permission to begin a FHIR Export job with Post", + "privilege": "StartFHIRExportJobWithPost", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "mfa*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "datastore*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add tags to an OpenID Connect provider", - "privilege": "TagOpenIDConnectProvider", + "access_level": "Write", + "description": "Grants permission to begin a FHIR Import job", + "privilege": "StartFHIRImportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "oidc-provider*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "datastore*" } ] }, { "access_level": "Tagging", - "description": "Grants permission to add tags to a managed policy", - "privilege": "TagPolicy", + "description": "Grants permission to add tags to a datastore", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" + "resource_type": "datastore" }, { "condition_keys": [ "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -157430,18 +162030,17 @@ }, { "access_level": "Tagging", - "description": "Grants permission to add tags to an IAM role", - "privilege": "TagRole", + "description": "Grants permission to remove tags associated with a datastore", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "role*" + "resource_type": "datastore" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -157449,233 +162048,181 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to add tags to a SAML Provider", - "privilege": "TagSAMLProvider", + "access_level": "Write", + "description": "Grants permission to update resource", + "privilege": "UpdateResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "saml-provider*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "datastore*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add tags to a server certificate", - "privilege": "TagServerCertificate", + "access_level": "Read", + "description": "Grants permission to validate a resource", + "privilege": "ValidateResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "server-certificate*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "datastore*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add tags to an IAM user", - "privilege": "TagUser", + "access_level": "Read", + "description": "Grants permission to read version of a resource", + "privilege": "VersionReadResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" - }, + "resource_type": "datastore*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:healthlake:${Region}:${Account}:datastore/fhir/${DatastoreId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "datastore" + } + ], + "service_name": "AWS HealthLake" + }, + { + "conditions": [], + "prefix": "honeycode", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to approve a team association request for your AWS Account", + "privilege": "ApproveTeamAssociation", + "resource_types": [ { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove the specified tags from the instance profile", - "privilege": "UntagInstanceProfile", + "access_level": "Write", + "description": "Grants permission to create new rows in a table", + "privilege": "BatchCreateTableRows", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance-profile*" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove the specified tags from the virtual mfa device", - "privilege": "UntagMFADevice", + "access_level": "Write", + "description": "Grants permission to delete rows from a table", + "privilege": "BatchDeleteTableRows", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "mfa*" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove the specified tags from the OpenID Connect provider", - "privilege": "UntagOpenIDConnectProvider", + "access_level": "Write", + "description": "Grants permission to update rows in a table", + "privilege": "BatchUpdateTableRows", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "oidc-provider*" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove the specified tags from the managed policy", - "privilege": "UntagPolicy", + "access_level": "Write", + "description": "Grants permission to upsert rows in a table", + "privilege": "BatchUpsertTableRows", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove the specified tags from the role", - "privilege": "UntagRole", + "access_level": "Write", + "description": "Grants permission to create a new Amazon Honeycode team for your AWS Account", + "privilege": "CreateTeam", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "role*" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove the specified tags from the SAML Provider", - "privilege": "UntagSAMLProvider", + "access_level": "Write", + "description": "Grants permission to create a new tenant within Amazon Honeycode for your AWS Account", + "privilege": "CreateTenant", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "saml-provider*" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove the specified tags from the server certificate", - "privilege": "UntagServerCertificate", + "access_level": "Write", + "description": "Grants permission to delete Amazon Honeycode domains for your AWS Account", + "privilege": "DeleteDomains", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "server-certificate*" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove the specified tags from the user", - "privilege": "UntagUser", + "access_level": "Write", + "description": "Grants permission to remove groups from an Amazon Honeycode team for your AWS Account", + "privilege": "DeregisterGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the status of the specified access key as Active or Inactive", - "privilege": "UpdateAccessKey", + "access_level": "Read", + "description": "Grants permission to get details about a table data import job", + "privilege": "DescribeTableDataImportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "table*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the email address that is associated with the account", - "privilege": "UpdateAccountEmailAddress", + "access_level": "Read", + "description": "Grants permission to get details about Amazon Honeycode teams for your AWS Account", + "privilege": "DescribeTeam", "resource_types": [ { "condition_keys": [], @@ -157685,45 +162232,45 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update the account name that is associated with the account", - "privilege": "UpdateAccountName", + "access_level": "Read", + "description": "Grants permission to load the data from a screen", + "privilege": "GetScreenData", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "screen*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the password policy settings for the AWS account", - "privilege": "UpdateAccountPasswordPolicy", + "description": "Grants permission to invoke a screen automation", + "privilege": "InvokeScreenAutomation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "screen-automation*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to update the policy that grants an IAM entity permission to assume a role", - "privilege": "UpdateAssumeRolePolicy", + "access_level": "List", + "description": "Grants permission to list all Amazon Honeycode domains and their verification status for your AWS Account", + "privilege": "ListDomains", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "role*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update an existing CloudFront public key", - "privilege": "UpdateCloudFrontPublicKey", + "access_level": "List", + "description": "Grants permission to list all groups in an Amazon Honeycode team for your AWS Account", + "privilege": "ListGroups", "resource_types": [ { "condition_keys": [], @@ -157733,280 +162280,209 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update the name or path of the specified IAM group", - "privilege": "UpdateGroup", + "access_level": "List", + "description": "Grants permission to list the columns in a table", + "privilege": "ListTableColumns", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" + "resource_type": "table*" } ] }, { - "access_level": "Write", - "description": "Grants permission to change the password for the specified IAM user", - "privilege": "UpdateLoginProfile", + "access_level": "List", + "description": "Grants permission to list the rows in a table", + "privilege": "ListTableRows", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "table*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the entire list of server certificate thumbprints that are associated with an OpenID Connect (OIDC) provider resource", - "privilege": "UpdateOpenIDConnectProviderThumbprint", + "access_level": "List", + "description": "Grants permission to list the tables in a workbook", + "privilege": "ListTables", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "oidc-provider*" + "resource_type": "workbook*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the description or maximum session duration setting of a role", - "privilege": "UpdateRole", + "access_level": "Tagging", + "description": "Grants permission to list all tags for a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "role*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update only the description of a role", - "privilege": "UpdateRoleDescription", + "access_level": "List", + "description": "Grants permission to list all pending and approved team associations with your AWS Account", + "privilege": "ListTeamAssociations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "role*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the metadata document for an existing SAML provider resource", - "privilege": "UpdateSAMLProvider", + "access_level": "List", + "description": "Grants permission to list all tenants of Amazon Honeycode for your AWS Account", + "privilege": "ListTenants", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "saml-provider*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the status of an IAM user's SSH public key to active or inactive", - "privilege": "UpdateSSHPublicKey", + "access_level": "Read", + "description": "Grants permission to query the rows of a table using a filter", + "privilege": "QueryTableRows", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "table*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the name or the path of the specified server certificate stored in IAM", - "privilege": "UpdateServerCertificate", + "description": "Grants permission to request verification of the Amazon Honeycode domains for your AWS Account", + "privilege": "RegisterDomainForVerification", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "server-certificate*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the status of a service-specific credential to active or inactive for an IAM user", - "privilege": "UpdateServiceSpecificCredential", + "description": "Grants permission to add groups to an Amazon Honeycode team for your AWS Account", + "privilege": "RegisterGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the status of the specified user signing certificate to active or disabled", - "privilege": "UpdateSigningCertificate", + "description": "Grants permission to reject a team association request for your AWS Account", + "privilege": "RejectTeamAssociation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the name or the path of the specified IAM user", - "privilege": "UpdateUser", + "description": "Grants permission to restart verification of the Amazon Honeycode domains for your AWS Account", + "privilege": "RestartDomainVerification", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to upload a CloudFront public key", - "privilege": "UploadCloudFrontPublicKey", + "description": "Grants permission to start a table data import job", + "privilege": "StartTableDataImportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { - "access_level": "Write", - "description": "Grants permission to upload an SSH public key and associate it with the specified IAM user", - "privilege": "UploadSSHPublicKey", + "access_level": "Tagging", + "description": "Grants permission to tag a resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to upload a server certificate entity for the AWS account", - "privilege": "UploadServerCertificate", + "access_level": "Tagging", + "description": "Grants permission to untag a resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "server-certificate*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to upload an X.509 signing certificate and associate it with the specified IAM user", - "privilege": "UploadSigningCertificate", + "description": "Grants permission to update an Amazon Honeycode team for your AWS Account", + "privilege": "UpdateTeam", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "" } ] } ], "resources": [ { - "arn": "arn:${Partition}:iam::${Account}:access-report/${EntityPath}", - "condition_keys": [], - "resource": "access-report" - }, - { - "arn": "arn:${Partition}:iam::${Account}:assumed-role/${RoleName}/${RoleSessionName}", + "arn": "arn:${Partition}:honeycode:${Region}:${Account}:workbook:workbook/${WorkbookId}", "condition_keys": [], - "resource": "assumed-role" + "resource": "workbook" }, { - "arn": "arn:${Partition}:iam::${Account}:federated-user/${UserName}", + "arn": "arn:${Partition}:honeycode:${Region}:${Account}:table:workbook/${WorkbookId}/table/${TableId}", "condition_keys": [], - "resource": "federated-user" + "resource": "table" }, { - "arn": "arn:${Partition}:iam::${Account}:group/${GroupNameWithPath}", + "arn": "arn:${Partition}:honeycode:${Region}:${Account}:screen:workbook/${WorkbookId}/app/${AppId}/screen/${ScreenId}", "condition_keys": [], - "resource": "group" - }, - { - "arn": "arn:${Partition}:iam::${Account}:instance-profile/${InstanceProfileNameWithPath}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "instance-profile" - }, - { - "arn": "arn:${Partition}:iam::${Account}:mfa/${MfaTokenIdWithPath}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "mfa" - }, - { - "arn": "arn:${Partition}:iam::${Account}:oidc-provider/${OidcProviderName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "oidc-provider" - }, - { - "arn": "arn:${Partition}:iam::${Account}:policy/${PolicyNameWithPath}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "policy" - }, - { - "arn": "arn:${Partition}:iam::${Account}:role/${RoleNameWithPath}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "iam:ResourceTag/${TagKey}" - ], - "resource": "role" - }, - { - "arn": "arn:${Partition}:iam::${Account}:saml-provider/${SamlProviderName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "saml-provider" - }, - { - "arn": "arn:${Partition}:iam::${Account}:server-certificate/${CertificateNameWithPath}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "server-certificate" + "resource": "screen" }, { - "arn": "arn:${Partition}:iam::${Account}:sms-mfa/${MfaTokenIdWithPath}", + "arn": "arn:${Partition}:honeycode:${Region}:${Account}:screen-automation:workbook/${WorkbookId}/app/${AppId}/screen/${ScreenId}/automation/${AutomationId}", "condition_keys": [], - "resource": "sms-mfa" - }, - { - "arn": "arn:${Partition}:iam::${Account}:user/${UserNameWithPath}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "iam:ResourceTag/${TagKey}" - ], - "resource": "user" + "resource": "screen-automation" } ], - "service_name": "AWS Identity and Access Management (IAM)" + "service_name": "Amazon Honeycode" }, { "conditions": [ @@ -158032,9 +162508,24 @@ }, { "condition": "iam:AssociatedResourceArn", - "description": "Filters by the resource that the role will be used on behalf of", + "description": "Filters access by the resource that the role will be used on behalf of", "type": "ARN" }, + { + "condition": "iam:FIDO-FIPS-140-2-certification", + "description": "Filters access by the MFA device FIPS-140-2 validation certification level at the time of registration of a FIDO security key", + "type": "String" + }, + { + "condition": "iam:FIDO-FIPS-140-3-certification", + "description": "Filters access by the MFA device FIPS-140-3 validation certification level at the time of registration of a FIDO security key", + "type": "String" + }, + { + "condition": "iam:FIDO-certification", + "description": "Filters access by the MFA device FIDO certification level at the time of registration of a FIDO security key", + "type": "String" + }, { "condition": "iam:OrganizationsPolicyId", "description": "Filters access by the ID of an AWS Organizations policy", @@ -158048,17 +162539,32 @@ { "condition": "iam:PermissionsBoundary", "description": "Filters access if the specified policy is set as the permissions boundary on the IAM entity (user or role)", - "type": "String" + "type": "ARN" }, { "condition": "iam:PolicyARN", "description": "Filters access by the ARN of an IAM policy", "type": "ARN" }, + { + "condition": "iam:RegisterSecurityKey", + "description": "Filters access by the current state of MFA device enablement", + "type": "String" + }, { "condition": "iam:ResourceTag/${TagKey}", "description": "Filters access by the tags attached to an IAM entity (user or role)", "type": "String" + }, + { + "condition": "iam:ServiceSpecificCredentialAgeDays", + "description": "Filters access by the duration until the credential's expiration", + "type": "Numeric" + }, + { + "condition": "iam:ServiceSpecificCredentialServiceName", + "description": "Filters access by the service associated with the credential", + "type": "String" } ], "prefix": "iam", @@ -158162,7 +162668,7 @@ }, { "access_level": "Write", - "description": "Grants permission for an IAM user to change their own password", + "description": "Grants permission to an IAM user to change their own password", "privilege": "ChangePassword", "resource_types": [ { @@ -158361,6 +162867,14 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "user*" + }, + { + "condition_keys": [ + "iam:ServiceSpecificCredentialAgeDays", + "iam:ServiceSpecificCredentialServiceName" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -158656,6 +163170,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "user*" + }, + { + "condition_keys": [ + "iam:ServiceSpecificCredentialServiceName" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -158797,6 +163318,30 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to disable the management of member account root user credentials for an organization managed under the current account", + "privilege": "DisableOrganizationsRootCredentialsManagement", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disable privileged root actions in member accounts for an organization managed under the current account", + "privilege": "DisableOrganizationsRootSessions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to enable an MFA device and associate it with the specified IAM user", @@ -158806,6 +163351,40 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "user*" + }, + { + "condition_keys": [ + "iam:RegisterSecurityKey", + "iam:FIDO-FIPS-140-2-certification", + "iam:FIDO-FIPS-140-3-certification", + "iam:FIDO-certification" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to enable the management of member account root user credentials for an organization managed under the current account", + "privilege": "EnableOrganizationsRootCredentialsManagement", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to enable privileged root actions in member accounts for an organization managed under the current account", + "privilege": "EnableOrganizationsRootSessions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -159052,6 +163631,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about an MFA device for the specified user", + "privilege": "GetMFADevice", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "user*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve information about the specified OpenID Connect (OIDC) provider resource in IAM", @@ -159360,7 +163951,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance-profile*" + "resource_type": "" } ] }, @@ -159424,6 +164015,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list the centralized root access features enabled for your organization", + "privilege": "ListOrganizationsFeatures", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list all managed policies", @@ -159815,6 +164418,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "user*" + }, + { + "condition_keys": [ + "iam:ServiceSpecificCredentialServiceName" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -160389,6 +164999,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "user*" + }, + { + "condition_keys": [ + "iam:ServiceSpecificCredentialServiceName" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -160558,7 +165175,7 @@ "resource": "user" } ], - "service_name": "AWS Identity and Access Management" + "service_name": "AWS Identity and Access Management (IAM)" }, { "conditions": [], @@ -160771,7 +165388,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Identitystore*" } ] @@ -160783,7 +165402,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Group*" }, { @@ -160798,6 +165419,23 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a new IdentityStore in an AWS account", + "privilege": "CreateIdentityStore", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "kms:Decrypt", + "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKeyWithoutPlaintext" + ], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a user in the specified IdentityStore", @@ -160805,7 +165443,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Identitystore*" } ] @@ -160817,7 +165457,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Group*" }, { @@ -160834,7 +165476,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Group*" }, { @@ -160854,6 +165498,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete an IdentityStore", + "privilege": "DeleteIdentityStore", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a user in the specified IdentityStore", @@ -160861,7 +165517,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Identitystore*" }, { @@ -160878,7 +165536,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Group*" }, { @@ -160895,7 +165555,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Group*" }, { @@ -160922,7 +165584,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Identitystore*" }, { @@ -160939,7 +165603,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Group*" }, { @@ -160956,7 +165622,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Group*" }, { @@ -160983,7 +165651,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Identitystore*" }, { @@ -161000,7 +165670,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "AllGroupMemberships*" }, { @@ -161027,7 +165699,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "AllGroupMemberships*" }, { @@ -161049,7 +165723,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "AllGroupMemberships*" }, { @@ -161071,7 +165747,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "AllGroups*" }, { @@ -161088,7 +165766,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "AllUsers*" }, { @@ -161105,7 +165785,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Group*" }, { @@ -161115,6 +165797,23 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update the configuration of an IdentityStore", + "privilege": "UpdateIdentityStore", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "kms:Decrypt", + "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKeyWithoutPlaintext" + ], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update user information in the specified IdentityStore", @@ -161122,7 +165821,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Identitystore*" }, { @@ -161234,7 +165935,7 @@ "type": "ArrayOfString" }, { - "condition": "imagebuilder:CreatedResourceTag/", + "condition": "imagebuilder:CreatedResourceTag/${TagKey}", "description": "Filters access by the tag key-value pairs attached to the resource created by Image Builder", "type": "String" }, @@ -161291,18 +165992,24 @@ "privilege": "CreateComponent", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [ - "iam:CreateServiceLinkedRole", "imagebuilder:TagResource", "kms:Encrypt", "kms:GenerateDataKey", - "kms:GenerateDataKeyWithoutPlaintext" + "kms:GenerateDataKeyWithoutPlaintext", + "s3:GetObject", + "s3:ListBucket" ], "resource_type": "component*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -161312,22 +166019,30 @@ "privilege": "CreateContainerRecipe", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [ + "ec2:DescribeImages", "ecr:DescribeImages", "ecr:DescribeRepositories", - "iam:CreateServiceLinkedRole", "imagebuilder:GetComponent", "imagebuilder:GetImage", "imagebuilder:TagResource", "kms:Encrypt", "kms:GenerateDataKey", - "kms:GenerateDataKeyWithoutPlaintext" + "kms:GenerateDataKeyWithoutPlaintext", + "s3:GetObject", + "s3:ListBucket", + "ssm:GetParameter" ], "resource_type": "containerRecipe*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -161336,16 +166051,25 @@ "description": "Grants permission to create a new distribution configuration", "privilege": "CreateDistributionConfiguration", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "ec2:CreateLaunchTemplateVersion", + "ec2:DescribeLaunchTemplates", + "ec2:ModifyLaunchTemplate", + "imagebuilder:TagResource", + "s3:ListBucket", + "ssm:GetParameter" + ], + "resource_type": "distributionConfiguration*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys" ], - "dependent_actions": [ - "iam:CreateServiceLinkedRole", - "imagebuilder:TagResource" - ], - "resource_type": "distributionConfiguration*" + "dependent_actions": [], + "resource_type": "" } ] }, @@ -161355,11 +166079,10 @@ "privilege": "CreateImage", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [ + "ecr:BatchGetRepositoryScanningConfiguration", + "ecr:DescribeRepositories", "iam:CreateServiceLinkedRole", "iam:PassRole", "imagebuilder:GetContainerRecipe", @@ -161367,9 +166090,18 @@ "imagebuilder:GetImageRecipe", "imagebuilder:GetInfrastructureConfiguration", "imagebuilder:GetWorkflow", - "imagebuilder:TagResource" + "imagebuilder:TagResource", + "inspector2:BatchGetAccountStatus" ], "resource_type": "image*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -161379,11 +166111,10 @@ "privilege": "CreateImagePipeline", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [ + "ecr:BatchGetRepositoryScanningConfiguration", + "ecr:DescribeRepositories", "iam:CreateServiceLinkedRole", "iam:PassRole", "imagebuilder:GetContainerRecipe", @@ -161391,9 +166122,18 @@ "imagebuilder:GetImageRecipe", "imagebuilder:GetInfrastructureConfiguration", "imagebuilder:GetWorkflow", - "imagebuilder:TagResource" + "imagebuilder:TagResource", + "inspector2:BatchGetAccountStatus" ], "resource_type": "imagePipeline*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -161403,18 +166143,23 @@ "privilege": "CreateImageRecipe", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [ "ec2:DescribeImages", - "iam:CreateServiceLinkedRole", "imagebuilder:GetComponent", "imagebuilder:GetImage", - "imagebuilder:TagResource" + "imagebuilder:TagResource", + "ssm:GetParameter" ], "resource_type": "imageRecipe*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -161423,22 +166168,29 @@ "description": "Grants permission to create a new infrastructure configuration", "privilege": "CreateInfrastructureConfiguration", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "ec2:DescribeAvailabilityZones", + "ec2:DescribeHosts", + "iam:PassRole", + "imagebuilder:TagResource", + "resource-groups:GetGroup", + "sns:Publish" + ], + "resource_type": "infrastructureConfiguration*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", "imagebuilder:CreatedResourceTagKeys", - "imagebuilder:CreatedResourceTag/", + "imagebuilder:CreatedResourceTag/${TagKey}", "imagebuilder:Ec2MetadataHttpTokens", "imagebuilder:StatusTopicArn" ], - "dependent_actions": [ - "iam:CreateServiceLinkedRole", - "iam:PassRole", - "imagebuilder:TagResource", - "sns:Publish" - ], - "resource_type": "infrastructureConfiguration*" + "dependent_actions": [], + "resource_type": "" } ] }, @@ -161448,16 +166200,21 @@ "privilege": "CreateLifecyclePolicy", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "imagebuilder:LifecyclePolicyResourceType" - ], + "condition_keys": [], "dependent_actions": [ "iam:PassRole", "imagebuilder:TagResource" ], "resource_type": "lifecyclePolicy*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "imagebuilder:LifecyclePolicyResourceType" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -161467,10 +166224,7 @@ "privilege": "CreateWorkflow", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [ "imagebuilder:TagResource", "kms:Encrypt", @@ -161480,6 +166234,14 @@ "s3:ListBucket" ], "resource_type": "workflow*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -161659,9 +166421,7 @@ "privilege": "GetImage", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "image*" } @@ -161796,7 +166556,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "workflowStepExecution*" } ] @@ -161807,18 +166569,24 @@ "privilege": "ImportComponent", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [ - "iam:CreateServiceLinkedRole", "imagebuilder:TagResource", "kms:Encrypt", "kms:GenerateDataKey", - "kms:GenerateDataKeyWithoutPlaintext" + "kms:GenerateDataKeyWithoutPlaintext", + "s3:GetObject", + "s3:ListBucket" ], "resource_type": "component*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -161828,10 +166596,7 @@ "privilege": "ImportDiskImage", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [ "iam:CreateServiceLinkedRole", "iam:PassRole", @@ -161842,6 +166607,14 @@ "s3:ListBucket" ], "resource_type": "imageVersion*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -161851,16 +166624,22 @@ "privilege": "ImportVmImage", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [ "ec2:DescribeImages", "ec2:DescribeImportImageTasks", - "iam:CreateServiceLinkedRole" + "iam:CreateServiceLinkedRole", + "imagebuilder:TagResource" ], "resource_type": "imageVersion*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -161872,7 +166651,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "componentVersion*" + "resource_type": "allComponentBuildVersions*" } ] }, @@ -161920,7 +166699,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "imageVersion*" + "resource_type": "allImageBuildVersions*" } ] }, @@ -161930,9 +166709,7 @@ "privilege": "ListImagePackages", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "image*" } @@ -162081,65 +166858,47 @@ "privilege": "ListTagsForResource", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "component" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "containerRecipe" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "distributionConfiguration" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "image" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "imagePipeline" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "imageRecipe" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "infrastructureConfiguration" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "lifecyclePolicy" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "workflow" } @@ -162165,7 +166924,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflowVersion*" + "resource_type": "allWorkflowBuildVersions*" } ] }, @@ -162188,7 +166947,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "workflowExecution*" } ] @@ -162279,9 +167040,18 @@ "condition_keys": [], "dependent_actions": [ "iam:CreateServiceLinkedRole", - "imagebuilder:GetImagePipeline" + "imagebuilder:GetImagePipeline", + "imagebuilder:TagResource" ], "resource_type": "imagePipeline*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -162303,85 +167073,57 @@ "privilege": "TagResource", "resource_types": [ { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "component" }, { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "containerRecipe" }, { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "distributionConfiguration" }, { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "image" }, { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "imagePipeline" }, { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "imageRecipe" }, { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "infrastructureConfiguration" }, { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "lifecyclePolicy" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workflow" + }, { "condition_keys": [ "aws:TagKeys", - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "workflow" + "resource_type": "" } ] }, @@ -162391,76 +167133,56 @@ "privilege": "UntagResource", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "component" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "containerRecipe" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "distributionConfiguration" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "image" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "imagePipeline" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "imageRecipe" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "infrastructureConfiguration" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "lifecyclePolicy" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workflow" + }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], - "resource_type": "workflow" + "resource_type": "" } ] }, @@ -162471,7 +167193,13 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateLaunchTemplateVersion", + "ec2:DescribeLaunchTemplates", + "ec2:ModifyLaunchTemplate", + "s3:ListBucket", + "ssm:GetParameter" + ], "resource_type": "distributionConfiguration*" } ] @@ -162484,13 +167212,16 @@ { "condition_keys": [], "dependent_actions": [ + "ecr:BatchGetRepositoryScanningConfiguration", + "ecr:DescribeRepositories", "iam:CreateServiceLinkedRole", "iam:PassRole", "imagebuilder:GetContainerRecipe", "imagebuilder:GetDistributionConfiguration", "imagebuilder:GetImageRecipe", "imagebuilder:GetInfrastructureConfiguration", - "imagebuilder:GetWorkflow" + "imagebuilder:GetWorkflow", + "inspector2:BatchGetAccountStatus" ], "resource_type": "imagePipeline*" } @@ -162502,18 +167233,25 @@ "privilege": "UpdateInfrastructureConfiguration", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "imagebuilder:CreatedResourceTagKeys", - "imagebuilder:CreatedResourceTag/", - "imagebuilder:Ec2MetadataHttpTokens", - "imagebuilder:StatusTopicArn" - ], + "condition_keys": [], "dependent_actions": [ + "ec2:DescribeAvailabilityZones", + "ec2:DescribeHosts", "iam:PassRole", + "resource-groups:GetGroup", "sns:Publish" ], "resource_type": "infrastructureConfiguration*" + }, + { + "condition_keys": [ + "imagebuilder:CreatedResourceTagKeys", + "imagebuilder:CreatedResourceTag/${TagKey}", + "imagebuilder:Ec2MetadataHttpTokens", + "imagebuilder:StatusTopicArn" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -162523,13 +167261,18 @@ "privilege": "UpdateLifecyclePolicy", "resource_types": [ { - "condition_keys": [ - "imagebuilder:LifecyclePolicyResourceType" - ], + "condition_keys": [], "dependent_actions": [ "iam:PassRole" ], "resource_type": "lifecyclePolicy*" + }, + { + "condition_keys": [ + "imagebuilder:LifecyclePolicyResourceType" + ], + "dependent_actions": [], + "resource_type": "" } ] } @@ -162542,13 +167285,6 @@ ], "resource": "component" }, - { - "arn": "arn:${Partition}:imagebuilder:${Region}:${Account}:component/${ComponentName}/${ComponentVersion}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "componentVersion" - }, { "arn": "arn:${Partition}:imagebuilder:${Region}:${Account}:distribution-configuration/${DistributionConfigurationName}", "condition_keys": [ @@ -162598,11 +167334,6 @@ ], "resource": "infrastructureConfiguration" }, - { - "arn": "arn:${Partition}:kms:${Region}:${Account}:key/${KeyId}", - "condition_keys": [], - "resource": "kmsKey" - }, { "arn": "arn:${Partition}:imagebuilder:${Region}:${Account}:lifecycle-execution/${LifecycleExecutionId}", "condition_keys": [], @@ -162622,13 +167353,6 @@ ], "resource": "workflow" }, - { - "arn": "arn:${Partition}:imagebuilder:${Region}:${Account}:workflow/${WorkflowType}/${WorkflowName}/${WorkflowVersion}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "workflowVersion" - }, { "arn": "arn:${Partition}:imagebuilder:${Region}:${Account}:workflow-execution/${WorkflowExecutionId}", "condition_keys": [], @@ -162638,6 +167362,21 @@ "arn": "arn:${Partition}:imagebuilder:${Region}:${Account}:workflow-step-execution/${WorkflowStepExecutionId}", "condition_keys": [], "resource": "workflowStepExecution" + }, + { + "arn": "arn:${Partition}:imagebuilder:${Region}:${Account}:component/${ComponentName}/${ComponentVersion}/*", + "condition_keys": [], + "resource": "allComponentBuildVersions" + }, + { + "arn": "arn:${Partition}:imagebuilder:${Region}:${Account}:image/${ImageName}/${ImageVersion}/*", + "condition_keys": [], + "resource": "allImageBuildVersions" + }, + { + "arn": "arn:${Partition}:imagebuilder:${Region}:${Account}:workflow/${WorkflowType}/${WorkflowName}/${WorkflowVersion}/*", + "condition_keys": [], + "resource": "allWorkflowBuildVersions" } ], "service_name": "Amazon EC2 Image Builder" @@ -163226,6 +167965,30 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to associate multiple code repositories with an Amazon Inspector code security scan configuration", + "privilege": "BatchAssociateCodeSecurityScanConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disassociate multiple code repositories from an Amazon Inspector code security scan configuration", + "privilege": "BatchDisassociateCodeSecurityScanConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve information about Amazon Inspector accounts for an account", @@ -163343,6 +168106,46 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a code security integration with a source code repository provider", + "privilege": "CreateCodeSecurityIntegration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Code Security Integration*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a scan configuration for code security scanning", + "privilege": "CreateCodeSecurityScanConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Code Security Scan Configuration*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create and define the settings for a findings filter", @@ -163406,6 +168209,30 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a code security integration", + "privilege": "DeleteCodeSecurityIntegration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Code Security Integration*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a code security scan configuration", + "privilege": "DeleteCodeSecurityScanConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Code Security Scan Configuration*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a findings filter", @@ -163514,6 +168341,54 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get cluster information for a given a continuously scanned amazon Ecr image", + "privilege": "GetClustersForImage", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about a code security integration", + "privilege": "GetCodeSecurityIntegration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about a specific code security scan", + "privilege": "GetCodeSecurityScan", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about a code security scan configuration", + "privilege": "GetCodeSecurityScanConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve information about the Amazon Inspector configuration settings for an AWS account", @@ -163658,6 +168533,42 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list all code security integrations in your account", + "privilege": "ListCodeSecurityIntegrations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the associations between code repositories and Amazon Inspector code security scan configurations", + "privilege": "ListCodeSecurityScanConfigurationAssociations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all code security scan configurations in your account", + "privilege": "ListCodeSecurityScanConfigurations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to retrieve the types of statistics Amazon Inspector can generate for resources Inspector monitors", @@ -163826,6 +168737,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to initiate a code security scan on a specified repository", + "privilege": "StartCodeSecurityScan", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to stop a CIS scan session", @@ -163844,16 +168767,22 @@ "privilege": "TagResource", "resource_types": [ { - "condition_keys": [ - "inspector2:Cis Scan Configuration" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "CIS Scan Configuration" }, { - "condition_keys": [ - "inspector2:Filter" - ], + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Code Security Integration" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Code Security Scan Configuration" + }, + { + "condition_keys": [], "dependent_actions": [], "resource_type": "Filter" }, @@ -163874,16 +168803,22 @@ "privilege": "UntagResource", "resource_types": [ { - "condition_keys": [ - "inspector2:Cis Scan Configuration" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "CIS Scan Configuration" }, { - "condition_keys": [ - "inspector2:Filter" - ], + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Code Security Integration" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Code Security Scan Configuration" + }, + { + "condition_keys": [], "dependent_actions": [], "resource_type": "Filter" }, @@ -163916,6 +168851,44 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update an existing code security integration", + "privilege": "UpdateCodeSecurityIntegration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Code Security Integration*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update an existing code security scan configuration", + "privilege": "UpdateCodeSecurityScanConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Code Security Scan Configuration*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update information about the Amazon Inspector configuration settings for an AWS account", @@ -164016,6 +168989,20 @@ "aws:ResourceTag/${TagKey}" ], "resource": "CIS Scan Configuration" + }, + { + "arn": "arn:${Partition}:inspector2:${Region}:${Account}:owner/${OwnerId}/codesecurity-configuration/${CodeSecurityScanConfigurationId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Code Security Scan Configuration" + }, + { + "arn": "arn:${Partition}:inspector2:${Region}:${Account}:codesecurity-integration/${CodeSecurityIntegrationId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Code Security Integration" } ], "service_name": "Amazon Inspector2" @@ -164357,6 +169344,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get Invoice Correction", + "privilege": "GetInvoiceCorrection", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get Invoice Email Delivery Preferences", @@ -164393,6 +169392,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list Invoice Corrections", + "privilege": "ListInvoiceCorrections", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get Invoice summary information for your account or linked account", @@ -164448,6 +169459,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to start Invoice Correction", + "privilege": "StartInvoiceCorrection", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Tagging", "description": "Grants permission to tag a resource", @@ -164576,6 +169599,11 @@ "condition": "iot:TunnelDestinationService", "description": "Filters access by a list of destination services for an IoT Tunnel", "type": "ArrayOfString" + }, + { + "condition": "iot:thingArn", + "description": "Filters access by the ARN of an IoT Thing", + "type": "ARN" } ], "prefix": "iot", @@ -164726,6 +169754,13 @@ { "condition_keys": [], "dependent_actions": [], + "resource_type": "cert" + }, + { + "condition_keys": [ + "iot:thingArn" + ], + "dependent_actions": [], "resource_type": "" } ] @@ -165255,7 +170290,7 @@ ] }, { - "access_level": "Write", + "access_level": "Permissions management", "description": "Grants permission to create an AWS IoT policy", "privilege": "CreatePolicy", "resource_types": [ @@ -165275,7 +170310,7 @@ ] }, { - "access_level": "Write", + "access_level": "Permissions management", "description": "Grants permission to create a new version of the specified AWS IoT policy", "privilege": "CreatePolicyVersion", "resource_types": [ @@ -165626,6 +170661,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to disconnect the specified connection", + "privilege": "DeleteConnection", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "client*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to deletes the specified custom metric from your AWS account", @@ -165781,7 +170828,7 @@ ] }, { - "access_level": "Write", + "access_level": "Permissions management", "description": "Grants permission to delete the specified policy", "privilege": "DeletePolicy", "resource_types": [ @@ -165793,7 +170840,7 @@ ] }, { - "access_level": "Write", + "access_level": "Permissions management", "description": "Grants permission to Delete the specified version of the specified policy", "privilege": "DeletePolicyVersion", "resource_types": [ @@ -166174,6 +171221,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to describe the encryption configuration for the account", + "privilege": "DescribeEncryptionConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get a unique endpoint specific to the AWS account making the call", @@ -166483,6 +171542,13 @@ { "condition_keys": [], "dependent_actions": [], + "resource_type": "cert" + }, + { + "condition_keys": [ + "iot:thingArn" + ], + "dependent_actions": [], "resource_type": "" } ] @@ -167300,7 +172366,19 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "cert" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the things associated with the specified principal", + "privilege": "ListPrincipalThingsV2", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cert" } ] }, @@ -167607,7 +172685,19 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "thing*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the principals associated with the specified thing", + "privilege": "ListThingPrincipalsV2", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "thing*" } ] }, @@ -167809,7 +172899,8 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [ "iam:PassRole" @@ -168581,6 +173672,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update the encryption configuration for the account", + "privilege": "UpdateEncryptionConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update event configurations", @@ -170748,69 +175851,6 @@ } ] }, - { - "access_level": "Write", - "description": "Grants permission to create a batch of vehicles", - "privilege": "BatchCreateVehicle", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "iot:CreateThing", - "iot:DescribeThing" - ], - "resource_type": "decodermanifest*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "modelmanifest*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "vehicle*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a batch of vehicles", - "privilege": "BatchUpdateVehicle", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "vehicle*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "decodermanifest" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "modelmanifest" - }, - { - "condition_keys": [ - "iotfleetwise:UpdateToModelManifestArn", - "iotfleetwise:UpdateToDecoderManifestArn" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, { "access_level": "Write", "description": "Grants permission to create a campaign", @@ -171451,6 +176491,11 @@ "dependent_actions": [], "resource_type": "signalcatalog" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "statetemplate" + }, { "condition_keys": [], "dependent_actions": [], @@ -171860,190 +176905,679 @@ { "conditions": [ { - "condition": "iotroborunner:DestinationResourceId", - "description": "Filters access by the destination's identifier", + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by a tag key and value pair that is allowed in the request", "type": "String" }, { - "condition": "iotroborunner:SiteResourceId", - "description": "Filters access by the site's identifier", + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by a tag key and value pair of a resource", "type": "String" }, { - "condition": "iotroborunner:WorkerFleetResourceId", - "description": "Filters access by the worker fleet's identifier", + "condition": "aws:TagKeys", + "description": "Filters access by tag keys that are passed in the request", + "type": "ArrayOfString" + }, + { + "condition": "iotmanagedintegrations:cloudConnectorId", + "description": "Filters access by the CloudConnectorId", "type": "String" }, { - "condition": "iotroborunner:WorkerResourceId", - "description": "Filters access by the workers identifier", + "condition": "iotmanagedintegrations:connectorDestinationId", + "description": "Filters access by the ConnectorDestinationId", "type": "String" } ], - "prefix": "iotroborunner", + "prefix": "iotmanagedintegrations", "privileges": [ { "access_level": "Write", - "description": "Grants permission to create a destination", + "description": "Grants permission to create a new account association", + "privilege": "CreateAccountAssociation", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "iotmanagedintegrations:connectorDestinationId" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a new cloud connector", + "privilege": "CreateCloudConnector", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a new connector destination", + "privilege": "CreateConnectorDestination", + "resource_types": [ + { + "condition_keys": [ + "iotmanagedintegrations:cloudConnectorId" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a product credential locker", + "privilege": "CreateCredentialLocker", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a new destination", "privilege": "CreateDestination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SiteResource*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a site", - "privilege": "CreateSite", + "description": "Grants permission to create a new event configuration", + "privilege": "CreateEventLogConfiguration", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:CreateServiceLinkedRole" + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a new managed thing", + "privilege": "CreateManagedThing", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "credential-locker" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a worker", - "privilege": "CreateWorker", + "description": "Grants permission to create a new notification configuration", + "privilege": "CreateNotificationConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a new ota task", + "privilege": "CreateOtaTask", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a new ota task configuration", + "privilege": "CreateOtaTaskConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "WorkerFleetResource*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a worker fleet", - "privilege": "CreateWorkerFleet", + "description": "Grants permission to create a new provisioning profile", + "privilege": "CreateProvisioningProfile", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an account association", + "privilege": "DeleteAccountAssociation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SiteResource*" + "resource_type": "account-association*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a destination", + "description": "Grants permission to delete a cloud connector", + "privilege": "DeleteCloudConnector", + "resource_types": [ + { + "condition_keys": [ + "iotmanagedintegrations:cloudConnectorId" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a connector destination", + "privilege": "DeleteConnectorDestination", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a credential locker", + "privilege": "DeleteCredentialLocker", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "credential-locker*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete destination", "privilege": "DeleteDestination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "DestinationResource*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a site", - "privilege": "DeleteSite", + "description": "Grants permission to delete event log configuration", + "privilege": "DeleteEventLogConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SiteResource*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a worker", - "privilege": "DeleteWorker", + "description": "Grants permission to delete managed thing", + "privilege": "DeleteManagedThing", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "WorkerResource*" + "resource_type": "managed-thing*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a worker fleet", - "privilege": "DeleteWorkerFleet", + "description": "Grants permission to delete notification configuration", + "privilege": "DeleteNotificationConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete ota task", + "privilege": "DeleteOtaTask", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ota-task*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete ota task configuration", + "privilege": "DeleteOtaTaskConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete provisioning profile", + "privilege": "DeleteProvisioningProfile", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "provisioning-profile*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to deregister account association", + "privilege": "DeregisterAccountAssociation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "account-association*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "managed-thing*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get information about an account association", + "privilege": "GetAccountAssociation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "account-association*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get information about a cloud connector", + "privilege": "GetCloudConnector", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "WorkerFleetResource*" + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get information about a cloud destination", + "privilege": "GetConnectorDestination", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get information about a credential locker", + "privilege": "GetCredentialLocker", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "credential-locker*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get information about a custom endpoint", + "privilege": "GetCustomEndpoint", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get information about a default encryption configuration", + "privilege": "GetDefaultEncryptionConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get a destination", + "description": "Grants permission to get information about a destination", "privilege": "GetDestination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "DestinationResource*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get a site", - "privilege": "GetSite", + "description": "Grants permission to get information about a device discovery", + "privilege": "GetDeviceDiscovery", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SiteResource*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get a worker", - "privilege": "GetWorker", + "description": "Grants permission to get information about an event log configuration", + "privilege": "GetEventLogConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get information about a hub configuration", + "privilege": "GetHubConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get information about a managed thing", + "privilege": "GetManagedThing", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "managed-thing*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the capability report for a managed thing", + "privilege": "GetManagedThingCapabilities", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "managed-thing*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the certificate pem for a managed thing", + "privilege": "GetManagedThingCertificate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "managed-thing*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the connectivity data for a managed thing", + "privilege": "GetManagedThingConnectivityData", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "WorkerResource*" + "resource_type": "managed-thing*" } ] }, { "access_level": "Read", - "description": "Grants permission to get a worker fleet", - "privilege": "GetWorkerFleet", + "description": "Grants permission to get the meta data information for a managed thing", + "privilege": "GetManagedThingMetaData", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "WorkerFleetResource*" + "resource_type": "managed-thing*" } ] }, { "access_level": "Read", - "description": "Grants permission to list destinations", + "description": "Grants permission to get the device state information for a managed thing", + "privilege": "GetManagedThingState", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "managed-thing*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get information for a notification configuration", + "privilege": "GetNotificationConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get information for an ota task", + "privilege": "GetOtaTask", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ota-task*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get information for an ota task configuration", + "privilege": "GetOtaTaskConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get information for a provisioning profile", + "privilege": "GetProvisioningProfile", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "provisioning-profile*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get information for a runtime log configuration", + "privilege": "GetRuntimeLogConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get information for a version of a schema", + "privilege": "GetSchemaVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list information for account associations", + "privilege": "ListAccountAssociations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list information for cloud connectors", + "privilege": "ListCloudConnectors", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list information for connector destinations", + "privilege": "ListConnectorDestinations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list information for credential lockers", + "privilege": "ListCredentialLockers", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list information for destinations", "privilege": "ListDestinations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SiteResource*" + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list information for device discoveries", + "privilege": "ListDeviceDiscoveries", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to list sites", - "privilege": "ListSites", + "description": "Grants permission to list information for device discovered in a device discoveries", + "privilege": "ListDiscoveredDevices", "resource_types": [ { "condition_keys": [], @@ -172054,25 +177588,414 @@ }, { "access_level": "Read", - "description": "Grants permission to list worker fleets", - "privilege": "ListWorkerFleets", + "description": "Grants permission to list information for event log configurations", + "privilege": "ListEventLogConfigurations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SiteResource*" + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list information for associations between managed thing and account associations", + "privilege": "ListManagedThingAccountAssociations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to list workers", - "privilege": "ListWorkers", + "description": "Grants permission to list schemas associated with a managed thing", + "privilege": "ListManagedThingSchemas", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "managed-thing*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list information for managed things", + "privilege": "ListManagedThings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list information for notification configurations", + "privilege": "ListNotificationConfigurations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list information for ota task configurations", + "privilege": "ListOtaTaskConfigurations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list information for ota task executions", + "privilege": "ListOtaTaskExecutions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ota-task*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list information for ota tasks", + "privilege": "ListOtaTasks", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list information for provisioning profiles", + "privilege": "ListProvisioningProfiles", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list information for schemas", + "privilege": "ListSchemaVersions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list tags for the specified resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "account-association" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "credential-locker" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "managed-thing" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ota-task" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "provisioning-profile" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the default settings for an encryption configuration", + "privilege": "PutDefaultEncryptionConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a hub configuration", + "privilege": "PutHubConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a runtime log configuration", + "privilege": "PutRuntimeLogConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to register an account association to a managed thing", + "privilege": "RegisterAccountAssociation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "account-association*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "managed-thing*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to register a custom endpoint", + "privilege": "RegisterCustomEndpoint", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to reset a runtime log configuration", + "privilege": "ResetRuntimeLogConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to send a connector event", + "privilege": "SendConnectorEvent", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to send a command to a managed thing", + "privilege": "SendManagedThingCommand", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "managed-thing*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "account-association" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start a refresh of access tokens associated with an account association", + "privilege": "StartAccountAssociationRefresh", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "account-association*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start a device discovery", + "privilege": "StartDeviceDiscovery", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "account-association" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "managed-thing" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to add tags for the specified resource", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "account-association" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "credential-locker" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "managed-thing" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ota-task" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "provisioning-profile" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to remove tags for the specified resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "account-association" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "credential-locker" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "managed-thing" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ota-task" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "provisioning-profile" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update an account association", + "privilege": "UpdateAccountAssociation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SiteResource*" + "resource_type": "account-association*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a cloud connector", + "privilege": "UpdateCloudConnector", + "resource_types": [ + { + "condition_keys": [ + "iotmanagedintegrations:cloudConnectorId" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a connector destination", + "privilege": "UpdateConnectorDestination", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -172084,78 +178007,102 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "DestinationResource*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a site", - "privilege": "UpdateSite", + "description": "Grants permission to update an event log configuration", + "privilege": "UpdateEventLogConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SiteResource*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a worker", - "privilege": "UpdateWorker", + "description": "Grants permission to update a managed thing", + "privilege": "UpdateManagedThing", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "managed-thing*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "credential-locker" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a notification configuration", + "privilege": "UpdateNotificationConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "WorkerResource*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a worker fleet", - "privilege": "UpdateWorkerFleet", + "description": "Grants permission to update an ota task", + "privilege": "UpdateOtaTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "WorkerFleetResource*" + "resource_type": "ota-task*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:iotroborunner:${Region}:${Account}:site/${SiteId}/destination/${DestinationId}", + "arn": "arn:${Partition}:iotmanagedintegrations:${Region}:${Account}:account-association/${AccountAssociationId}", "condition_keys": [ - "iotroborunner:DestinationResourceId" + "aws:ResourceTag/${TagKey}" ], - "resource": "DestinationResource" + "resource": "account-association" }, { - "arn": "arn:${Partition}:iotroborunner:${Region}:${Account}:site/${SiteId}", + "arn": "arn:${Partition}:iotmanagedintegrations:${Region}:${Account}:credential-locker/${Identifier}", "condition_keys": [ - "iotroborunner:SiteResourceId" + "aws:ResourceTag/${TagKey}" ], - "resource": "SiteResource" + "resource": "credential-locker" }, { - "arn": "arn:${Partition}:iotroborunner:${Region}:${Account}:site/${SiteId}/worker-fleet/${WorkerFleetId}", + "arn": "arn:${Partition}:iotmanagedintegrations:${Region}:${Account}:managed-thing/${Identifier}", "condition_keys": [ - "iotroborunner:WorkerFleetResourceId" + "aws:ResourceTag/${TagKey}" ], - "resource": "WorkerFleetResource" + "resource": "managed-thing" }, { - "arn": "arn:${Partition}:iotroborunner:${Region}:${Account}:site/${SiteId}/worker-fleet/${WorkerFleetId}/worker/${WorkerId}", + "arn": "arn:${Partition}:iotmanagedintegrations:${Region}:${Account}:ota-task/${Identifier}", "condition_keys": [ - "iotroborunner:WorkerResourceId" + "aws:ResourceTag/${TagKey}" + ], + "resource": "ota-task" + }, + { + "arn": "arn:${Partition}:iotmanagedintegrations:${Region}:${Account}:provisioning-profile/${Identifier}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" ], - "resource": "WorkerResource" + "resource": "provisioning-profile" } ], - "service_name": "AWS IoT RoboRunner" + "service_name": "AWS IoT Managed Integrations" }, { "conditions": [ @@ -172432,6 +178379,31 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a computation model", + "privilege": "CreateComputationModel", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "asset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "asset-model" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a dashboard in a project", @@ -172568,6 +178540,30 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a relationship between asset model and interface", + "privilege": "DeleteAssetModelInterfaceRelationship", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "asset-model*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a computation model", + "privilege": "DeleteComputationModel", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "computation-model*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a dashboard", @@ -172668,6 +178664,11 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "asset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "computation-model" } ] }, @@ -172719,6 +178720,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to describe a relationship between asset model and interface", + "privilege": "DescribeAssetModelInterfaceRelationship", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "asset-model*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe an asset property", @@ -172743,6 +178756,35 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to describe a computation model", + "privilege": "DescribeComputationModel", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "computation-model*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe computation model execution summary", + "privilege": "DescribeComputationModelExecutionSummary", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "computation-model*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "asset" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe a dashboard", @@ -172779,6 +178821,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to describe an execution", + "privilege": "DescribeExecution", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe a gateway", @@ -172926,6 +178980,11 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "asset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "computation-model" } ] }, @@ -173047,6 +179106,11 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "asset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "computation-model" } ] }, @@ -173158,6 +179222,47 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list computation model data binding usages", + "privilege": "ListComputationModelDataBindingUsages", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "asset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "asset-model" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list computation model resolve to resources", + "privilege": "ListComputationModelResolveToResources", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "computation-model*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all computation models", + "privilege": "ListComputationModels", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list all dashboards in a project", @@ -173182,6 +179287,23 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list executions", + "privilege": "ListExecutions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "asset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "computation-model" + } + ] + }, { "access_level": "List", "description": "Grants permission to list all gateways", @@ -173194,6 +179316,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list all asset models that are enforced by an interface", + "privilege": "ListInterfaceRelationships", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "asset-model*" + } + ] + }, { "access_level": "List", "description": "Grants permission to list all portals", @@ -173250,6 +179384,11 @@ "dependent_actions": [], "resource_type": "asset-model" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "computation-model" + }, { "condition_keys": [], "dependent_actions": [], @@ -173301,6 +179440,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a relationship between asset model and interface", + "privilege": "PutAssetModelInterfaceRelationship", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "asset-model*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to set the default encryption configuration for the AWS account", @@ -173357,6 +179508,11 @@ "dependent_actions": [], "resource_type": "asset-model" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "computation-model" + }, { "condition_keys": [], "dependent_actions": [], @@ -173417,6 +179573,11 @@ "dependent_actions": [], "resource_type": "asset-model" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "computation-model" + }, { "condition_keys": [], "dependent_actions": [], @@ -173528,6 +179689,28 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update a computation model", + "privilege": "UpdateComputationModel", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "computation-model*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "asset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "asset-model" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update a dashboard", @@ -173664,6 +179847,13 @@ "aws:ResourceTag/${TagKey}" ], "resource": "dataset" + }, + { + "arn": "arn:${Partition}:iotsitewise:${Region}:${Account}:computation-model/${ComputationModelId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "computation-model" } ], "service_name": "AWS IoT SiteWise" @@ -177914,6 +184104,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to get summary information about participant replicas", + "privilege": "ListParticipantReplicas", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Stage*" + } + ] + }, { "access_level": "List", "description": "Grants permission to list participants for a specified stage ARN and session", @@ -178168,6 +184370,26 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to start a new participant replication", + "privilege": "StartParticipantReplication", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Stage*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to start the process of revoking the viewer session associated with a specified channel ARN and viewer ID", @@ -178192,6 +184414,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to stop the participant replication for the specified ARN", + "privilege": "StopParticipantReplication", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Stage*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to disconnect a streamer on a specified channel", @@ -181619,13 +187853,28 @@ "condition": "aws:TagKeys", "description": "Filters access by the presence of tag keys in the request", "type": "ArrayOfString" + }, + { + "condition": "kinesis:FisActionId", + "description": "Filters access by the ID of an AWS FIS action", + "type": "String" + }, + { + "condition": "kinesis:FisInjectPercentage", + "description": "Filters access by the percentage of calls being affected by an AWS FIS action", + "type": "Numeric" + }, + { + "condition": "kinesis:FisTargetArns", + "description": "Filters access by the ARN of an AWS FIS target", + "type": "ArrayOfARN" } ], "prefix": "kinesis", "privileges": [ { "access_level": "Tagging", - "description": "Grants permission to add or update tags for the specified Amazon Kinesis stream. Each stream can have up to 10 tags", + "description": "Grants permission to add or update tags for the specified Amazon Kinesis stream. Each stream can have up to 50 tags", "privilege": "AddTagsToStream", "resource_types": [ { @@ -181675,7 +187924,9 @@ "privilege": "DeleteResourcePolicy", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "consumer*" }, @@ -181708,12 +187959,26 @@ "privilege": "DeregisterStreamConsumer", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "consumer*" } ] }, + { + "access_level": "Read", + "description": "Grants permission to describe the account-level settings for Amazon Kinesis Data Streams", + "privilege": "DescribeAccountSettings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe the shard limits and usage for the account", @@ -181746,7 +188011,9 @@ "privilege": "DescribeStreamConsumer", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "consumer*" } @@ -181810,7 +188077,9 @@ "privilege": "GetResourcePolicy", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "consumer*" }, @@ -181851,6 +188120,22 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to temporarily inject errors for target API requests", + "privilege": "InjectApiError", + "resource_types": [ + { + "condition_keys": [ + "kinesis:FisActionId", + "kinesis:FisTargetArns", + "kinesis:FisInjectPercentage" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list the shards in a stream and provides information about each shard", @@ -181891,6 +188176,27 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to list the tags for the specified Amazon Kinesis resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "consumer*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "stream*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to list the tags for the specified Amazon Kinesis stream", @@ -181953,7 +188259,9 @@ "privilege": "PutResourcePolicy", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "consumer*" }, @@ -181973,6 +188281,8 @@ "resource_types": [ { "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], @@ -182053,12 +188363,88 @@ "privilege": "SubscribeToShard", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "consumer*" } ] }, + { + "access_level": "Tagging", + "description": "Grants permission to add or update tags for the specified Amazon Kinesis resource. Each resource can have up to 50 tags", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "consumer*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "stream*" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to remove tags from the specified Kinesis data resource. Removed tags are deleted and cannot be recovered after this operation successfully completes", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [ + "aws:TagKeys", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "consumer*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "stream*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the account-level settings for Amazon Kinesis Data Streams", + "privilege": "UpdateAccountSettings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the maximum record size for a Kinesis data stream", + "privilege": "UpdateMaxRecordSize", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "stream*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update the shard count of the specified stream to the specified number of shards", @@ -182082,6 +188468,20 @@ "resource_type": "" } ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the warm throughput for a Kinesis on-demand data stream", + "privilege": "UpdateStreamWarmThroughput", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "stream*" + } + ] } ], "resources": [ @@ -182094,7 +188494,9 @@ }, { "arn": "arn:${Partition}:kinesis:${Region}:${Account}:${StreamType}/${StreamName}/consumer/${ConsumerName}:${ConsumerCreationTimpstamp}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "consumer" }, { @@ -183574,14 +189976,134 @@ "description": "Filters access to the API operations based on the image hash in the attestation document in the request", "type": "String" }, + { + "condition": "kms:RecipientAttestation:NitroTPMPCR0", + "description": "Filters access by the platform configuration register (PCR) 0 in the attestation document in the request. PCR0 is a contiguous measure of core system firmware executable code", + "type": "String" + }, + { + "condition": "kms:RecipientAttestation:NitroTPMPCR1", + "description": "Filters access by the platform configuration register (PCR) 1 in the attestation document in the request. PCR1 is a contiguous measure of core system firmware data/host platform configuration, typically including serial and model numbers", + "type": "String" + }, + { + "condition": "kms:RecipientAttestation:NitroTPMPCR10", + "description": "Filters access by the platform configuration register (PCR) 10 in the attestation document in the request. PCR10 is a contiguous measure of protection of the IMA measurement log", + "type": "String" + }, + { + "condition": "kms:RecipientAttestation:NitroTPMPCR11", + "description": "Filters access by the platform configuration register (PCR) 11 in the attestation document in the request. PCR11 is a contiguous measure of all components of unified kernel images (UKIs)", + "type": "String" + }, + { + "condition": "kms:RecipientAttestation:NitroTPMPCR12", + "description": "Filters access by the platform configuration register (PCR) 12 in the attestation document in the request. PCR12 is a contiguous measure of kernel command line, system credentials and system configuration images", + "type": "String" + }, + { + "condition": "kms:RecipientAttestation:NitroTPMPCR13", + "description": "Filters access by the platform configuration register (PCR) 13 in the attestation document in the request. PCR13 is a contiguous measure of all system extension images for the initrd", + "type": "String" + }, + { + "condition": "kms:RecipientAttestation:NitroTPMPCR14", + "description": "Filters access by the platform configuration register (PCR) 14 in the attestation document in the request. PCR14 is a contiguous measure of \"MOK\" certificates and hashes", + "type": "String" + }, + { + "condition": "kms:RecipientAttestation:NitroTPMPCR15", + "description": "Filters access by the platform configuration register (PCR) 15 in the attestation document in the request. PCR15 is a contiguous measure of root file system volume encryption key", + "type": "String" + }, + { + "condition": "kms:RecipientAttestation:NitroTPMPCR16", + "description": "Filters access by the platform configuration register (PCR) 16 in the attestation document in the request. PCR16 is a custom PCR that can be defined by the user for specific use cases", + "type": "String" + }, + { + "condition": "kms:RecipientAttestation:NitroTPMPCR17", + "description": "Filters access by the platform configuration register (PCR) 17 in the attestation document in the request. PCR17 is a custom PCR that can be defined by the user for specific use cases", + "type": "String" + }, + { + "condition": "kms:RecipientAttestation:NitroTPMPCR18", + "description": "Filters access by the platform configuration register (PCR) 18 in the attestation document in the request. PCR18 is a custom PCR that can be defined by the user for specific use cases", + "type": "String" + }, + { + "condition": "kms:RecipientAttestation:NitroTPMPCR19", + "description": "Filters access by the platform configuration register (PCR) 19 in the attestation document in the request. PCR19 is a custom PCR that can be defined by the user for specific use cases", + "type": "String" + }, + { + "condition": "kms:RecipientAttestation:NitroTPMPCR2", + "description": "Filters access by the platform configuration register (PCR) 2 in the attestation document in the request. PCR2 is a contiguous measure of extended or pluggable executable code, including option ROMs on pluggable hardware", + "type": "String" + }, + { + "condition": "kms:RecipientAttestation:NitroTPMPCR20", + "description": "Filters access by the platform configuration register (PCR) 20 in the attestation document in the request. PCR20 is a custom PCR that can be defined by the user for specific use cases", + "type": "String" + }, + { + "condition": "kms:RecipientAttestation:NitroTPMPCR21", + "description": "Filters access by the platform configuration register (PCR) 21 in the attestation document in the request. PCR21 is a custom PCR that can be defined by the user for specific use cases", + "type": "String" + }, + { + "condition": "kms:RecipientAttestation:NitroTPMPCR22", + "description": "Filters access by the platform configuration register (PCR) 22 in the attestation document in the request. PCR22 is a custom PCR that can be defined by the user for specific use cases", + "type": "String" + }, + { + "condition": "kms:RecipientAttestation:NitroTPMPCR23", + "description": "Filters access by the platform configuration register (PCR) 23 in the attestation document in the request. PCR23 is a custom PCR that can be defined by the user for specific use cases", + "type": "String" + }, + { + "condition": "kms:RecipientAttestation:NitroTPMPCR3", + "description": "Filters access by the platform configuration register (PCR) 3 in the attestation document in the request. PCR3 is a contiguous measure of extended or pluggable firmware data, including information about pluggable hardware", + "type": "String" + }, + { + "condition": "kms:RecipientAttestation:NitroTPMPCR4", + "description": "Filters access by the platform configuration register (PCR) 4 in the attestation document in the request. PCR4 is a contiguous measure of boot loader and additional drivers, including binaries and extensions loaded by the boot loader", + "type": "String" + }, + { + "condition": "kms:RecipientAttestation:NitroTPMPCR5", + "description": "Filters access by the platform configuration register (PCR) 5 in the attestation document in the request. PCR5 is a contiguous measure of GPT/Partition table", + "type": "String" + }, + { + "condition": "kms:RecipientAttestation:NitroTPMPCR6", + "description": "Filters access by the platform configuration register (PCR) 6 in the attestation document in the request. PCR6 is a custom PCR that can be defined by the user for specific use cases", + "type": "String" + }, + { + "condition": "kms:RecipientAttestation:NitroTPMPCR7", + "description": "Filters access by the platform configuration register (PCR) 7 in the attestation document in the request. PCR7 is a contiguous measure of SecureBoot state", + "type": "String" + }, + { + "condition": "kms:RecipientAttestation:NitroTPMPCR8", + "description": "Filters access by the platform configuration register (PCR) 8 in the attestation document in the request. PCR8 is a contiguous measure of commands and kernel command line", + "type": "String" + }, + { + "condition": "kms:RecipientAttestation:NitroTPMPCR9", + "description": "Filters access by the platform configuration register (PCR) 9 in the attestation document in the request. PCR9 is a contiguous measure of all files read (including kernel image)", + "type": "String" + }, { "condition": "kms:RecipientAttestation:PCR0", - "description": "Filters access by the platform configuration register (PCR) 0 in the attestation document. PCR0 is a contiguous measure of the contents of the enclave image file, without the section data", + "description": "Filters access by the platform configuration register (PCR) 0 in the attestation document in the request. PCR0 is a contiguous measure of the contents of the enclave image file, without the section data", "type": "String" }, { "condition": "kms:RecipientAttestation:PCR1", - "description": "Filters access by the platform configuration register (PCR) 1 in the attestation document. PCR1 is a contiguous measurement of the Linux kernel and bootstrap data", + "description": "Filters access by the platform configuration register (PCR) 1 in the attestation document in the request. PCR1 is a contiguous measurement of the Linux kernel and bootstrap data", "type": "String" }, { @@ -183636,7 +190158,7 @@ }, { "condition": "kms:RecipientAttestation:PCR2", - "description": "Filters access by the platform configuration register (PCR) 2 in the attestation document. PCR2 is a contiguous, in-order measurement of the user applications, without the boot ramfs", + "description": "Filters access by the platform configuration register (PCR) 2 in the attestation document in the request. PCR2 is a contiguous, in-order measurement of the user applications, without the boot ramfs", "type": "String" }, { @@ -183691,7 +190213,7 @@ }, { "condition": "kms:RecipientAttestation:PCR3", - "description": "Filters access by the platform configuration register (PCR) 3 in the attestation document. PCR3 is a contiguous measurement of the IAM role assigned to the parent instance", + "description": "Filters access by the platform configuration register (PCR) 3 in the attestation document in the request. PCR3 is a contiguous measurement of the IAM role assigned to the parent instance", "type": "String" }, { @@ -183706,7 +190228,7 @@ }, { "condition": "kms:RecipientAttestation:PCR4", - "description": "Filters access by the platform configuration register (PCR) 4 in the attestation document. PCR4 is a contiguous measurement of the ID of the parent instance", + "description": "Filters access by the platform configuration register (PCR) 4 in the attestation document in the request. PCR4 is a contiguous measurement of the ID of the parent instance", "type": "String" }, { @@ -183721,12 +190243,12 @@ }, { "condition": "kms:RecipientAttestation:PCR7", - "description": "Filters access by platform configuration register (PCR) 7 in the attestation document in the request. PCR7 is a custom PCR that can be defined by the user for specific use cases", + "description": "Filters access by the platform configuration register (PCR) 7 in the attestation document in the request. PCR7 is a custom PCR that can be defined by the user for specific use cases", "type": "String" }, { "condition": "kms:RecipientAttestation:PCR8", - "description": "Filters access by the platform configuration register (PCR) 8 in the attestation document. PCR8 is a measure of the signing certificate specified for the enclave image file", + "description": "Filters access by the platform configuration register (PCR) 8 in the attestation document in the request. PCR8 is a measure of the signing certificate specified for the enclave image file", "type": "String" }, { @@ -183862,6 +190384,7 @@ ], "dependent_actions": [ "cloudhsm:DescribeClusters", + "ec2:DescribeVpcEndpointServices", "iam:CreateServiceLinkedRole" ], "resource_type": "" @@ -183940,6 +190463,30 @@ "kms:EncryptionContext:${EncryptionContextKey}", "kms:EncryptionContextKeys", "kms:RecipientAttestation:ImageSha384", + "kms:RecipientAttestation:NitroTPMPCR0", + "kms:RecipientAttestation:NitroTPMPCR1", + "kms:RecipientAttestation:NitroTPMPCR2", + "kms:RecipientAttestation:NitroTPMPCR3", + "kms:RecipientAttestation:NitroTPMPCR4", + "kms:RecipientAttestation:NitroTPMPCR5", + "kms:RecipientAttestation:NitroTPMPCR6", + "kms:RecipientAttestation:NitroTPMPCR7", + "kms:RecipientAttestation:NitroTPMPCR8", + "kms:RecipientAttestation:NitroTPMPCR9", + "kms:RecipientAttestation:NitroTPMPCR10", + "kms:RecipientAttestation:NitroTPMPCR11", + "kms:RecipientAttestation:NitroTPMPCR12", + "kms:RecipientAttestation:NitroTPMPCR13", + "kms:RecipientAttestation:NitroTPMPCR14", + "kms:RecipientAttestation:NitroTPMPCR15", + "kms:RecipientAttestation:NitroTPMPCR16", + "kms:RecipientAttestation:NitroTPMPCR17", + "kms:RecipientAttestation:NitroTPMPCR18", + "kms:RecipientAttestation:NitroTPMPCR19", + "kms:RecipientAttestation:NitroTPMPCR20", + "kms:RecipientAttestation:NitroTPMPCR21", + "kms:RecipientAttestation:NitroTPMPCR22", + "kms:RecipientAttestation:NitroTPMPCR23", "kms:RecipientAttestation:PCR0", "kms:RecipientAttestation:PCR1", "kms:RecipientAttestation:PCR2", @@ -184054,6 +190601,30 @@ "kms:CallerAccount", "kms:KeyAgreementAlgorithm", "kms:RecipientAttestation:ImageSha384", + "kms:RecipientAttestation:NitroTPMPCR0", + "kms:RecipientAttestation:NitroTPMPCR1", + "kms:RecipientAttestation:NitroTPMPCR2", + "kms:RecipientAttestation:NitroTPMPCR3", + "kms:RecipientAttestation:NitroTPMPCR4", + "kms:RecipientAttestation:NitroTPMPCR5", + "kms:RecipientAttestation:NitroTPMPCR6", + "kms:RecipientAttestation:NitroTPMPCR7", + "kms:RecipientAttestation:NitroTPMPCR8", + "kms:RecipientAttestation:NitroTPMPCR9", + "kms:RecipientAttestation:NitroTPMPCR10", + "kms:RecipientAttestation:NitroTPMPCR11", + "kms:RecipientAttestation:NitroTPMPCR12", + "kms:RecipientAttestation:NitroTPMPCR13", + "kms:RecipientAttestation:NitroTPMPCR14", + "kms:RecipientAttestation:NitroTPMPCR15", + "kms:RecipientAttestation:NitroTPMPCR16", + "kms:RecipientAttestation:NitroTPMPCR17", + "kms:RecipientAttestation:NitroTPMPCR18", + "kms:RecipientAttestation:NitroTPMPCR19", + "kms:RecipientAttestation:NitroTPMPCR20", + "kms:RecipientAttestation:NitroTPMPCR21", + "kms:RecipientAttestation:NitroTPMPCR22", + "kms:RecipientAttestation:NitroTPMPCR23", "kms:RecipientAttestation:PCR0", "kms:RecipientAttestation:PCR1", "kms:RecipientAttestation:PCR2", @@ -184265,6 +190836,30 @@ "kms:EncryptionContext:${EncryptionContextKey}", "kms:EncryptionContextKeys", "kms:RecipientAttestation:ImageSha384", + "kms:RecipientAttestation:NitroTPMPCR0", + "kms:RecipientAttestation:NitroTPMPCR1", + "kms:RecipientAttestation:NitroTPMPCR2", + "kms:RecipientAttestation:NitroTPMPCR3", + "kms:RecipientAttestation:NitroTPMPCR4", + "kms:RecipientAttestation:NitroTPMPCR5", + "kms:RecipientAttestation:NitroTPMPCR6", + "kms:RecipientAttestation:NitroTPMPCR7", + "kms:RecipientAttestation:NitroTPMPCR8", + "kms:RecipientAttestation:NitroTPMPCR9", + "kms:RecipientAttestation:NitroTPMPCR10", + "kms:RecipientAttestation:NitroTPMPCR11", + "kms:RecipientAttestation:NitroTPMPCR12", + "kms:RecipientAttestation:NitroTPMPCR13", + "kms:RecipientAttestation:NitroTPMPCR14", + "kms:RecipientAttestation:NitroTPMPCR15", + "kms:RecipientAttestation:NitroTPMPCR16", + "kms:RecipientAttestation:NitroTPMPCR17", + "kms:RecipientAttestation:NitroTPMPCR18", + "kms:RecipientAttestation:NitroTPMPCR19", + "kms:RecipientAttestation:NitroTPMPCR20", + "kms:RecipientAttestation:NitroTPMPCR21", + "kms:RecipientAttestation:NitroTPMPCR22", + "kms:RecipientAttestation:NitroTPMPCR23", "kms:RecipientAttestation:PCR0", "kms:RecipientAttestation:PCR1", "kms:RecipientAttestation:PCR2", @@ -184323,6 +190918,30 @@ "kms:EncryptionContext:${EncryptionContextKey}", "kms:EncryptionContextKeys", "kms:RecipientAttestation:ImageSha384", + "kms:RecipientAttestation:NitroTPMPCR0", + "kms:RecipientAttestation:NitroTPMPCR1", + "kms:RecipientAttestation:NitroTPMPCR2", + "kms:RecipientAttestation:NitroTPMPCR3", + "kms:RecipientAttestation:NitroTPMPCR4", + "kms:RecipientAttestation:NitroTPMPCR5", + "kms:RecipientAttestation:NitroTPMPCR6", + "kms:RecipientAttestation:NitroTPMPCR7", + "kms:RecipientAttestation:NitroTPMPCR8", + "kms:RecipientAttestation:NitroTPMPCR9", + "kms:RecipientAttestation:NitroTPMPCR10", + "kms:RecipientAttestation:NitroTPMPCR11", + "kms:RecipientAttestation:NitroTPMPCR12", + "kms:RecipientAttestation:NitroTPMPCR13", + "kms:RecipientAttestation:NitroTPMPCR14", + "kms:RecipientAttestation:NitroTPMPCR15", + "kms:RecipientAttestation:NitroTPMPCR16", + "kms:RecipientAttestation:NitroTPMPCR17", + "kms:RecipientAttestation:NitroTPMPCR18", + "kms:RecipientAttestation:NitroTPMPCR19", + "kms:RecipientAttestation:NitroTPMPCR20", + "kms:RecipientAttestation:NitroTPMPCR21", + "kms:RecipientAttestation:NitroTPMPCR22", + "kms:RecipientAttestation:NitroTPMPCR23", "kms:RecipientAttestation:PCR0", "kms:RecipientAttestation:PCR1", "kms:RecipientAttestation:PCR2", @@ -184442,6 +191061,30 @@ { "condition_keys": [ "kms:RecipientAttestation:ImageSha384", + "kms:RecipientAttestation:NitroTPMPCR0", + "kms:RecipientAttestation:NitroTPMPCR1", + "kms:RecipientAttestation:NitroTPMPCR2", + "kms:RecipientAttestation:NitroTPMPCR3", + "kms:RecipientAttestation:NitroTPMPCR4", + "kms:RecipientAttestation:NitroTPMPCR5", + "kms:RecipientAttestation:NitroTPMPCR6", + "kms:RecipientAttestation:NitroTPMPCR7", + "kms:RecipientAttestation:NitroTPMPCR8", + "kms:RecipientAttestation:NitroTPMPCR9", + "kms:RecipientAttestation:NitroTPMPCR10", + "kms:RecipientAttestation:NitroTPMPCR11", + "kms:RecipientAttestation:NitroTPMPCR12", + "kms:RecipientAttestation:NitroTPMPCR13", + "kms:RecipientAttestation:NitroTPMPCR14", + "kms:RecipientAttestation:NitroTPMPCR15", + "kms:RecipientAttestation:NitroTPMPCR16", + "kms:RecipientAttestation:NitroTPMPCR17", + "kms:RecipientAttestation:NitroTPMPCR18", + "kms:RecipientAttestation:NitroTPMPCR19", + "kms:RecipientAttestation:NitroTPMPCR20", + "kms:RecipientAttestation:NitroTPMPCR21", + "kms:RecipientAttestation:NitroTPMPCR22", + "kms:RecipientAttestation:NitroTPMPCR23", "kms:RecipientAttestation:PCR0", "kms:RecipientAttestation:PCR1", "kms:RecipientAttestation:PCR2", @@ -184640,7 +191283,7 @@ }, { "access_level": "List", - "description": "Controls permission to view the list of completed key rotations for an AWS KMS key", + "description": "Controls permission to view the list of key materials for an AWS KMS key", "privilege": "ListKeyRotations", "resource_types": [ { @@ -184996,7 +191639,9 @@ "condition_keys": [ "kms:CallerAccount" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:DescribeVpcEndpointServices" + ], "resource_type": "" } ] @@ -185671,6 +192316,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to register a new location to be managed by Lake Formation, with privileged access", + "privilege": "RegisterResourceWithPrivilegedAccess", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Tagging", "description": "Grants permission to remove lakeformation tags from catalog resources", @@ -185868,6 +192525,11 @@ "description": "Filters access by authorization type specified in request. Available during CreateFunctionUrlConfig, UpdateFunctionUrlConfig, DeleteFunctionUrlConfig, GetFunctionUrlConfig, ListFunctionUrlConfig, AddPermission and RemovePermission operations", "type": "String" }, + { + "condition": "lambda:InvokedViaFunctionUrl", + "description": "Limits the scope of lambda:InvokeFunction action to Function URLs only. Available during AddPermission operation", + "type": "Bool" + }, { "condition": "lambda:Layer", "description": "Filters access by the ARN of a version of an AWS Lambda layer", @@ -185926,7 +192588,8 @@ { "condition_keys": [ "lambda:Principal", - "lambda:FunctionUrlAuthType" + "lambda:FunctionUrlAuthType", + "lambda:InvokedViaFunctionUrl" ], "dependent_actions": [], "resource_type": "" @@ -188436,6 +195099,23 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a new resource policy statement for a Lex resource", + "privilege": "CreateResourcePolicyStatement", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot alias" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a new slot in an intent", @@ -188660,6 +195340,23 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete an existing resource policy statement for a Lex resource", + "privilege": "DeleteResourcePolicyStatement", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot alias" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete session information for a bot alias and user ID", @@ -189792,6 +196489,11 @@ "description": "Filters access by the tags that are passed in the request", "type": "String" }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" + }, { "condition": "aws:TagKeys", "description": "Filters access by tag keys that are passed in the request", @@ -189862,6 +196564,14 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "license*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -189883,7 +196593,10 @@ "privilege": "CreateLicense", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -190299,7 +197012,22 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "license-configuration*" + "resource_type": "grant" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "license" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "license-configuration" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "report-generator" } ] }, @@ -190347,12 +197075,27 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "license-configuration*" + "resource_type": "grant" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "license" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "license-configuration" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "report-generator" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -190367,7 +197110,29 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "license-configuration*" + "resource_type": "grant" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "license" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "license-configuration" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "report-generator" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -190424,23 +197189,29 @@ { "arn": "arn:${Partition}:license-manager:${Region}:${Account}:license-configuration:${LicenseConfigurationId}", "condition_keys": [ + "aws:ResourceTag/${TagKey}", "license-manager:ResourceTag/${TagKey}" ], "resource": "license-configuration" }, { "arn": "arn:${Partition}:license-manager::${Account}:license:${LicenseId}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "license" }, { "arn": "arn:${Partition}:license-manager::${Account}:grant:${GrantId}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "grant" }, { "arn": "arn:${Partition}:license-manager:${Region}:${Account}:report-generator:${ReportGeneratorId}", "condition_keys": [ + "aws:ResourceTag/${TagKey}", "license-manager:ResourceTag/${TagKey}" ], "resource": "report-generator" @@ -194175,6 +200946,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to return all the log groups that are associated with the AWS account making the request", + "privilege": "ListLogGroups", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to retrieve all the log groups that are associated with entity", @@ -196540,6 +203323,20 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a data set export task", + "privilege": "CreateDataSetExportTask", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "s3:GetObject" + ], + "resource_type": "Application*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a data set import task", @@ -196697,6 +203494,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to export a data set at the specified S3 location", + "privilege": "GetDataSetExportTask", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Application*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve a data set import task", @@ -196805,6 +203614,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to list data set export history", + "privilege": "ListDataSetExportHistory", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Application*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to list data set import history", @@ -199891,7 +206712,23 @@ "service_name": "Amazon Mechanical Turk" }, { - "conditions": [], + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by tag keys that are passed in the request", + "type": "ArrayOfString" + } + ], "prefix": "mediaconnect", "privileges": [ { @@ -199924,7 +206761,10 @@ "privilege": "AddFlowMediaStreams", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } @@ -199936,7 +206776,10 @@ "privilege": "AddFlowOutputs", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } @@ -199948,7 +206791,10 @@ "privilege": "AddFlowSources", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } @@ -199960,7 +206806,10 @@ "privilege": "AddFlowVpcInterfaces", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } @@ -199974,7 +206823,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Bridge*" + "resource_type": "" } ] }, @@ -199984,7 +206833,10 @@ "privilege": "CreateFlow", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } @@ -199998,7 +206850,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Gateway*" + "resource_type": "" } ] }, @@ -200164,7 +207016,10 @@ "privilege": "GrantFlowEntitlements", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } @@ -200418,6 +207273,29 @@ { "condition_keys": [], "dependent_actions": [], + "resource_type": "Entitlement" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Flow" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Output" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Source" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] @@ -200430,6 +207308,28 @@ { "condition_keys": [], "dependent_actions": [], + "resource_type": "Entitlement" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Flow" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Output" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Source" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] @@ -200558,22 +207458,30 @@ "resources": [ { "arn": "arn:${Partition}:mediaconnect:${Region}:${Account}:entitlement:${FlowId}:${EntitlementName}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "Entitlement" }, { "arn": "arn:${Partition}:mediaconnect:${Region}:${Account}:flow:${FlowId}:${FlowName}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "Flow" }, { "arn": "arn:${Partition}:mediaconnect:${Region}:${Account}:output:${OutputId}:${OutputName}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "Output" }, { "arn": "arn:${Partition}:mediaconnect:${Region}:${Account}:source:${SourceId}:${SourceName}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "Source" }, { @@ -200719,7 +207627,8 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -200734,13 +207643,26 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" } ] }, + { + "access_level": "Write", + "description": "Grants permission to share an AWS Elemental MediaConvert job", + "privilege": "CreateResourceShare", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Job" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete an AWS Elemental MediaConvert custom job template", @@ -200926,6 +207848,11 @@ "description": "Grants permission to retrieve the tags for a MediaConvert queue, preset, or job template", "privilege": "ListTagsForResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Job" + }, { "condition_keys": [], "dependent_actions": [], @@ -200955,6 +207882,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to probe a file", + "privilege": "Probe", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to put an AWS Elemental MediaConvert policy", @@ -200984,6 +207923,11 @@ "description": "Grants permission to add tags to a MediaConvert queue, preset, or job template", "privilege": "TagResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Job" + }, { "condition_keys": [], "dependent_actions": [], @@ -201014,6 +207958,11 @@ "description": "Grants permission to remove tags from a MediaConvert queue, preset, or job template", "privilege": "UntagResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Job" + }, { "condition_keys": [], "dependent_actions": [], @@ -201560,6 +208509,26 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a SDI source", + "privilege": "CreateSdiSource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "sdi-source*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a signal map", @@ -201582,7 +208551,7 @@ }, { "access_level": "Tagging", - "description": "Grants permission to create tags for channels, inputs, input security groups, multiplexes, reservations, nodes, networks, clusters, channel placement groups, signal maps, template groups, and templates", + "description": "Grants permission to create tags for channels, inputs, input security groups, multiplexes, reservations, nodes, networks, clusters, channel placement groups, signal maps, SDI sources, template groups, and templates", "privilege": "CreateTags", "resource_types": [ { @@ -201650,6 +208619,11 @@ "dependent_actions": [], "resource_type": "reservation" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "sdi-source" + }, { "condition_keys": [], "dependent_actions": [], @@ -201845,6 +208819,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a SDI source", + "privilege": "DeleteSdiSource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "sdi-source*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a signal map", @@ -201859,7 +208845,7 @@ }, { "access_level": "Tagging", - "description": "Grants permission to delete tags from channels, inputs, input security groups, multiplexes, reservations, nodes, clusters, networks, channel placement groups, signal maps, template groups, and templates", + "description": "Grants permission to delete tags from channels, inputs, input security groups, multiplexes, reservations, nodes, clusters, networks, channel placement groups, SDI source, signal maps, template groups, and templates", "privilege": "DeleteTags", "resource_types": [ { @@ -201927,6 +208913,11 @@ "dependent_actions": [], "resource_type": "reservation" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "sdi-source" + }, { "condition_keys": [], "dependent_actions": [], @@ -202121,6 +209112,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to describe a SDI source", + "privilege": "DescribeSdiSource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "sdi-source*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to view the thumbnails for a channel", @@ -202193,6 +209196,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list channel alerts", + "privilege": "ListAlerts", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list channel placement groups", @@ -202241,6 +209256,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list cluster alerts", + "privilege": "ListClusterAlerts", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list clusters", @@ -202325,6 +209352,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list multiplex alerts", + "privilege": "ListMultiplexAlerts", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list multiplex programs", @@ -202397,6 +209436,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list SDI sources", + "privilege": "ListSdiSources", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list signal maps", @@ -202411,7 +209462,7 @@ }, { "access_level": "List", - "description": "Grants permission to list tags for channels, inputs, input security groups, multiplexes, reservations, nodes, clusters, networks, channel placement groups, signal maps, template groups, and templates", + "description": "Grants permission to list tags for channels, inputs, input security groups, multiplexes, reservations, nodes, clusters, networks, channel placement groups, SDI sources, signal maps, template groups, and templates", "privilege": "ListTagsForResource", "resource_types": [ { @@ -202479,6 +209530,11 @@ "dependent_actions": [], "resource_type": "reservation" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "sdi-source" + }, { "condition_keys": [], "dependent_actions": [], @@ -202988,6 +210044,26 @@ "resource_type": "reservation*" } ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the state of a sdi source", + "privilege": "UpdateSdiSource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "sdi-source*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] } ], "resources": [ @@ -203098,6 +210174,13 @@ "aws:ResourceTag/${TagKey}" ], "resource": "channel-placement-group" + }, + { + "arn": "arn:${Partition}:medialive:${Region}:${Account}:sdiSource:${SdiSourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "sdi-source" } ], "service_name": "AWS Elemental MediaLive" @@ -204299,6 +211382,45 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to reset a channel", + "privilege": "ResetChannelState", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Channel*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ChannelGroup*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to reset an origin endpoint", + "privilege": "ResetOriginEndpointState", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Channel*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ChannelGroup*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "OriginEndpoint*" + } + ] + }, { "access_level": "Tagging", "description": "Grants permission to add specified tags to the specified resource", @@ -205617,6 +212739,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get dicom bulkdata in binary format", + "privilege": "GetDICOMBulkdata", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "datastore*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get an import job's properties", @@ -205665,6 +212799,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve metadata for all DICOM instances belonging to a given DICOM series in DICOM JSON format", + "privilege": "GetDICOMSeriesMetadata", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "datastore*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get data store properties", @@ -205786,6 +212932,42 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to search dicom instances that returns data in DICOM JSON format", + "privilege": "SearchDICOMInstances", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "datastore*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to search dicom series that returns data in DICOM JSON format", + "privilege": "SearchDICOMSeries", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "datastore*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to search dicom studies that returns data in DICOM JSON format", + "privilege": "SearchDICOMStudies", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "datastore*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to search image sets", @@ -205810,6 +212992,30 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to store dicom instances that returns result in DICOM JSON format", + "privilege": "StoreDICOM", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "datastore*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to store a dicom study that returns result in DICOM JSON format", + "privilege": "StoreDICOMStudy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "datastore*" + } + ] + }, { "access_level": "Tagging", "description": "Grants permission to add tags to a medical imaging resource", @@ -206687,6 +213893,25 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to pause replication for a Multi-Region cluster", + "privilege": "PauseMultiRegionClusterReplication", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "multiregioncluster*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permissions to purchase a new reserved node", @@ -207856,7 +215081,10 @@ "privilege": "CreateNetworkMigrationDefinition", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -208948,7 +216176,10 @@ "privilege": "StartExport", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [ "ec2:DescribeLaunchTemplateVersions", "mgn:DescribeSourceServers", @@ -209382,6 +216613,16 @@ "dependent_actions": [], "resource_type": "ConnectorResource" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ExportResource" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ImportResource" + }, { "condition_keys": [], "dependent_actions": [], @@ -210733,296 +217974,6 @@ "resources": [], "service_name": "Amazon Mobile Analytics" }, - { - "conditions": [], - "prefix": "mobilehub", - "privileges": [ - { - "access_level": "Write", - "description": "Create a project", - "privilege": "CreateProject", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Enable AWS Mobile Hub in the account by creating the required service role", - "privilege": "CreateServiceRole", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Delete the specified project", - "privilege": "DeleteProject", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "project*" - } - ] - }, - { - "access_level": "Write", - "description": "Delete a saved snapshot of project configuration", - "privilege": "DeleteProjectSnapshot", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Deploy changes to the specified stage", - "privilege": "DeployToStage", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Describe the download bundle", - "privilege": "DescribeBundle", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Export the download bundle", - "privilege": "ExportBundle", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Export the project configuration", - "privilege": "ExportProject", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "project*" - } - ] - }, - { - "access_level": "Read", - "description": "Generate project parameters required for code generation", - "privilege": "GenerateProjectParameters", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "project*" - } - ] - }, - { - "access_level": "Read", - "description": "Get project configuration and resources", - "privilege": "GetProject", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "project*" - } - ] - }, - { - "access_level": "Read", - "description": "Fetch the previously exported project configuration snapshot", - "privilege": "GetProjectSnapshot", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Create a new project from the previously exported project configuration", - "privilege": "ImportProject", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Install a bundle in the project deployments S3 bucket", - "privilege": "InstallBundle", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "List the available SaaS (Software as a Service) connectors", - "privilege": "ListAvailableConnectors", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "List available features", - "privilege": "ListAvailableFeatures", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "List available regions for projects", - "privilege": "ListAvailableRegions", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "List the available download bundles", - "privilege": "ListBundles", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "List saved snapshots of project configuration", - "privilege": "ListProjectSnapshots", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "List projects", - "privilege": "ListProjects", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Synchronize state of resources into project", - "privilege": "SynchronizeProject", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "project*" - } - ] - }, - { - "access_level": "Write", - "description": "Update project", - "privilege": "UpdateProject", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "project*" - } - ] - }, - { - "access_level": "Read", - "description": "Validate a mobile hub project.", - "privilege": "ValidateProject", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Verify AWS Mobile Hub is enabled in the account", - "privilege": "VerifyServiceRole", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:mobilehub:${Region}:${Account}:project/${ProjectId}", - "condition_keys": [], - "resource": "project" - } - ], - "service_name": "AWS Mobile Hub" - }, { "conditions": [ { @@ -213232,6 +220183,444 @@ ], "service_name": "Amazon Monitron" }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by a tag key and value pair that is allowed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by a tag key and value pair of a resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by a list of tag keys that are allowed in the request", + "type": "ArrayOfString" + }, + { + "condition": "mpa:ProtectedResourceAccount", + "description": "Filters access by the account that owns the resource that is the target of the operation that requires approval", + "type": "String" + }, + { + "condition": "mpa:RequestedOperation", + "description": "Filters access by a requested operation that requires team approval before it can be executed", + "type": "String" + } + ], + "prefix": "mpa", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to cancel an approval session", + "privilege": "CancelSession", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "session*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "mpa:RequestedOperation", + "mpa:ProtectedResourceAccount" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an approval team", + "privilege": "CreateApprovalTeam", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "approval-team*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an identity source", + "privilege": "CreateIdentitySource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "identity-source*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an identity source", + "privilege": "DeleteIdentitySource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "identity-source*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an inactive approval team", + "privilege": "DeleteInactiveApprovalTeamVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "approval-team*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to delete a resource policy", + "privilege": "DeleteResourcePolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve details for an approval team", + "privilege": "GetApprovalTeam", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "approval-team*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve details for an identity source", + "privilege": "GetIdentitySource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "identity-source*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve details for a policy", + "privilege": "GetPolicyVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve details for a specific resource", + "privilege": "GetResourcePolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve details for an approval session", + "privilege": "GetSession", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "session*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "mpa:RequestedOperation", + "mpa:ProtectedResourceAccount" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list approval teams", + "privilege": "ListApprovalTeams", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list identity sources", + "privilege": "ListIdentitySources", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list policies", + "privilege": "ListPolicies", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the versions for policies", + "privilege": "ListPolicyVersions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list policies for a resource", + "privilege": "ListResourcePolicies", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list approval sessions", + "privilege": "ListSessions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list tags for a resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to create or update policies for a resource", + "privilege": "PutResourcePolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start the deletion process for an active approval team", + "privilege": "StartActiveApprovalTeamDeletion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "approval-team*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start an approval session", + "privilege": "StartSession", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "session*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "mpa:RequestedOperation", + "mpa:ProtectedResourceAccount" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to tag a resource", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to untag a resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update approval team", + "privilege": "UpdateApprovalTeam", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "approval-team*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:mpa:${Region}:${Account}:approval-team/${ApprovalTeamId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "approval-team" + }, + { + "arn": "arn:${Partition}:mpa:${Region}:${Account}:identity-source/${IdentitySourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "identity-source" + }, + { + "arn": "arn:${Partition}:mpa:${Region}:${Account}:session/${SessionId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "session" + } + ], + "service_name": "Multi-party approval" + }, { "conditions": [ { @@ -213363,6 +220752,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a configuration", + "privilege": "DeleteConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configurations*" + } + ] + }, { "access_level": "Tagging", "description": "Grants permission to delete tags", @@ -213572,6 +220973,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update RabbitMQ broker authentication and authorization configuration", + "privilege": "UpdateBrokerAccessConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "brokers*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update the specified configuration", @@ -214713,6 +222126,28 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to start a graph", + "privilege": "StartGraph", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "kms:Decrypt", + "kms:DescribeKey" + ], + "resource_type": "graph*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to import data into an existing graph", @@ -214732,6 +222167,25 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to stop a graph", + "privilege": "StopGraph", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "graph*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Tagging", "description": "Grants permission to tag a Neptune Analytics resource", @@ -214869,6 +222323,30 @@ ], "prefix": "network-firewall", "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to accept pending Network Firewall attachments on a transit gateway", + "privilege": "AcceptNetworkFirewallTransitGatewayAttachment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Firewall*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to associate availability zones to a firewall", + "privilege": "AssociateAvailabilityZones", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Firewall*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create an association between a firewall policy and a firewall", @@ -215007,6 +222485,33 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create an AWS Network Firewall vpc endpoint association", + "privilege": "CreateVpcEndpointAssociation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iam:CreateServiceLinkedRole" + ], + "resource_type": "Firewall*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "VpcEndpointAssociation*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a firewall", @@ -215033,9 +222538,26 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a resource policy for a firewall policy or rule group", + "description": "Grants permission to delete Network Firewall attachments on a transit gateway", + "privilege": "DeleteNetworkFirewallTransitGatewayAttachment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Firewall*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a resource policy for a firewall policy or rule group or firewall", "privilege": "DeleteResourcePolicy", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Firewall" + }, { "condition_keys": [], "dependent_actions": [], @@ -215082,6 +222604,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a vpc endpoint association", + "privilege": "DeleteVpcEndpointAssociation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "VpcEndpointAssociation*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve the data objects that define a firewall", @@ -215094,6 +222628,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the high-level information about a firewall", + "privilege": "DescribeFirewallMetadata", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Firewall*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve the data objects that define a firewall policy", @@ -215121,6 +222667,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to describe a flow operation performed on a firewall", + "privilege": "DescribeFlowOperation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Firewall*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe the logging configuration of a firewall", @@ -215138,9 +222696,14 @@ }, { "access_level": "Read", - "description": "Grants permission to describe a resource policy for a firewall policy or rule group", + "description": "Grants permission to describe a resource policy for a firewall policy or rule group or firewall", "privilege": "DescribeResourcePolicy", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Firewall" + }, { "condition_keys": [], "dependent_actions": [], @@ -215192,6 +222755,23 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the summary information about a rule group", + "privilege": "DescribeRuleGroupSummary", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "StatefulRuleGroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "StatelessRuleGroup" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve the data objects that define a tls inspection configuration", @@ -215204,6 +222784,30 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the data objects that define a vpc endpoint association", + "privilege": "DescribeVpcEndpointAssociation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "VpcEndpointAssociation*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disassociate availability zones to a firewall", + "privilege": "DisassociateAvailabilityZones", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Firewall*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to disassociate VPC subnets from a firewall", @@ -215264,6 +222868,30 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to list results from a flow operation performed on a firewall", + "privilege": "ListFlowOperationResults", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Firewall*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list flow operations performed on a firewall", + "privilege": "ListFlowOperations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Firewall*" + } + ] + }, { "access_level": "List", "description": "Grants permission to retrieve the metadata for rule groups", @@ -215317,14 +222945,36 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "TLSInspectionConfiguration" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "VpcEndpointAssociation" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve the metadata for vpc endpoint associations", + "privilege": "ListVpcEndpointAssociations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "VpcEndpointAssociation*" } ] }, { "access_level": "Write", - "description": "Grants permission to put a resource policy for a firewall policy or rule group", + "description": "Grants permission to put a resource policy for a firewall policy or rule group or firewall", "privilege": "PutResourcePolicy", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Firewall" + }, { "condition_keys": [], "dependent_actions": [], @@ -215342,6 +222992,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to reject pending Network Firewall attachments on a transit gateway", + "privilege": "RejectNetworkFirewallTransitGatewayAttachment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Firewall*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to start an analysis report on a firewall", @@ -215354,6 +223016,30 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to start capture operation on a firewall", + "privilege": "StartFlowCapture", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Firewall*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start flush operation on a firewall", + "privilege": "StartFlowFlush", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Firewall*" + } + ] + }, { "access_level": "Tagging", "description": "Grants permission to attach tags to a resource", @@ -215384,6 +223070,11 @@ "dependent_actions": [], "resource_type": "TLSInspectionConfiguration" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "VpcEndpointAssociation" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -215424,6 +223115,11 @@ "dependent_actions": [], "resource_type": "TLSInspectionConfiguration" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "VpcEndpointAssociation" + }, { "condition_keys": [ "aws:TagKeys" @@ -215433,6 +223129,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to add or remove availability zone change protection for a firewall", + "privilege": "UpdateAvailabilityZoneChangeProtection", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Firewall*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to modify firewall analysis settings of a firewall", @@ -215609,10 +223317,133 @@ "aws:ResourceTag/${TagKey}" ], "resource": "TLSInspectionConfiguration" + }, + { + "arn": "arn:${Partition}:network-firewall:${Region}:${Account}:vpc-endpoint-association/${Name}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "VpcEndpointAssociation" } ], "service_name": "AWS Network Firewall" }, + { + "conditions": [], + "prefix": "network-security-director", + "privileges": [ + { + "access_level": "Read", + "description": "Grants permission to get a finding", + "privilege": "GetFinding", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the status of network security scan", + "privilege": "GetNetworkSecurityScan", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a resource", + "privilege": "GetResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list findings", + "privilege": "ListFindings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list insights about the latest network security scan", + "privilege": "ListInsights", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list remediations for a finding", + "privilege": "ListRemediations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list resources", + "privilege": "ListResources", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start a network security scan", + "privilege": "StartNetworkSecurityScan", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the status of a finding", + "privilege": "UpdateFinding", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + } + ], + "resources": [], + "service_name": "AWS Shield network security director" + }, { "conditions": [ { @@ -217978,7 +225809,7 @@ "resource": "probe" } ], - "service_name": "Amazon CloudWatch Network Monitor" + "service_name": "Amazon CloudWatch Network Synthetic Monitor" }, { "conditions": [ @@ -219050,6 +226881,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to associate an Organizational Unit to a particular Notification Configuration", + "privilege": "AssociateOrganizationalUnit", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "NotificationConfiguration*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a new EventRule, associating it with a NotificationConfiguration", @@ -219114,7 +226957,7 @@ ] }, { - "access_level": "Write", + "access_level": "Permissions management", "description": "Grants permission to disable Service Trust for AWS User Notifications", "privilege": "DisableNotificationsAccessForOrganization", "resource_types": [ @@ -219165,6 +227008,18 @@ }, { "access_level": "Write", + "description": "Grants permission to disassociate an Organizational Unit to a particular Notification Configuration", + "privilege": "DisassociateOrganizationalUnit", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "NotificationConfiguration*" + } + ] + }, + { + "access_level": "Permissions management", "description": "Grants permission to enable Service Trust for AWS User Notifications", "privilege": "EnableNotificationsAccessForOrganization", "resource_types": [ @@ -219346,6 +227201,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list Member Accounts for a Notification Configuration", + "privilege": "ListMemberAccounts", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "NotificationConfiguration*" + } + ] + }, { "access_level": "List", "description": "Grants permission to list NotificationConfigurations", @@ -219382,6 +227249,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list Organizational Units for a Notification Configuration", + "privilege": "ListOrganizationalUnits", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "NotificationConfiguration*" + } + ] + }, { "access_level": "List", "description": "Grants permission to get tags for a resource", @@ -220004,97 +227883,155 @@ "service_name": "Amazon CloudWatch Observability Access Manager" }, { - "conditions": [], + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + }, + { + "condition": "observabilityadmin:CentralizationBackupRegion", + "description": "Filters access by the backup region that is passed in the request", + "type": "String" + }, + { + "condition": "observabilityadmin:CentralizationDestinationRegion", + "description": "Filters access by the destination region that is passed in the request", + "type": "String" + }, + { + "condition": "observabilityadmin:CentralizationSourceRegions", + "description": "Filters access by the source regions that are passed in the request", + "type": "ArrayOfString" + } + ], "prefix": "observabilityadmin", "privileges": [ { - "access_level": "Read", - "description": "Grants permission to retrieve the Telemetry Config feature status for the account", - "privilege": "GetTelemetryEvaluationStatus", + "access_level": "Write", + "description": "Grants permission to create a new organization centralization rule with the specified name for the organization", + "privilege": "CreateCentralizationRuleForOrganization", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "organization-centralization-rule*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}", + "observabilityadmin:CentralizationSourceRegions", + "observabilityadmin:CentralizationDestinationRegion", + "observabilityadmin:CentralizationBackupRegion" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the Telemetry Config feature status for the organization", - "privilege": "GetTelemetryEvaluationStatusForOrganization", + "access_level": "Write", + "description": "Grants permission to create a new telemetry rule with the specified name for the account", + "privilege": "CreateTelemetryRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "telemetry-rule*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve telemetry configurations for resources associated with the account", - "privilege": "ListResourceTelemetry", + "access_level": "Write", + "description": "Grants permission to create a new organization telemetry rule with the specified name for the organization", + "privilege": "CreateTelemetryRuleForOrganization", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "organization-telemetry-rule*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve telemetry configurations for resources associated with accounts in the organization", - "privilege": "ListResourceTelemetryForOrganization", + "access_level": "Write", + "description": "Grants permission to delete an organization centralization rule with the specified name for the organization", + "privilege": "DeleteCentralizationRuleForOrganization", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "organization-centralization-rule*" } ] }, { "access_level": "Write", - "description": "Grants permission to start the Telemetry Config feature for the account", - "privilege": "StartTelemetryEvaluation", + "description": "Grants permission to delete a telemetry rule with the specified name for the account", + "privilege": "DeleteTelemetryRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "telemetry-rule*" } ] }, { "access_level": "Write", - "description": "Grants permission to start the Telemetry Config feature for the organization", - "privilege": "StartTelemetryEvaluationForOrganization", + "description": "Grants permission to delete an organization telemetry rule with the specified name for the organization", + "privilege": "DeleteTelemetryRuleForOrganization", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "organization-telemetry-rule*" } ] }, { - "access_level": "Write", - "description": "Grants permission to stop the Telemetry Config feature for the account", - "privilege": "StopTelemetryEvaluation", + "access_level": "Read", + "description": "Grants permission to retrieve the specified organization centralization rule for the organization", + "privilege": "GetCentralizationRuleForOrganization", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "organization-centralization-rule*" } ] }, { - "access_level": "Write", - "description": "Grants permission to stop the Telemetry Config feature for the organization", - "privilege": "StopTelemetryEvaluationForOrganization", + "access_level": "Read", + "description": "Grants permission to retrieve the status of the Resource tags for telemetry feature for the account", + "privilege": "GetTelemetryEnrichmentStatus", "resource_types": [ { "condition_keys": [], @@ -220102,103 +228039,129 @@ "resource_type": "" } ] - } - ], - "resources": [], - "service_name": "Amazon CloudWatch Observability Admin Service" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request", - "type": "String" }, { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs attached to the resource", - "type": "String" + "access_level": "Read", + "description": "Grants permission to retrieve the Telemetry Config feature status for the account", + "privilege": "GetTelemetryEvaluationStatus", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "aws:TagKeys", - "description": "Filters access by the presence of tag keys in the request", - "type": "ArrayOfString" + "access_level": "Read", + "description": "Grants permission to retrieve the Telemetry Config feature status for the organization", + "privilege": "GetTelemetryEvaluationStatusForOrganization", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "omics:AnnotationImportJobJobId", - "description": "Filters access by a unique resource identifier", - "type": "String" + "access_level": "Read", + "description": "Grants permission to retrieve the specified telemetry rule for the account", + "privilege": "GetTelemetryRule", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "telemetry-rule*" + } + ] }, { - "condition": "omics:AnnotationStoreName", - "description": "Filters access by the name of the store", - "type": "String" + "access_level": "Read", + "description": "Grants permission to retrieve the specified organization telemetry rule for the organization", + "privilege": "GetTelemetryRuleForOrganization", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "organization-telemetry-rule*" + } + ] }, { - "condition": "omics:VariantImportJobJobId", - "description": "Filters access by a unique resource identifier", - "type": "String" + "access_level": "List", + "description": "Grants permission to list the centralization rules for the organization", + "privilege": "ListCentralizationRulesForOrganization", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "omics:VariantStoreName", - "description": "Filters access by the name of the store", - "type": "String" - } - ], - "prefix": "omics", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to batch delete Read Sets in the given Sequence Store", - "privilege": "BatchDeleteReadSet", + "access_level": "Read", + "description": "Grants permission to retrieve telemetry configurations for resources associated with the account", + "privilege": "ListResourceTelemetry", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sequenceStore*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to cancel an Annotation Import Job", - "privilege": "CancelAnnotationImportJob", + "access_level": "Read", + "description": "Grants permission to retrieve telemetry configurations for resources associated with accounts in the organization", + "privilege": "ListResourceTelemetryForOrganization", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "AnnotationImportJob*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to cancel a workflow run and stop all workflow tasks", - "privilege": "CancelRun", + "access_level": "List", + "description": "Grants permission to list the tags for the specified resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "run*" + "resource_type": "organization-centralization-rule" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "organization-telemetry-rule" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "telemetry-rule" } ] }, { - "access_level": "Write", - "description": "Grants permission to cancel a Variant Import Job", - "privilege": "CancelVariantImportJob", + "access_level": "List", + "description": "Grants permission to list the telemetry rules for the account", + "privilege": "ListTelemetryRules", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "VariantImportJob*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an Annotation Store", - "privilege": "CreateAnnotationStore", + "access_level": "List", + "description": "Grants permission to list the telemetry rules for the organization", + "privilege": "ListTelemetryRulesForOrganization", "resource_types": [ { "condition_keys": [], @@ -220209,14 +228172,11 @@ }, { "access_level": "Write", - "description": "Grants permission to create a Reference Store", - "privilege": "CreateReferenceStore", + "description": "Grants permission to enable the Resource tags for telemetry feature for the account", + "privilege": "StartTelemetryEnrichment", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -220224,14 +228184,11 @@ }, { "access_level": "Write", - "description": "Grants permission to create a new workflow run group", - "privilege": "CreateRunGroup", + "description": "Grants permission to start the Telemetry Config feature for the account", + "privilege": "StartTelemetryEvaluation", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -220239,14 +228196,11 @@ }, { "access_level": "Write", - "description": "Grants permission to create a Sequence Store", - "privilege": "CreateSequenceStore", + "description": "Grants permission to start the Telemetry Config feature for the organization", + "privilege": "StartTelemetryEvaluationForOrganization", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -220254,8 +228208,8 @@ }, { "access_level": "Write", - "description": "Grants permission to create a Variant Store", - "privilege": "CreateVariantStore", + "description": "Grants permission to disable the Resource tags for telemetry feature for the account", + "privilege": "StopTelemetryEnrichment", "resource_types": [ { "condition_keys": [], @@ -220266,14 +228220,11 @@ }, { "access_level": "Write", - "description": "Grants permission to create a new workflow with a workflow definition and template of workflow parameters", - "privilege": "CreateWorkflow", + "description": "Grants permission to stop the Telemetry Config feature for the account", + "privilege": "StopTelemetryEvaluation", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -220281,458 +228232,566 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an Annotation Store", - "privilege": "DeleteAnnotationStore", + "description": "Grants permission to stop the Telemetry Config feature for the organization", + "privilege": "StopTelemetryEvaluationForOrganization", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "AnnotationStore*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a Reference in the given Reference Store", - "privilege": "DeleteReference", + "access_level": "Tagging", + "description": "Grants permission to add or update the specified tags for the specified resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "reference*" + "resource_type": "organization-centralization-rule" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "referenceStore*" + "resource_type": "organization-telemetry-rule" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "telemetry-rule" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a Reference Store", - "privilege": "DeleteReferenceStore", + "access_level": "Tagging", + "description": "Grants permission to remove the specified tags from the specified resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "referenceStore*" + "resource_type": "organization-centralization-rule" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "organization-telemetry-rule" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "telemetry-rule" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a workflow run", - "privilege": "DeleteRun", + "description": "Grants permission to update the specified centralization rule for the organization", + "privilege": "UpdateCentralizationRuleForOrganization", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "run*" + "resource_type": "organization-centralization-rule*" + }, + { + "condition_keys": [ + "observabilityadmin:CentralizationSourceRegions", + "observabilityadmin:CentralizationDestinationRegion", + "observabilityadmin:CentralizationBackupRegion" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a workflow run group", - "privilege": "DeleteRunGroup", + "description": "Grants permission to update the specified telemetry rule for the account", + "privilege": "UpdateTelemetryRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "runGroup*" + "resource_type": "telemetry-rule*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a Sequence Store", - "privilege": "DeleteSequenceStore", + "description": "Grants permission to update the specified telemetry rule for the organization", + "privilege": "UpdateTelemetryRuleForOrganization", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sequenceStore*" + "resource_type": "organization-telemetry-rule*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:observabilityadmin:${Region}:${Account}:telemetry-rule/${TelemetryRuleName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "telemetry-rule" + }, + { + "arn": "arn:${Partition}:observabilityadmin:${Region}:${Account}:organization-telemetry-rule/${TelemetryRuleName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "organization-telemetry-rule" + }, + { + "arn": "arn:${Partition}:observabilityadmin:${Region}:${Account}:organization-centralization-rule/${CentralizationRuleName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "organization-centralization-rule" + } + ], + "service_name": "Amazon CloudWatch Observability Admin Service" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by a tag key and value pair that is allowed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by a tag key and value pair of a resource", + "type": "String" }, + { + "condition": "aws:TagKeys", + "description": "Filters access by a list of tag keys that are allowed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "odb", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to delete a Variant Store", - "privilege": "DeleteVariantStore", + "description": "Grants permission to register the Amazon Web Services Marketplace token for your Amazon Web Services account to activate your Oracle Database@Amazon Web Services subscription", + "privilege": "AcceptMarketplaceRegistration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "VariantStore*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a workflow", - "privilege": "DeleteWorkflow", + "description": "Grants permission to create a new Autonomous VM cluster in the specified Exadata infrastructure", + "privilege": "CreateCloudAutonomousVmCluster", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get the status of an Annotation Import Job", - "privilege": "GetAnnotationImportJob", - "resource_types": [ + "resource_type": "cloud-exadata-infrastructure*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "AnnotationImportJob*" + "resource_type": "odb-network*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get detailed information about an Annotation Store", - "privilege": "GetAnnotationStore", + "access_level": "Write", + "description": "Grants permission to create an Exadata infrastructure", + "privilege": "CreateCloudExadataInfrastructure", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "AnnotationStore*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a Read Set in the given Sequence Store", - "privilege": "GetReadSet", + "access_level": "Write", + "description": "Grants permission to create a VM cluster on the specified Exadata infrastructure", + "privilege": "CreateCloudVmCluster", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "readSet*" + "resource_type": "cloud-exadata-infrastructure*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "sequenceStore*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get details about a Read Set activation job for the given Sequence Store", - "privilege": "GetReadSetActivationJob", - "resource_types": [ + "resource_type": "odb-network*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "sequenceStore*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details about a Read Set export job for the given Sequence Store", - "privilege": "GetReadSetExportJob", + "access_level": "Write", + "description": "Grants permission to create a DB Node", + "privilege": "CreateDbNode", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sequenceStore*" + "resource_type": "db-node*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details about a Read Set import job for the given Sequence Store", - "privilege": "GetReadSetImportJob", + "access_level": "Write", + "description": "Grants permission to create an ODB network", + "privilege": "CreateOdbNetwork", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "sequenceStore*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details about a Read Set in the given Sequence Store", - "privilege": "GetReadSetMetadata", + "access_level": "Write", + "description": "Grants permission to create an ODB Peering Connection", + "privilege": "CreateOdbPeeringConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "readSet*" + "resource_type": "odb-network*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "sequenceStore*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a Reference in the given Reference Store", - "privilege": "GetReference", + "access_level": "Write", + "description": "Grants permission to create an Outbound Integration", + "privilege": "CreateOutboundIntegration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "reference*" + "resource_type": "cloud-autonomous-vm-cluster*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "referenceStore*" + "resource_type": "cloud-vm-cluster*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details about a Reference import job for the given Reference Store", - "privilege": "GetReferenceImportJob", + "access_level": "Write", + "description": "Grants permission to Deletes an Autonomous VM cluster", + "privilege": "DeleteCloudAutonomousVmCluster", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "referenceStore*" + "resource_type": "cloud-autonomous-vm-cluster*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details about a Reference in the given Reference Store", - "privilege": "GetReferenceMetadata", + "access_level": "Write", + "description": "Grants permission to delete a specified Exadata infrastructure. Before you use this operation, make sure to delete all of the VM clusters that are hosted on this Exadata infrastructure", + "privilege": "DeleteCloudExadataInfrastructure", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "reference*" - }, + "resource_type": "cloud-exadata-infrastructure*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a specified VM cluster", + "privilege": "DeleteCloudVmCluster", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "referenceStore*" + "resource_type": "cloud-vm-cluster*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details about a Reference Store", - "privilege": "GetReferenceStore", + "access_level": "Write", + "description": "Grants permission to delete a DB Node", + "privilege": "DeleteDbNode", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "referenceStore*" + "resource_type": "db-node*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve workflow run details", - "privilege": "GetRun", + "access_level": "Write", + "description": "Grants permission to delete the specified ODB network", + "privilege": "DeleteOdbNetwork", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "run*" + "resource_type": "odb-network*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve workflow run group details", - "privilege": "GetRunGroup", + "access_level": "Write", + "description": "Grants permission to delete the specified ODB Peering Connection. When you delete an ODB peering connection, the underlying VPC peering connection is also deleted", + "privilege": "DeleteOdbPeeringConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "runGroup*" + "resource_type": "odb-peering-connection*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve workflow task details", - "privilege": "GetRunTask", + "access_level": "Write", + "description": "Grants permission to delete a resource policy", + "privilege": "DeleteResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "TaskResource*" + "resource_type": "cloud-exadata-infrastructure*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "run*" + "resource_type": "odb-network*" } ] }, { "access_level": "Read", - "description": "Grants permission to get details about a Sequence Store", - "privilege": "GetSequenceStore", + "description": "Grants permission to get information about a specific Autonomous VM cluster", + "privilege": "GetCloudAutonomousVmCluster", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sequenceStore*" + "resource_type": "cloud-autonomous-vm-cluster*" } ] }, { "access_level": "Read", - "description": "Grants permission to get the status of a Variant Import Job", - "privilege": "GetVariantImportJob", + "description": "Grants permission to get information about the specified Exadata infrastructure", + "privilege": "GetCloudExadataInfrastructure", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "VariantImportJob*" + "resource_type": "cloud-exadata-infrastructure*" } ] }, { "access_level": "Read", - "description": "Grants permission to get detailed information about a Variant Store", - "privilege": "GetVariantStore", + "description": "Grants permission to retrieve information about unallocated resources in a specified Cloud Exadata Infrastructure", + "privilege": "GetCloudExadataInfrastructureUnallocatedResources", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "VariantStore*" + "resource_type": "cloud-exadata-infrastructure*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve workflow details", - "privilege": "GetWorkflow", + "description": "Grants permission to get information about the specified VM cluster", + "privilege": "GetCloudVmCluster", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow*" + "resource_type": "cloud-vm-cluster*" } ] }, { - "access_level": "List", - "description": "Grants permission to get a list of Annotation Import Jobs", - "privilege": "ListAnnotationImportJobs", + "access_level": "Read", + "description": "Grants permission to get information about the specified DB node", + "privilege": "GetDbNode", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "cloud-vm-cluster*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "db-node*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of information about Annotation Stores", - "privilege": "ListAnnotationStores", + "access_level": "Read", + "description": "Grants permission to get information about the specified database server", + "privilege": "GetDbServer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "cloud-exadata-infrastructure*" } ] }, { - "access_level": "List", - "description": "Grants permission to list Read Set activation jobs for the given Sequence Store", - "privilege": "ListReadSetActivationJobs", + "access_level": "Read", + "description": "Grants permission to get the tenancy activation link and onboarding status for your Amazon Web Services account", + "privilege": "GetOciOnboardingStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sequenceStore*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list Read Set export jobs for the given Sequence Store", - "privilege": "ListReadSetExportJobs", + "access_level": "Read", + "description": "Grants permission to get information about the specified ODB network", + "privilege": "GetOdbNetwork", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sequenceStore*" + "resource_type": "odb-network*" } ] }, { - "access_level": "List", - "description": "Grants permission to list Read Set import jobs for the given Sequence Store", - "privilege": "ListReadSetImportJobs", + "access_level": "Read", + "description": "Grants permission to get information about the specified ODB Peering connection", + "privilege": "GetOdbPeeringConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sequenceStore*" + "resource_type": "odb-peering-connection*" } ] }, { - "access_level": "List", - "description": "Grants permission to list Read Sets in the given Sequence Store", - "privilege": "ListReadSets", + "access_level": "Read", + "description": "Grants permission to get a resource policy", + "privilege": "GetResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sequenceStore*" + "resource_type": "cloud-exadata-infrastructure*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "odb-network*" } ] }, { - "access_level": "List", - "description": "Grants permission to list Reference import jobs for the given Reference Store", - "privilege": "ListReferenceImportJobs", + "access_level": "Write", + "description": "Grants permission to initialize the ODB service for the first time in an account", + "privilege": "InitializeService", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "referenceStore*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list Reference Stores", - "privilege": "ListReferenceStores", + "access_level": "Read", + "description": "Grants permission to list all Autonomous VMs in an Autonomous VM cluster", + "privilege": "ListAutonomousVirtualMachines", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "cloud-autonomous-vm-cluster" } ] }, { "access_level": "List", - "description": "Grants permission to list References in the given Reference Store", - "privilege": "ListReferences", + "description": "Grants permission to list all Autonomous VM clusters in a specified Cloud Exadata infrastructure", + "privilege": "ListCloudAutonomousVmClusters", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "referenceStore*" + "resource_type": "cloud-exadata-infrastructure" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve a list of workflow run groups", - "privilege": "ListRunGroups", + "description": "Grants permission to list information about the Exadata infrastructures owned by your Amazon Web Services account", + "privilege": "ListCloudExadataInfrastructures", "resource_types": [ { "condition_keys": [], @@ -220743,44 +228802,44 @@ }, { "access_level": "List", - "description": "Grants permission to retrieve a list of tasks for a workflow run", - "privilege": "ListRunTasks", + "description": "Grants permission to list information about the VM clusters owned by your Amazon Web Services account or only the ones on the specified Exadata infrastructure", + "privilege": "ListCloudVmClusters", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "run*" + "resource_type": "cloud-exadata-infrastructure" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve a list of workflow runs", - "privilege": "ListRuns", + "description": "Grants permission to list information about the DB nodes for the specified VM cluster", + "privilege": "ListDbNodes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "cloud-vm-cluster*" } ] }, { - "access_level": "List", - "description": "Grants permission to list Sequence Stores", - "privilege": "ListSequenceStores", + "access_level": "Read", + "description": "Grants permission to list information about the database servers that belong to the specified Exadata infrastructure", + "privilege": "ListDbServers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "cloud-exadata-infrastructure*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of resource AWS tags", - "privilege": "ListTagsForResource", + "access_level": "Read", + "description": "Grants permission to list information about the shapes that are available for an Exadata infrastructure", + "privilege": "ListDbSystemShapes", "resource_types": [ { "condition_keys": [], @@ -220790,9 +228849,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to get a list of Variant Import Jobs", - "privilege": "ListVariantImportJobs", + "access_level": "Read", + "description": "Grants permission to list information about Oracle Grid Infrastructure (GI) software versions that are available for a VM cluster for the specified shape", + "privilege": "ListGiVersions", "resource_types": [ { "condition_keys": [], @@ -220803,8 +228862,8 @@ }, { "access_level": "List", - "description": "Grants permission to retrieve a list of metadata for Variant Stores", - "privilege": "ListVariantStores", + "description": "Grants permission to list information about the ODB networks owned by your Amazon Web Services account", + "privilege": "ListOdbNetworks", "resource_types": [ { "condition_keys": [], @@ -220815,20 +228874,20 @@ }, { "access_level": "List", - "description": "Grants permission to retrieve a list of available workflows", - "privilege": "ListWorkflows", + "description": "Grants permission to list all ODB peering connections or those associated with a specific ODB network", + "privilege": "ListOdbPeeringConnections", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "odb-network" } ] }, { - "access_level": "Write", - "description": "Grants permission to import a list of Annotation files to an Annotation Store", - "privilege": "StartAnnotationImportJob", + "access_level": "Read", + "description": "Grants permission to list information about the system versions that are available for a VM cluster for the specified giVersion and shape", + "privilege": "ListSystemVersions", "resource_types": [ { "condition_keys": [], @@ -220838,123 +228897,151 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to start a Read Set activation job from the given Sequence Store", - "privilege": "StartReadSetActivationJob", + "access_level": "Read", + "description": "Grants permission to list information about the tags applied to this resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sequenceStore*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to start a Read Set export job from the given Sequence Store", - "privilege": "StartReadSetExportJob", - "resource_types": [ + "resource_type": "cloud-autonomous-vm-cluster" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "sequenceStore*" + "resource_type": "cloud-exadata-infrastructure" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cloud-vm-cluster" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "db-node" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "odb-network" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "odb-peering-connection" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start a Read Set import job into the given Sequence Store", - "privilege": "StartReadSetImportJob", + "description": "Grants permission to update a resource policy", + "privilege": "PutResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sequenceStore*" + "resource_type": "cloud-exadata-infrastructure*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "odb-network*" } ] }, { "access_level": "Write", - "description": "Grants permission to start a Reference import job into the given Reference Store", - "privilege": "StartReferenceImportJob", + "description": "Grants permission to reboot the specified DB node in a VM cluster", + "privilege": "RebootDbNode", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "referenceStore*" + "resource_type": "cloud-vm-cluster*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "db-node*" } ] }, { "access_level": "Write", - "description": "Grants permission to start a workflow run", - "privilege": "StartRun", + "description": "Grants permission to start the specified DB node in a VM cluster", + "privilege": "StartDbNode", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "cloud-vm-cluster*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "db-node*" } ] }, { "access_level": "Write", - "description": "Grants permission to import a list of variant files to an Variant Store", - "privilege": "StartVariantImportJob", + "description": "Grants permission to stop the specified DB node in a VM cluster", + "privilege": "StopDbNode", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "cloud-vm-cluster*" } ] }, { "access_level": "Tagging", - "description": "Grants permission to add AWS tags to a resource", + "description": "Grants permission to apply tags to the specified resource", "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "readSet" + "resource_type": "cloud-autonomous-vm-cluster" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "reference" + "resource_type": "cloud-exadata-infrastructure" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "referenceStore" + "resource_type": "cloud-vm-cluster" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "run" + "resource_type": "db-node" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "runGroup" + "resource_type": "odb-network" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "sequenceStore" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "workflow" + "resource_type": "odb-peering-connection" }, { "condition_keys": [ "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -220964,46 +229051,42 @@ }, { "access_level": "Tagging", - "description": "Grants permission to remove resource AWS tags", + "description": "Grants permission to remove tags from the specified resource", "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "readSet" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "reference" + "resource_type": "cloud-autonomous-vm-cluster" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "referenceStore" + "resource_type": "cloud-exadata-infrastructure" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "run" + "resource_type": "cloud-vm-cluster" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "runGroup" + "resource_type": "db-node" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "sequenceStore" + "resource_type": "odb-network" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow" + "resource_type": "odb-peering-connection" }, { "condition_keys": [ + "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -221013,143 +229096,86 @@ }, { "access_level": "Write", - "description": "Grants permission to update information about the Annotation Store", - "privilege": "UpdateAnnotationStore", + "description": "Grants permission to update the properties of an Exadata infrastructure resource", + "privilege": "UpdateCloudExadataInfrastructure", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "AnnotationStore*" + "resource_type": "cloud-exadata-infrastructure*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a workflow run group", - "privilege": "UpdateRunGroup", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "runGroup*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update metadata about the Variant Store", - "privilege": "UpdateVariantStore", + "description": "Grants permission to update properties of a specified ODB network", + "privilege": "UpdateOdbNetwork", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "VariantStore*" + "resource_type": "odb-network*" } ] }, { "access_level": "Write", - "description": "Grants permission to update workflow details", - "privilege": "UpdateWorkflow", + "description": "Grants permission to update properties of a specified ODB Peering Connection", + "privilege": "UpdateOdbPeeringConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow*" + "resource_type": "odb-peering-connection*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:omics:${Region}:${Account}:annotationImportJob/${AnnotationImportJobId}", - "condition_keys": [ - "omics:AnnotationImportJobJobId" - ], - "resource": "AnnotationImportJob" - }, - { - "arn": "arn:${Partition}:omics:${Region}:${Account}:annotationStore/${AnnotationStoreId}", - "condition_keys": [ - "omics:AnnotationStoreName" - ], - "resource": "AnnotationStore" - }, - { - "arn": "arn:${Partition}:omics:${Region}:${Account}:sequenceStore/${SequenceStoreId}/readSet/${ReadSetId}", + "arn": "arn:${Partition}:odb:${Region}:${Account}:cloud-autonomous-vm-cluster/${CloudAutonomousVmClusterId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "readSet" + "resource": "cloud-autonomous-vm-cluster" }, { - "arn": "arn:${Partition}:omics:${Region}:${Account}:referenceStore/${ReferenceStoreId}/reference/${ReferenceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "reference" - }, - { - "arn": "arn:${Partition}:omics:${Region}:${Account}:referenceStore/${ReferenceStoreId}", + "arn": "arn:${Partition}:odb:${Region}:${Account}:cloud-exadata-infrastructure/${CloudExadataInfrastructureId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "referenceStore" + "resource": "cloud-exadata-infrastructure" }, { - "arn": "arn:${Partition}:omics:${Region}:${Account}:run/${Id}", + "arn": "arn:${Partition}:odb:${Region}:${Account}:cloud-vm-cluster/${CloudVmClusterId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "run" + "resource": "cloud-vm-cluster" }, { - "arn": "arn:${Partition}:omics:${Region}:${Account}:runGroup/${Id}", + "arn": "arn:${Partition}:odb:${Region}:${Account}:db-node/${DbNodeId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "runGroup" + "resource": "db-node" }, { - "arn": "arn:${Partition}:omics:${Region}:${Account}:sequenceStore/${SequenceStoreId}", + "arn": "arn:${Partition}:odb:${Region}:${Account}:odb-network/${OdbNetworkId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "sequenceStore" - }, - { - "arn": "arn:${Partition}:omics:${Region}:${Account}:tag/${TagKey}", - "condition_keys": [], - "resource": "TaggingResource" - }, - { - "arn": "arn:${Partition}:omics:${Region}:${Account}:task/${Id}", - "condition_keys": [], - "resource": "TaskResource" - }, - { - "arn": "arn:${Partition}:omics:${Region}:${Account}:variantImportJob/${VariantImportJobId}", - "condition_keys": [ - "omics:VariantImportJobJobId" - ], - "resource": "VariantImportJob" - }, - { - "arn": "arn:${Partition}:omics:${Region}:${Account}:variantStore/${VariantStoreId}", - "condition_keys": [ - "omics:VariantStoreName" - ], - "resource": "VariantStore" + "resource": "odb-network" }, { - "arn": "arn:${Partition}:omics:${Region}:${Account}:workflow/${Id}", + "arn": "arn:${Partition}:odb:${Region}:${Account}:odb-peering-connection/${OdbPeeringConnectionId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "workflow" + "resource": "odb-peering-connection" } ], - "service_name": "Amazon Omics" + "service_name": "AWS Service - Oracle Database@AWS" }, { "conditions": [ @@ -221404,6 +229430,26 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a new workflow version with a workflow definition and template of workflow parameters", + "privilege": "CreateWorkflowVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workflow*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete an Annotation Store", @@ -221558,6 +229604,23 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a workflow version", + "privilege": "DeleteWorkflowVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "WorkflowVersion*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workflow*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get the status of an Annotation Import Job", @@ -221847,6 +229910,23 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve workflow version details", + "privilege": "GetWorkflowVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "WorkflowVersion*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workflow*" + } + ] + }, { "access_level": "List", "description": "Grants permission to get a list of Annotation Import Jobs", @@ -222099,6 +230179,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to retrieve a list of available versions for a workflow", + "privilege": "ListWorkflowVersions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workflow*" + } + ] + }, { "access_level": "List", "description": "Grants permission to retrieve a list of available workflows", @@ -222257,6 +230349,11 @@ "dependent_actions": [], "resource_type": "VariantStore" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "WorkflowVersion" + }, { "condition_keys": [], "dependent_actions": [], @@ -222327,6 +230424,11 @@ "dependent_actions": [], "resource_type": "VariantStore" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "WorkflowVersion" + }, { "condition_keys": [], "dependent_actions": [], @@ -222460,6 +230562,23 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update workflow version details", + "privilege": "UpdateWorkflowVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "WorkflowVersion*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workflow*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to upload read set parts", @@ -222560,6 +230679,13 @@ "aws:ResourceTag/${TagKey}" ], "resource": "workflow" + }, + { + "arn": "arn:${Partition}:omics:${Region}:${Account}:workflow/${Id}/version/${VersionName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "WorkflowVersion" } ], "service_name": "AWS HealthOmics" @@ -222746,7 +230872,7 @@ { "access_level": "Write", "description": "Grants permission to delete a User", - "privilege": "DeleteUser", + "privilege": "DeleteUserV1", "resource_types": [ { "condition_keys": [], @@ -222927,6 +231053,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to view list of Users", + "privilege": "ListUsersV1", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to reboot Device associated with a Device Instance", @@ -223122,7 +231260,7 @@ "prefix": "opensearch", "privileges": [ { - "access_level": "Write", + "access_level": "Permissions management", "description": "Grants permission to access OpenSearch Application", "privilege": "ApplicationAccessAll", "resource_types": [ @@ -224455,7 +232593,8 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -224470,7 +232609,8 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -224525,7 +232665,8 @@ "condition_keys": [ "organizations:PolicyType", "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -224675,7 +232816,7 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieves details about the organization that the calling credentials belong to", + "description": "Grants permission to retrieve details about the organization that the calling credentials belong to", "privilege": "DescribeOrganization", "resource_types": [ { @@ -224699,7 +232840,7 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieves details about a policy", + "description": "Grants permission to retrieve details about a policy", "privilege": "DescribePolicy", "resource_types": [ { @@ -224886,7 +233027,7 @@ }, { "access_level": "List", - "description": "Grants permission to list all of the the accounts in the organization", + "description": "Grants permission to list all of the accounts in the organization", "privilege": "ListAccounts", "resource_types": [ { @@ -224913,6 +233054,20 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list accounts that have invalid effective policies for a specified policy type", + "privilege": "ListAccountsWithInvalidEffectivePolicy", + "resource_types": [ + { + "condition_keys": [ + "organizations:PolicyType" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list all of the OUs or accounts that are contained in a parent OU or root", @@ -224968,6 +233123,25 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list validation errors found in the effective policy for a specific account and policy type", + "privilege": "ListEffectivePolicyValidationErrors", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "account*" + }, + { + "condition_keys": [ + "organizations:PolicyType" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list all of the handshakes that are associated with an account", @@ -224994,7 +233168,7 @@ }, { "access_level": "List", - "description": "Grants permission to lists all of the organizational units (OUs) in a parent organizational unit or root", + "description": "Grants permission to list all of the organizational units (OUs) in a parent organizational unit or root", "privilege": "ListOrganizationalUnitsForParent", "resource_types": [ { @@ -225110,6 +233284,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "root" + }, + { + "condition_keys": [ + "organizations:PolicyType" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -225195,7 +233376,7 @@ }, { "access_level": "Write", - "description": "Grants permission to removes the specified account from the organization", + "description": "Grants permission to remove the specified account from the organization", "privilege": "RemoveAccountFromOrganization", "resource_types": [ { @@ -225221,7 +233402,9 @@ "resource_type": "organizationalunit" }, { - "condition_keys": [], + "condition_keys": [ + "organizations:PolicyType" + ], "dependent_actions": [], "resource_type": "policy" }, @@ -225238,7 +233421,8 @@ { "condition_keys": [ "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "organizations:PolicyType" ], "dependent_actions": [], "resource_type": "" @@ -225277,7 +233461,8 @@ }, { "condition_keys": [ - "aws:TagKeys" + "aws:TagKeys", + "organizations:PolicyType" ], "dependent_actions": [], "resource_type": "" @@ -225411,6 +233596,28 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create an OpenSearch Ingestion pipeline endpoint", + "privilege": "CreatePipelineEndpoint", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iam:CreateServiceLinkedRole" + ], + "resource_type": "pipeline*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete an OpenSearch Ingestion pipeline", @@ -225427,6 +233634,30 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete an OpenSearch Ingestion pipeline endpoint in the current account", + "privilege": "DeletePipelineEndpoint", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "pipeline-endpoint*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a resource policy for an OpenSearch Ingestion resource", + "privilege": "DeleteResourcePolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "pipeline*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve configuration information for an OpenSearch Ingestion pipeline", @@ -225463,6 +233694,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get a resource policy for an OpenSearch Ingestion resource", + "privilege": "GetResourcePolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "pipeline*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to ingest data through an OpenSearch Ingestion pipeline", @@ -225487,6 +233730,30 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list OpenSearch Ingestion pipeline endpoint connections to pipelines in the current account", + "privilege": "ListPipelineEndpointConnections", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list OpenSearch Ingestion pipeline endpoints in the current account", + "privilege": "ListPipelineEndpoints", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list basic configuration for each OpenSearch Ingestion pipeline in the current account and Region", @@ -225511,6 +233778,30 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to put a resource policy for an OpenSearch Ingestion resource", + "privilege": "PutResourcePolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "pipeline*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to revoke an OpenSearch Ingestion pipeline endpoint connection from a pipeline in the current account", + "privilege": "RevokePipelineEndpointConnections", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "pipeline*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to start an OpenSearch Ingestion pipeline", @@ -225614,6 +233905,13 @@ ], "resource": "pipeline" }, + { + "arn": "arn:${Partition}:osis:${Region}:${Account}:endpoint/${EndpointId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "pipeline-endpoint" + }, { "arn": "arn:${Partition}:osis:${Region}:${Account}:blueprint/${BlueprintName}", "condition_keys": [], @@ -225691,6 +233989,7 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -225706,7 +234005,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "outpost*" } ] }, @@ -225718,6 +234017,7 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -225809,6 +234109,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get Outpost billing information for the specified Outpost", + "privilege": "GetOutpostBillingInformation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "outpost*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get the instance types for the specified Outpost", @@ -225841,7 +234153,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "outpost*" } ] }, @@ -225889,7 +234201,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "outpost*" } ] }, @@ -226742,6 +235054,11 @@ "description": "Grants permission to creating engagements in AWS Partner Central", "privilege": "CreateEngagement", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Engagement*" + }, { "condition_keys": [ "partnercentral:Catalog" @@ -226756,6 +235073,11 @@ "description": "Grants permission to creating engagement invitations in AWS Partner Central", "privilege": "CreateEngagementInvitation", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "engagement-invitation*" + }, { "condition_keys": [ "partnercentral:Catalog" @@ -226770,8 +235092,15 @@ "description": "Grants permission to create new Opportunities on AWS Partner Central", "privilege": "CreateOpportunity", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Opportunity*" + }, { "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", "partnercentral:Catalog" ], "dependent_actions": [], @@ -226803,6 +235132,11 @@ "description": "Grants permission to creating resource snapshot jobs in AWS Partner Central", "privilege": "CreateResourceSnapshotJob", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "resource-snapshot-job*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -226826,8 +235160,6 @@ }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", "partnercentral:Catalog" ], "dependent_actions": [], @@ -226962,8 +235294,6 @@ }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", "partnercentral:Catalog" ], "dependent_actions": [], @@ -227193,11 +235523,7 @@ "privilege": "StartEngagementByAcceptingInvitationTask", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "partnercentral:Catalog" - ], + "condition_keys": [], "dependent_actions": [ "partnercentral:AcceptEngagementInvitation", "partnercentral:CreateOpportunity", @@ -227206,6 +235532,16 @@ "partnercentral:StartResourceSnapshotJob", "partnercentral:SubmitOpportunity" ], + "resource_type": "engagement-by-accepting-invitation-task*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "partnercentral:Catalog" + ], + "dependent_actions": [], "resource_type": "" } ] @@ -227216,11 +235552,7 @@ "privilege": "StartEngagementFromOpportunityTask", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "partnercentral:Catalog" - ], + "condition_keys": [], "dependent_actions": [ "partnercentral:CreateEngagement", "partnercentral:CreateEngagementInvitation", @@ -227229,6 +235561,16 @@ "partnercentral:StartResourceSnapshotJob", "partnercentral:SubmitOpportunity" ], + "resource_type": "engagement-from-opportunity-task*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "partnercentral:Catalog" + ], + "dependent_actions": [], "resource_type": "" } ] @@ -227245,8 +235587,6 @@ }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", "partnercentral:Catalog" ], "dependent_actions": [], @@ -227266,8 +235606,6 @@ }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", "partnercentral:Catalog" ], "dependent_actions": [], @@ -227299,6 +235637,16 @@ "description": "Grants permission to add new tags to a resource. Supported resource: ResourceSnapshotJob", "privilege": "TagResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Opportunity" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "resource-snapshot-job" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -227316,6 +235664,16 @@ "description": "Grants permission to remove tags from a resource. Supported resource: ResourceSnapshotJob", "privilege": "UntagResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Opportunity" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "resource-snapshot-job" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", @@ -227370,12 +235728,16 @@ }, { "arn": "arn:${Partition}:partnercentral:${Region}:${Account}:catalog/${Catalog}/opportunity/${Identifier}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "Opportunity" }, { "arn": "arn:${Partition}:partnercentral:${Region}:${Account}:catalog/${Catalog}/resource-snapshot-job/${Identifier}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "resource-snapshot-job" }, { @@ -227537,7 +235899,12 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "alias*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "key*" } ] }, @@ -227581,7 +235948,12 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "alias*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "key*" } ] }, @@ -227605,7 +235977,12 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "alias*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "key*" } ] }, @@ -227617,7 +235994,12 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "alias*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "key*" } ] }, @@ -227646,7 +236028,12 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "alias*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "key*" } ] }, @@ -227784,7 +236171,12 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "alias*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "key*" } ] }, @@ -227852,7 +236244,12 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "alias*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "key*" } ] }, @@ -227908,7 +236305,12 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "alias*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "key*" } ] }, @@ -227920,7 +236322,12 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "alias*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "key*" } ] }, @@ -227932,7 +236339,12 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "alias*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "key*" } ] }, @@ -227944,7 +236356,12 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "alias*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "key*" } ] } @@ -228334,6 +236751,7 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [ @@ -228357,6 +236775,7 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [ @@ -228394,6 +236813,7 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -228712,22 +237132,12 @@ ], "resource": "DirectoryRegistration" }, - { - "arn": "arn:${Partition}:pca-connector-ad:${Region}:${Account}:directory-registration/${DirectoryId}", - "condition_keys": [], - "resource": "ServicePrincipalName" - }, { "arn": "arn:${Partition}:pca-connector-ad:${Region}:${Account}:connector/${ConnectorId}/template/${TemplateId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], "resource": "Template" - }, - { - "arn": "arn:${Partition}:pca-connector-ad:${Region}:${Account}:connector/${ConnectorId}/template/${TemplateId}", - "condition_keys": [], - "resource": "TemplateGroupAccessControlEntry" } ], "service_name": "AWS Private CA Connector for Active Directory" @@ -228973,7 +237383,7 @@ "privileges": [ { "access_level": "Write", - "description": "Grants permission to configure vended log delivery for Skybridge cluster logs", + "description": "Grants permission to configure vended log delivery for AWS PCS cluster logs", "privilege": "AllowVendedLogDeliveryForResource", "resource_types": [ { @@ -229300,6 +237710,29 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update cluster properties", + "privilege": "UpdateCluster", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "ec2:CreateNetworkInterface", + "ec2:CreateNetworkInterfacePermission", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:GetSecurityGroupsForVpc", + "iam:CreateServiceLinkedRole", + "secretsmanager:CreateSecret", + "secretsmanager:TagResource" + ], + "resource_type": "cluster*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update compute node group properties", @@ -230651,6 +239084,11 @@ "description": "Grants permission to call ListTagsForResource API to list tags for a resource", "privilege": "ListTagsForResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "metric-resource*" + }, { "condition_keys": [], "dependent_actions": [], @@ -230701,7 +239139,9 @@ "resources": [ { "arn": "arn:${Partition}:pi:${Region}:${Account}:metrics/${ServiceType}/${Identifier}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "metric-resource" }, { @@ -231734,6 +240174,26 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a layout in the domain", + "privilege": "CreateDomainLayout", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domains*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "layouts*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to put an event stream in a domain", @@ -231809,6 +240269,26 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a Recommender in the domain", + "privilege": "CreateRecommender", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domains*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "recommenders*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a segment definition in the domain", @@ -231870,6 +240350,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create an upload job in the domain", + "privilege": "CreateUploadJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domains*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a calculated attribute definition in the domain", @@ -231899,6 +240391,40 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a layout in the domain", + "privilege": "DeleteDomainLayout", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domains*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "layouts*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a specific domain object type in the domain", + "privilege": "DeleteDomainObjectType", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain-object-types*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domains*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete an event stream in a domain", @@ -232010,6 +240536,23 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a recommender in a domain", + "privilege": "DeleteRecommender", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domains*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "recommenders*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a segment definition in the domain", @@ -232109,6 +240652,40 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get a layout in the domain", + "privilege": "GetDomainLayout", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domains*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "layouts*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a specific domain object type in the domain", + "privilege": "GetDomainObjectType", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain-object-types*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domains*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get a specific event stream in a domain", @@ -232186,6 +240763,47 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get statistics of a specific attribute for object type in the domain", + "privilege": "GetObjectTypeAttributeStatistics", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domains*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "object-types*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a profile history record for a profile in a domain", + "privilege": "GetProfileHistoryRecord", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domains*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list insights for a profile", + "privilege": "GetProfileInsights", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domains*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get a specific profile object type in the domain", @@ -232215,6 +240833,40 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to list recommendations for a profile", + "privilege": "GetProfileRecommendations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domains*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "recommenders*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get Recommender details in a domain", + "privilege": "GetRecommender", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domains*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "recommenders*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get a segment definition in the domain", @@ -232302,6 +240954,30 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get details of an upload job in the domain", + "privilege": "GetUploadJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domains*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a pre-signed URL to upload file for an upload job", + "privilege": "GetUploadJobPath", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domains*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get workflow details in a domain", @@ -232362,6 +241038,47 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list all the layouts in the domain", + "privilege": "ListDomainLayouts", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domains*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all the domain object types in the domain", + "privilege": "ListDomainObjectTypes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domains*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list domain objects in a domain", + "privilege": "ListDomainObjects", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain-object-types*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domains*" + } + ] + }, { "access_level": "List", "description": "Grants permission to list all the domains in an account", @@ -232422,6 +241139,23 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list values of a specific attribute for object type in the domain", + "privilege": "ListObjectTypeAttributeValues", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domains*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "object-types*" + } + ] + }, { "access_level": "List", "description": "Grants permission to list all the attributes of a specific object type in the domain", @@ -232451,6 +241185,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list all the profile history records for a profile in a domain", + "privilege": "ListProfileHistoryRecords", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domains*" + } + ] + }, { "access_level": "List", "description": "Grants permission to list all the profile object type templates in the account", @@ -232492,6 +241238,30 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list all the Recommenders Recipes in the domain", + "privilege": "ListRecommenderRecipes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all the Recommenders in the domain", + "privilege": "ListRecommenders", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domains*" + } + ] + }, { "access_level": "List", "description": "Grants permission to list all the rule-based matching result in the domain", @@ -232526,6 +241296,11 @@ "dependent_actions": [], "resource_type": "calculated-attributes" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain-object-types" + }, { "condition_keys": [], "dependent_actions": [], @@ -232536,15 +241311,47 @@ "dependent_actions": [], "resource_type": "event-streams" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "event-triggers" + }, { "condition_keys": [], "dependent_actions": [], "resource_type": "integrations" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "layouts" + }, { "condition_keys": [], "dependent_actions": [], "resource_type": "object-types" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "recommenders" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "segment-definitions" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all upload jobs in the domain", + "privilege": "ListUploadJobs", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domains*" } ] }, @@ -232572,6 +241379,26 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to put a specific domain object type in the domain", + "privilege": "PutDomainObjectType", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "domain-object-types*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domains*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to put a integration in a domain", @@ -232579,7 +241406,13 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "app-integrations:CreateDataIntegrationAssociation", + "app-integrations:DeleteDataIntegrationAssociation", + "app-integrations:GetDataIntegration", + "app-integrations:ListDataIntegrationAssociations", + "kms:CreateGrant" + ], "resource_type": "domains*" }, { @@ -232641,6 +241474,64 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to start a recommender in a domain", + "privilege": "StartRecommender", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domains*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "recommenders*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start an upload job in the domain", + "privilege": "StartUploadJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domains*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to stop a recommender in a domain", + "privilege": "StopRecommender", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domains*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "recommenders*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to stop an upload job in the domain", + "privilege": "StopUploadJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domains*" + } + ] + }, { "access_level": "Tagging", "description": "Grants permission to adds tags to a resource", @@ -232651,6 +241542,11 @@ "dependent_actions": [], "resource_type": "calculated-attributes" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain-object-types" + }, { "condition_keys": [], "dependent_actions": [], @@ -232661,16 +241557,36 @@ "dependent_actions": [], "resource_type": "event-streams" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "event-triggers" + }, { "condition_keys": [], "dependent_actions": [], "resource_type": "integrations" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "layouts" + }, { "condition_keys": [], "dependent_actions": [], "resource_type": "object-types" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "recommenders" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "segment-definitions" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -232691,6 +241607,11 @@ "dependent_actions": [], "resource_type": "calculated-attributes" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain-object-types" + }, { "condition_keys": [], "dependent_actions": [], @@ -232701,16 +241622,36 @@ "dependent_actions": [], "resource_type": "event-streams" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "event-triggers" + }, { "condition_keys": [], "dependent_actions": [], "resource_type": "integrations" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "layouts" + }, { "condition_keys": [], "dependent_actions": [], "resource_type": "object-types" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "recommenders" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "segment-definitions" + }, { "condition_keys": [ "aws:TagKeys" @@ -232751,6 +241692,23 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update a layout in the domain", + "privilege": "UpdateDomainLayout", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domains*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "layouts*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update an event trigger in the domain", @@ -232779,6 +241737,23 @@ "resource_type": "domains*" } ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a Recommender in the domain", + "privilege": "UpdateRecommender", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domains*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "recommenders*" + } + ] } ], "resources": [ @@ -232830,6 +241805,27 @@ "aws:ResourceTag/${TagKey}" ], "resource": "event-triggers" + }, + { + "arn": "arn:${Partition}:profile:${Region}:${Account}:domains/${DomainName}/layouts/${LayoutDefinitionName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "layouts" + }, + { + "arn": "arn:${Partition}:profile:${Region}:${Account}:domains/${DomainName}/recommenders/${RecommenderTypeName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "recommenders" + }, + { + "arn": "arn:${Partition}:profile:${Region}:${Account}:domains/${DomainName}/domain-object-types/${ObjectTypeName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "domain-object-types" } ], "service_name": "Amazon Connect Customer Profiles" @@ -235096,7 +244092,12 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt", + "kms:GenerateDataKeyWithoutPlaintext", + "kms:ReEncryptFrom", + "kms:ReEncryptTo" + ], "resource_type": "" } ] @@ -235108,7 +244109,12 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt", + "kms:GenerateDataKeyWithoutPlaintext", + "kms:ReEncryptFrom", + "kms:ReEncryptTo" + ], "resource_type": "" } ] @@ -235153,6 +244159,35 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a conversation with Amazon Q", + "privilege": "DeleteConversation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an OAuth application in Amazon Q", + "privilege": "DeleteOAuthAppConnection", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "kms:Decrypt", + "kms:GenerateDataKeyWithoutPlaintext", + "kms:ReEncryptFrom", + "kms:ReEncryptTo" + ], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a configured plugin in Amazon Q", @@ -235184,6 +244219,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to generate code recommendations in Amazon Q", + "privilege": "GenerateCodeRecommendations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to view information about a specific Amazon Q connector", @@ -235349,7 +244396,12 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt", + "kms:GenerateDataKeyWithoutPlaintext", + "kms:ReEncryptFrom", + "kms:ReEncryptTo" + ], "resource_type": "" } ] @@ -235447,6 +244499,23 @@ "access_level": "Write", "description": "Grants permission to update OAuth user in Amazon Q", "privilege": "UpdateAuthGrant", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "kms:Decrypt", + "kms:GenerateDataKeyWithoutPlaintext", + "kms:ReEncryptFrom", + "kms:ReEncryptTo" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a conversation with Amazon Q", + "privilege": "UpdateConversation", "resource_types": [ { "condition_keys": [], @@ -235462,6 +244531,31 @@ "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "kms:Decrypt", + "kms:GenerateDataKeyWithoutPlaintext", + "kms:ReEncryptFrom", + "kms:ReEncryptTo" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a third party plugin in Amazon Q", + "privilege": "UpdatePlugin", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "plugin*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } @@ -235490,6 +244584,23 @@ "resource_type": "plugin*" } ] + }, + { + "access_level": "Write", + "description": "Grants permission to verify an OAuth application in Amazon Q", + "privilege": "VerifyOAuthAppConnection", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "kms:Decrypt", + "kms:GenerateDataKeyWithoutPlaintext", + "kms:ReEncryptFrom", + "kms:ReEncryptTo" + ], + "resource_type": "" + } + ] } ], "resources": [ @@ -235704,33 +244815,6 @@ } ] }, - { - "access_level": "Write", - "description": "Grants permission to create a presigned URL for uploading a file to a Q App or Q App Session in the Q Business application environment", - "privilege": "CreatePresignedUrl", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "qapp" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "qapp-session" - }, - { - "condition_keys": [ - "qapps:UserIsAppOwner", - "qapps:AppIsPublished", - "qapps:UserIsSessionModerator", - "qapps:SessionIsShared" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, { "access_level": "Write", "description": "Grants permission to create Q App in the Q Business application environment", @@ -236006,58 +245090,6 @@ } ] }, - { - "access_level": "Write", - "description": "Grants permission to import a document to Q App in the Q Business application environment", - "privilege": "ImportDocumentToQApp", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "qapp" - }, - { - "condition_keys": [ - "qapps:UserIsAppOwner", - "qapps:AppIsPublished" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to import a document to Q App session in the Q Business application environment", - "privilege": "ImportDocumentToQAppSession", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "qapp-session" - }, - { - "condition_keys": [ - "qapps:UserIsAppOwner", - "qapps:AppIsPublished", - "qapps:UserIsSessionModerator", - "qapps:SessionIsShared" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, { "access_level": "List", "description": "Grants permission to list categories in the Q Business application environment", @@ -236444,18 +245476,6 @@ ], "prefix": "qbusiness", "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to add one or more users for licenses", - "privilege": "AddUserLicenses", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, { "access_level": "Permissions management", "description": "Grants permission to configure vended log delivery for Amazon Q Business application resource", @@ -236564,6 +245584,40 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to check if a user has access to a document", + "privilege": "CheckDocumentAccess", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "index*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a unique URL for anonymous Amazon Q Business web experience", + "privilege": "CreateAnonymousWebExperienceUrl", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "web-experience*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create an application", @@ -236579,10 +245633,52 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a chat response configuration to the application", + "privilege": "CreateChatResponseConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create DataAccessor to the application", "privilege": "CreateDataAccessor", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "qbusiness:CreateDataAccessorWithTti" + ], + "resource_type": "application*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create AWS IAM Identity center Trusted Token Issuer based DataAccessor to the application", + "privilege": "CreateDataAccessorWithTti", "resource_types": [ { "condition_keys": [], @@ -236656,18 +245752,6 @@ } ] }, - { - "access_level": "Write", - "description": "Grants permission to create a license", - "privilege": "CreateLicense", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, { "access_level": "Write", "description": "Grants permission to create a plugin for a given application", @@ -236796,6 +245880,23 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a chat response configuration", + "privilege": "DeleteChatResponseConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "chat-response-configuration*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a conversation", @@ -237011,6 +246112,23 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get a chat response configuration", + "privilege": "GetChatResponseConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "chat-response-configuration*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get DataAccessor", @@ -237052,8 +246170,8 @@ }, { "access_level": "Read", - "description": "Grants permission to get a group", - "privilege": "GetGroup", + "description": "Grants permission to get a document content", + "privilege": "GetDocumentContent", "resource_types": [ { "condition_keys": [], @@ -237069,8 +246187,8 @@ }, { "access_level": "Read", - "description": "Grants permission to get an index", - "privilege": "GetIndex", + "description": "Grants permission to get a group", + "privilege": "GetGroup", "resource_types": [ { "condition_keys": [], @@ -237086,8 +246204,8 @@ }, { "access_level": "Read", - "description": "Grants permission to get an integration for a Q Business application", - "privilege": "GetIntegration", + "description": "Grants permission to get an index", + "privilege": "GetIndex", "resource_types": [ { "condition_keys": [], @@ -237097,19 +246215,24 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "integration*" + "resource_type": "index*" } ] }, { "access_level": "Read", - "description": "Grants permission to get a license", - "privilege": "GetLicense", + "description": "Grants permission to get an integration for a Q Business application", + "privilege": "GetIntegration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user-license*" + "resource_type": "application*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "integration*" } ] }, @@ -237224,6 +246347,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list chat response configurations for an application", + "privilege": "ListChatResponseConfigurations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + } + ] + }, { "access_level": "List", "description": "Grants permission to list all conversations for an application", @@ -237444,6 +246579,11 @@ "dependent_actions": [], "resource_type": "application" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "chat-response-configuration" + }, { "condition_keys": [], "dependent_actions": [], @@ -237481,18 +246621,6 @@ } ] }, - { - "access_level": "List", - "description": "Grants permission to list licenses", - "privilege": "ListUserLicenses", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, { "access_level": "List", "description": "Grants permission to list the web experiences of an application", @@ -237546,18 +246674,6 @@ } ] }, - { - "access_level": "Write", - "description": "Grants permission to remove licenses for one or more users", - "privilege": "RemoveUserLicenses", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, { "access_level": "Read", "description": "Grants permission to search relevant content from the Amazon Q Business Application", @@ -237641,6 +246757,71 @@ "dependent_actions": [], "resource_type": "application" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "chat-response-configuration" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "data-accessor" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "data-source" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "index" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "integration" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "plugin" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "retriever" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "web-experience" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to remove the tag with the given key from a resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "chat-response-configuration" + }, { "condition_keys": [], "dependent_actions": [], @@ -237678,7 +246859,6 @@ }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -237687,63 +246867,21 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove the tag with the given key from a resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to update an Application", + "privilege": "UpdateApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "data-accessor" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "data-source" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "index" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "integration" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "plugin" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "retriever" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "web-experience" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "application*" } ] }, { "access_level": "Write", - "description": "Grants permission to update an Application", - "privilege": "UpdateApplication", + "description": "Grants permission to update chat controls configuration for an application", + "privilege": "UpdateChatControlsConfiguration", "resource_types": [ { "condition_keys": [], @@ -237754,13 +246892,18 @@ }, { "access_level": "Write", - "description": "Grants permission to update chat controls configuration for an application", - "privilege": "UpdateChatControlsConfiguration", + "description": "Grants permission to update a chat response configuration", + "privilege": "UpdateChatResponseConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], "resource_type": "application*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "chat-response-configuration*" } ] }, @@ -237968,11 +247111,6 @@ ], "resource": "web-experience" }, - { - "arn": "arn:${Partition}:qbusiness:${Region}:${Account}:application/${ApplicationId}/user-license/${UserLicenseId}", - "condition_keys": [], - "resource": "user-license" - }, { "arn": "arn:${Partition}:qbusiness:${Region}:${Account}:application/${ApplicationId}/subscription/${SubscriptionId}", "condition_keys": [], @@ -237984,10 +247122,151 @@ "aws:ResourceTag/${TagKey}" ], "resource": "data-accessor" + }, + { + "arn": "arn:${Partition}:qbusiness:${Region}:${Account}:application/${ApplicationId}/chat-response-configuration/${ChatResponseConfigurationId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "chat-response-configuration" } ], "service_name": "Amazon Q Business" }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the Amazon Q Developer resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "qdeveloper", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to export artifacts from Amazon Q Developer", + "privilege": "ExportArtifact", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "codeTransformation" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to import artifacts to Amazon Q Developer", + "privilege": "ImportArtifact", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "codeTransformation" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all tags associated with an Amazon Q Developer resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "codeTransformation" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start an agent session with Amazon Q Developer", + "privilege": "StartAgentSession", + "resource_types": [ + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to associate tags with an Amazon Q Developer resource", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "codeTransformation" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to transform code with Amazon Q Developer Transform Agent", + "privilege": "TransformCode", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "codeTransformation" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to remove tags associated with an Amazon Q Developer resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "codeTransformation" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:qdeveloper:${Region}:${Account}:codeTransformation/${Identifier}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "codeTransformation" + } + ], + "service_name": "Amazon Q Developer" + }, { "conditions": [ { @@ -238587,11 +247866,6 @@ "description": "Filters access by tag keys", "type": "ArrayOfString" }, - { - "condition": "identitystore:GroupId", - "description": "Filters access by IdentityStore group ARN", - "type": "ARN" - }, { "condition": "quicksight:AllowedEmbeddingDomains", "description": "Filters access by the allowed embedding domains", @@ -238737,6 +248011,26 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create an action connector", + "privilege": "CreateActionConnector", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "actionconnector*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to provision Amazon QuickSight administrators, authors, and readers", @@ -238877,6 +248171,26 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "emailCustomizationTemplate*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an extension access", + "privilege": "CreateExtensionAccess", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "extensionaccess*" } ] }, @@ -239038,8 +248352,7 @@ "resource_types": [ { "condition_keys": [ - "quicksight:Group", - "identitystore:GroupId" + "quicksight:Group" ], "dependent_actions": [], "resource_type": "" @@ -239189,6 +248502,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to remove the custom permission associated with an account", + "privilege": "DeleteAccountCustomPermission", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete an account customization for QuickSight account or namespace", @@ -239213,6 +248538,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete an action connector", + "privilege": "DeleteActionConnector", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "actionconnector*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete an analysis", @@ -239349,6 +248686,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete an extension access", + "privilege": "DeleteExtensionAccess", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "extensionaccess*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a QuickSight Folder", @@ -239483,8 +248832,7 @@ "resource_types": [ { "condition_keys": [ - "quicksight:Group", - "identitystore:GroupId" + "quicksight:Group" ], "dependent_actions": [], "resource_type": "" @@ -239585,7 +248933,7 @@ }, { "access_level": "Write", - "description": "Grants permission to deletes a user identified by its principal ID", + "description": "Grants permission to delete a user identified by its principal ID", "privilege": "DeleteUserByPrincipalId", "resource_types": [ { @@ -239627,6 +248975,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to describe the custom permission associated with an account", + "privilege": "DescribeAccountCustomPermission", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe an account customization for QuickSight account or namespace", @@ -239663,6 +249023,54 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to describe an action connector", + "privilege": "DescribeActionConnector", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "actionconnector*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe permissions for an action connector", + "privilege": "DescribeActionConnectorPermissions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "actionconnector*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe an agent", + "privilege": "DescribeAgent", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "agent*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe agent's permissions", + "privilege": "DescribeAgentPermissions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "agent*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe an analysis", @@ -239747,6 +249155,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to describe chat configuration", + "privilege": "DescribeChatConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe a custom permissions resource in a QuickSight account", @@ -239935,6 +249355,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to describe an extension access", + "privilege": "DescribeExtensionAccess", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "extensionaccess*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe a QuickSight Folder", @@ -240077,6 +249509,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to describe index capacity", + "privilege": "DescribeQuickIndexCapacity", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe QuickSight Q Search configuration", @@ -240316,8 +249760,6 @@ }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}", "quicksight:AllowedEmbeddingDomains" ], "dependent_actions": [], @@ -240382,6 +249824,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get information about the custom permissions in an account", + "privilege": "GetCustomPermissionsSummary", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get a URL used to embed a QuickSight Dashboard", @@ -240394,6 +249848,30 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get metadata for a flow", + "privilege": "GetFlowMetadata", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "flow*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get permissions for a flow", + "privilege": "GetFlowPermissions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "flow*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to use Amazon QuickSight, in Enterprise edition, to identify and display the Microsoft Active Directory (Microsoft Active Directory) directory groups that are mapped to roles in Amazon QuickSight", @@ -240418,6 +249896,30 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list action connectors", + "privilege": "ListActionConnectors", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list agents", + "privilege": "ListAgents", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "agent*" + } + ] + }, { "access_level": "List", "description": "Grants permission to list all analyses in an account", @@ -240544,6 +250046,30 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list extension accesses", + "privilege": "ListExtensionAccesses", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all flows in an Amazon QuickSight account", + "privilege": "ListFlows", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to list all members in a folder", @@ -240728,6 +250254,11 @@ "description": "Grants permission to list tags of a QuickSight resource", "privilege": "ListTagsForResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "actionconnector" + }, { "condition_keys": [], "dependent_actions": [], @@ -240763,6 +250294,16 @@ "dependent_actions": [], "resource_type": "datasource" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "emailCustomizationTemplate" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "flow" + }, { "condition_keys": [], "dependent_actions": [], @@ -240782,6 +250323,11 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "topic" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "vpcconnection" } ] }, @@ -241007,6 +250553,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get QuickSuite usage metrics", + "privilege": "QuickSuiteUsageMetrics", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to register a customer managed key", @@ -241070,6 +250628,30 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to search action connectors", + "privilege": "SearchActionConnectors", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "actionconnector*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to search agents", + "privilege": "SearchAgents", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "agent*" + } + ] + }, { "access_level": "List", "description": "Grants permission to search for a sub-set of analyses", @@ -241130,6 +250712,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to search flows in an Amazon QuickSight account", + "privilege": "SearchFlows", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to search for a sub-set of QuickSight Folders", @@ -241258,6 +250852,11 @@ "description": "Grants permission to add tags to a QuickSight resource", "privilege": "TagResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "actionconnector" + }, { "condition_keys": [], "dependent_actions": [], @@ -241293,6 +250892,16 @@ "dependent_actions": [], "resource_type": "datasource" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "emailCustomizationTemplate" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "flow" + }, { "condition_keys": [], "dependent_actions": [], @@ -241333,6 +250942,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to unpublish a flow", + "privilege": "UnpublishFlow", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "flow*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to unsubscribe from Amazon QuickSight, which permanently deletes all users and their resources from Amazon QuickSight", @@ -241350,6 +250971,11 @@ "description": "Grants permission to remove tags from a QuickSight resource", "privilege": "UntagResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "actionconnector" + }, { "condition_keys": [], "dependent_actions": [], @@ -241385,6 +251011,16 @@ "dependent_actions": [], "resource_type": "datasource" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "emailCustomizationTemplate" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "flow" + }, { "condition_keys": [], "dependent_actions": [], @@ -241424,6 +251060,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update the custom permission associated with an account", + "privilege": "UpdateAccountCustomPermission", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update an account customization for QuickSight account or namespace", @@ -241448,6 +251096,42 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update an action connector", + "privilege": "UpdateActionConnector", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "actionconnector*" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to update permissions for an action connector", + "privilege": "UpdateActionConnectorPermissions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "actionconnector*" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to update agent permissions", + "privilege": "UpdateAgentPermissions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "agent*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update an analysis", @@ -241520,6 +251204,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update chat configuration", + "privilege": "UpdateChatConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update a QuickSight custom permissions resource", @@ -241705,6 +251401,30 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update an extension access", + "privilege": "UpdateExtensionAccess", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "extensionaccess*" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to update permissions for a flow", + "privilege": "UpdateFlowPermissions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "flow*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update a QuickSight Folder", @@ -241813,6 +251533,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update index capacity", + "privilege": "UpdateQuickIndexCapacity", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update QuickSight Q Search configuration", @@ -242164,7 +251896,9 @@ }, { "arn": "arn:${Partition}:quicksight:${Region}:${Account}:email-customization-template/${ResourceId}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "emailCustomizationTemplate" }, { @@ -242194,6 +251928,30 @@ "aws:ResourceTag/${TagKey}" ], "resource": "custompermissions" + }, + { + "arn": "arn:${Partition}:quicksight:${Region}:${Account}:action-connector/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "actionconnector" + }, + { + "arn": "arn:${Partition}:quicksight:${Region}:${Account}:agent/${ResourceId}", + "condition_keys": [], + "resource": "agent" + }, + { + "arn": "arn:${Partition}:quicksight:${Region}:${Account}:extension-access/${ResourceId}", + "condition_keys": [], + "resource": "extensionaccess" + }, + { + "arn": "arn:${Partition}:quicksight:${Region}:${Account}:flow/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "flow" } ], "service_name": "Amazon QuickSight" @@ -243242,6 +253000,11 @@ "description": "Filters access by the value that contains the number of Provisioned IOPS (PIOPS) that the instance supports. To indicate a DB instance that does not have PIOPS enabled, specify 0", "type": "Numeric" }, + { + "condition": "rds:PubliclyAccessible", + "description": "Filters access by the value that specifies whether the DB Instance or DB ShardGroup is publicly accessible", + "type": "Bool" + }, { "condition": "rds:StorageEncrypted", "description": "Filters access by the value that specifies whether the DB instance storage should be encrypted. To enforce storage encryption, specify true", @@ -243410,6 +253173,11 @@ "dependent_actions": [], "resource_type": "es" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "global-cluster" + }, { "condition_keys": [], "dependent_actions": [], @@ -243566,7 +253334,8 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "rds:req-tag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -243588,7 +253357,8 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "rds:req-tag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -243610,7 +253380,8 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "rds:req-tag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -243634,6 +253405,7 @@ "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", + "rds:req-tag/${TagKey}", "rds:CopyOptionGroup" ], "dependent_actions": [], @@ -243656,7 +253428,8 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "rds:req-tag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -243740,7 +253513,8 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "rds:req-tag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -243831,7 +253605,8 @@ "condition_keys": [ "rds:EndpointType", "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "rds:req-tag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -243940,7 +253715,8 @@ "aws:RequestTag/${TagKey}", "aws:TagKeys", "rds:req-tag/${TagKey}", - "rds:ManageMasterUserPassword" + "rds:ManageMasterUserPassword", + "rds:PubliclyAccessible" ], "dependent_actions": [], "resource_type": "" @@ -243984,7 +253760,8 @@ "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", - "rds:req-tag/${TagKey}" + "rds:req-tag/${TagKey}", + "rds:PubliclyAccessible" ], "dependent_actions": [], "resource_type": "" @@ -244025,7 +253802,8 @@ "aws:TagKeys" ], "dependent_actions": [ - "iam:PassRole" + "iam:PassRole", + "rds:AddTagsToResource" ], "resource_type": "" } @@ -244038,7 +253816,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "rds:AddTagsToResource" + ], "resource_type": "proxy*" }, { @@ -244099,7 +253879,9 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "rds:req-tag/${TagKey}", + "rds:PubliclyAccessible" ], "dependent_actions": [], "resource_type": "" @@ -244188,13 +253970,24 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "rds:AddTagsToResource" + ], "resource_type": "cluster*" }, { "condition_keys": [], "dependent_actions": [], "resource_type": "global-cluster*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "rds:req-tag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -244272,7 +254065,9 @@ "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", - "rds:TenantDatabaseName" + "rds:req-tag/${TagKey}", + "rds:TenantDatabaseName", + "rds:ManageMasterUserPassword" ], "dependent_actions": [], "resource_type": "" @@ -244648,12 +254443,12 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster-auto-backup*" + "resource_type": "cluster" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster" + "resource_type": "cluster-auto-backup" } ] }, @@ -244694,7 +254489,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster-pg*" + "resource_type": "cluster-pg" } ] }, @@ -244747,7 +254542,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "cluster" } ] }, @@ -244788,7 +254583,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "db*" + "resource_type": "db" } ] }, @@ -244804,6 +254599,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to return information specific for each DB major engine versions", + "privilege": "DescribeDBMajorEngineVersions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to return a list of DBParameterGroup descriptions", @@ -244812,7 +254619,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pg*" + "resource_type": "pg" } ] }, @@ -244836,7 +254643,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "proxy*" + "resource_type": "proxy" } ] }, @@ -244848,12 +254655,12 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "proxy*" + "resource_type": "proxy" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "proxy-endpoint*" + "resource_type": "proxy-endpoint" } ] }, @@ -244906,7 +254713,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "secgrp*" + "resource_type": "secgrp" } ] }, @@ -244918,7 +254725,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "shardgrp*" + "resource_type": "shardgrp" } ] }, @@ -244942,17 +254749,17 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "snapshot-tenant-database*" + "resource_type": "db" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "db" + "resource_type": "snapshot" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "snapshot" + "resource_type": "snapshot-tenant-database" } ] }, @@ -244981,7 +254788,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "subgrp*" + "resource_type": "subgrp" } ] }, @@ -245029,7 +254836,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "es*" + "resource_type": "es" } ] }, @@ -245075,7 +254882,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "global-cluster*" + "resource_type": "global-cluster" } ] }, @@ -245087,7 +254894,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "integration*" + "resource_type": "integration" }, { "condition_keys": [ @@ -245118,7 +254925,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "og*" + "resource_type": "og" } ] }, @@ -245183,7 +254990,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ri*" + "resource_type": "ri" } ] }, @@ -245219,12 +255026,12 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "tenant-database*" + "resource_type": "db" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "db" + "resource_type": "tenant-database" } ] }, @@ -245357,6 +255164,11 @@ "dependent_actions": [], "resource_type": "es" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "global-cluster" + }, { "condition_keys": [], "dependent_actions": [], @@ -245799,7 +255611,8 @@ }, { "condition_keys": [ - "rds:TenantDatabaseName" + "rds:TenantDatabaseName", + "rds:ManageMasterUserPassword" ], "dependent_actions": [], "resource_type": "" @@ -245837,13 +255650,16 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "rds:AddTagsToResource" + ], "resource_type": "ri*" }, { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "rds:req-tag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -246002,6 +255818,11 @@ "dependent_actions": [], "resource_type": "es" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "global-cluster" + }, { "condition_keys": [], "dependent_actions": [], @@ -246296,7 +256117,9 @@ "rds:BackupTarget", "aws:RequestTag/${TagKey}", "aws:TagKeys", - "rds:req-tag/${TagKey}" + "rds:req-tag/${TagKey}", + "rds:ManageMasterUserPassword", + "rds:PubliclyAccessible" ], "dependent_actions": [], "resource_type": "" @@ -246347,7 +256170,8 @@ "aws:RequestTag/${TagKey}", "aws:TagKeys", "rds:req-tag/${TagKey}", - "rds:ManageMasterUserPassword" + "rds:ManageMasterUserPassword", + "rds:PubliclyAccessible" ], "dependent_actions": [], "resource_type": "" @@ -246393,7 +256217,9 @@ "rds:BackupTarget", "aws:RequestTag/${TagKey}", "aws:TagKeys", - "rds:req-tag/${TagKey}" + "rds:req-tag/${TagKey}", + "rds:ManageMasterUserPassword", + "rds:PubliclyAccessible" ], "dependent_actions": [], "resource_type": "" @@ -246684,7 +256510,9 @@ }, { "arn": "arn:${Partition}:rds::${Account}:global-cluster:${GlobalCluster}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "global-cluster" }, { @@ -248812,11 +258640,6 @@ "dependent_actions": [], "resource_type": "dbuser*" }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "dbgroup" - }, { "condition_keys": [], "dependent_actions": [], @@ -249558,9 +259381,7 @@ }, { "arn": "arn:${Partition}:redshift:${Region}:${Account}:namespace:${ClusterNamespace}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "resource": "namespace" }, { @@ -250013,6 +259834,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to purchase a capacity reservation according to a specific reservation offering, for a specified number of RPUs", + "privilege": "CreateReservation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a scheduled action for a specified Amazon Redshift Serverless namespace", @@ -250286,6 +260119,30 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get a particular reservation object", + "privilege": "GetReservation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a particular reservation offering", + "privilege": "GetReservationOffering", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get a resource policy", @@ -250334,6 +260191,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get information about a track in Amazon Redshift Serverless", + "privilege": "GetTrack", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get information about a usage limit in Amazon Redshift Serverless", @@ -250414,7 +260283,31 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "namespace" + "resource_type": "recoveryPoint*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all available capacity reservation offerings", + "privilege": "ListReservationOfferings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all reservations", + "privilege": "ListReservations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -250490,6 +260383,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list tracks available in Amazon Redshift Serverless", + "privilege": "ListTracks", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list all usage limits within Amazon Redshift Serverless", @@ -251486,11 +261391,6 @@ "description": "Grants permission to create an Amazon Rekognition Custom Labels project", "privilege": "CreateProject", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "project*" - }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -252029,7 +261929,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "streamprocessor*" + "resource_type": "" } ] }, @@ -252480,6 +262380,18 @@ ], "prefix": "repostspace", "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to add a role to users and groups in a private re:Post channel in your account", + "privilege": "BatchAddChannelRoleToAccessors", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "space*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to add a role to users and groups in a private re:Post in your account", @@ -252492,6 +262404,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to remove a role from users and groups in a private re:Post channel in your account", + "privilege": "BatchRemoveChannelRoleFromAccessors", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "space*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to remove a role from users and groups in a private re:Post in your account", @@ -252504,6 +262428,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a new channel in private re:Post in your account", + "privilege": "CreateChannel", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "space*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a new private re:Post in your account", @@ -252543,6 +262479,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get the description for a channel in private re:Post in your account", + "privilege": "GetChannel", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "space*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get the description for a private re:Post in your account", @@ -252555,6 +262503,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to list all channels in a private re:Post in your account", + "privilege": "ListChannels", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "space*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to list all private re:Posts in your account", @@ -252650,6 +262610,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update a channel in private re:Post in your account", + "privilege": "UpdateChannel", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "space*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update a private re:Post in your account", @@ -252742,14 +262714,19 @@ "description": "Grants permission to create application", "privilege": "CreateApp", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "application*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys" ], - "dependent_actions": [ - "iam:PassRole" - ], + "dependent_actions": [], "resource_type": "" } ] @@ -252807,6 +262784,11 @@ "description": "Grants permission to create resiliency policy", "privilege": "CreateResiliencyPolicy", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "resiliency-policy*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -253066,877 +263048,30 @@ }, { "access_level": "List", - "description": "Grants permission to list compliance drifts that were detected while running an assessment", - "privilege": "ListAppAssessmentComplianceDrifts", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list resource drifts that were detected while running an assessment", - "privilege": "ListAppAssessmentResourceDrifts", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list application assessment", - "privilege": "ListAppAssessments", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list app component compliances", - "privilege": "ListAppComponentCompliances", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list app component recommendations", - "privilege": "ListAppComponentRecommendations", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list application input sources", - "privilege": "ListAppInputSources", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list application version app components", - "privilege": "ListAppVersionAppComponents", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to application version resource mappings", - "privilege": "ListAppVersionResourceMappings", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list application resources", - "privilege": "ListAppVersionResources", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list application version", - "privilege": "ListAppVersions", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list applications", - "privilege": "ListApps", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list metrics", - "privilege": "ListMetrics", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list recommendation templates", - "privilege": "ListRecommendationTemplates", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list resiliency policies", - "privilege": "ListResiliencyPolicies", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list resource grouping recommendations", - "privilege": "ListResourceGroupingRecommendations", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list SOP recommendations", - "privilege": "ListSopRecommendations", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list suggested resiliency policies", - "privilege": "ListSuggestedResiliencyPolicies", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list tags for a resource", - "privilege": "ListTagsForResource", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list test recommendations", - "privilege": "ListTestRecommendations", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list unsupported application version resources", - "privilege": "ListUnsupportedAppVersionResources", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to publish application version", - "privilege": "PublishAppVersion", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to put draft application version template", - "privilege": "PutDraftAppVersionTemplate", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to reject resource grouping recommendations", - "privilege": "RejectResourceGroupingRecommendations", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to remove draft application version mappings", - "privilege": "RemoveDraftAppVersionResourceMappings", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to resolve application version resources", - "privilege": "ResolveAppVersionResources", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "cloudformation:DescribeStacks", - "cloudformation:ListStackResources", - "resource-groups:GetGroup", - "resource-groups:ListGroupResources", - "servicecatalog:GetApplication", - "servicecatalog:ListAssociatedResources" - ], - "resource_type": "application*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create application assessment", - "privilege": "StartAppAssessment", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "cloudformation:DescribeStacks", - "cloudformation:ListStackResources", - "cloudwatch:DescribeAlarms", - "cloudwatch:GetMetricData", - "cloudwatch:GetMetricStatistics", - "cloudwatch:PutMetricData", - "ec2:DescribeRegions", - "fis:GetExperimentTemplate", - "fis:ListExperimentTemplates", - "fis:ListExperiments", - "resource-groups:GetGroup", - "resource-groups:ListGroupResources", - "servicecatalog:GetApplication", - "servicecatalog:ListAssociatedResources", - "ssm:GetParametersByPath" - ], - "resource_type": "application*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to start the metrics export", - "privilege": "StartMetricsExport", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to start the grouping recommendation generation process", - "privilege": "StartResourceGroupingRecommendationTask", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to assign a resource tag", - "privilege": "TagResource", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-assessment" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "recommendation-template" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "resiliency-policy" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to untag a resource", - "privilege": "UntagResource", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-assessment" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "recommendation-template" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "resiliency-policy" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update application", - "privilege": "UpdateApp", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "iam:PassRole" - ], - "resource_type": "application*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update application version", - "privilege": "UpdateAppVersion", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update application app component", - "privilege": "UpdateAppVersionAppComponent", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update application resource", - "privilege": "UpdateAppVersionResource", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update resiliency policy", - "privilege": "UpdateResiliencyPolicy", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "resiliency-policy*" - } - ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:resiliencehub:${Region}:${Account}:resiliency-policy/${ResiliencyPolicyId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "resiliency-policy" - }, - { - "arn": "arn:${Partition}:resiliencehub:${Region}:${Account}:app/${AppId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "application" - }, - { - "arn": "arn:${Partition}:resiliencehub:${Region}:${Account}:app-assessment/${AppAssessmentId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "app-assessment" - }, - { - "arn": "arn:${Partition}:resiliencehub:${Region}:${Account}:recommendation-template/${RecommendationTemplateId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "recommendation-template" - } - ], - "service_name": "AWS Resilience Hub" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tag key-value pairs attached to the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", - "type": "ArrayOfString" - } - ], - "prefix": "resiliencehub", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to add draft application version resource mappings", - "privilege": "AddDraftAppVersionResourceMappings", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "cloudformation:DescribeStacks", - "cloudformation:ListStackResources", - "resource-groups:GetGroup", - "resource-groups:ListGroupResources", - "servicecatalog:GetApplication", - "servicecatalog:ListAssociatedResources" - ], - "resource_type": "application*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create application", - "privilege": "CreateApp", - "resource_types": [ - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create application app component", - "privilege": "CreateAppVersionAppComponent", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create application resource", - "privilege": "CreateAppVersionResource", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create recommendation template", - "privilege": "CreateRecommendationTemplate", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "s3:CreateBucket", - "s3:ListBucket", - "s3:PutObject" - ], - "resource_type": "application*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create resiliency policy", - "privilege": "CreateResiliencyPolicy", - "resource_types": [ - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to batch delete application", - "privilege": "DeleteApp", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to batch delete application assessment", - "privilege": "DeleteAppAssessment", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to remove application input source", - "privilege": "DeleteAppInputSource", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete application app component", - "privilege": "DeleteAppVersionAppComponent", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete application resource", - "privilege": "DeleteAppVersionResource", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to batch delete recommendation template", - "privilege": "DeleteRecommendationTemplate", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to batch delete resiliency policy", - "privilege": "DeleteResiliencyPolicy", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "resiliency-policy*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe application", - "privilege": "DescribeApp", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe application assessment", - "privilege": "DescribeAppAssessment", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe application version", - "privilege": "DescribeAppVersion", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe application version app component", - "privilege": "DescribeAppVersionAppComponent", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe application version resource", - "privilege": "DescribeAppVersionResource", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe application resolution", - "privilege": "DescribeAppVersionResourcesResolutionStatus", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe application version template", - "privilege": "DescribeAppVersionTemplate", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe draft application version resources import status", - "privilege": "DescribeDraftAppVersionResourcesImportStatus", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe resiliency policy", - "privilege": "DescribeResiliencyPolicy", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "resiliency-policy*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to import resources to draft application version", - "privilege": "ImportResourcesToDraftAppVersion", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "cloudformation:DescribeStacks", - "cloudformation:ListStackResources", - "resource-groups:GetGroup", - "resource-groups:ListGroupResources", - "servicecatalog:GetApplication", - "servicecatalog:ListAssociatedResources" - ], - "resource_type": "application*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list alarm recommendation", - "privilege": "ListAlarmRecommendations", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "List", + "description": "Grants permission to list compliance drifts that were detected while running an assessment", + "privilege": "ListAppAssessmentComplianceDrifts", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list resource drifts that were detected while running an assessment", + "privilege": "ListAppAssessmentResourceDrifts", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + } + ] + }, + { + "access_level": "List", "description": "Grants permission to list application assessment", "privilege": "ListAppAssessments", "resource_types": [ @@ -254043,6 +263178,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list metrics", + "privilege": "ListMetrics", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list recommendation templates", @@ -254067,6 +263214,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list resource grouping recommendations", + "privilege": "ListResourceGroupingRecommendations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + } + ] + }, { "access_level": "List", "description": "Grants permission to list SOP recommendations", @@ -254151,6 +263310,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to reject resource grouping recommendations", + "privilege": "RejectResourceGroupingRecommendations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to remove draft application version mappings", @@ -254218,6 +263389,30 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to start the metrics export", + "privilege": "StartMetricsExport", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start the grouping recommendation generation process", + "privilege": "StartResourceGroupingRecommendationTask", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + } + ] + }, { "access_level": "Tagging", "description": "Grants permission to assign a resource tag", @@ -254294,7 +263489,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "iam:PassRole" + ], "resource_type": "application*" } ] @@ -254378,53 +263575,7 @@ "resource": "recommendation-template" } ], - "service_name": "AWS Resilience Hub Service" - }, - { - "conditions": [], - "prefix": "resource-explorer", - "privileges": [ - { - "access_level": "List", - "description": "Grants permission to retrieve the resource types currently supported by Tag Editor", - "privilege": "ListResourceTypes", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to retrieve the identifiers of the resources in the AWS account", - "privilege": "ListResources", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve the tags attached to the specified resource identifiers", - "privilege": "ListTags", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "tag:GetResources" - ], - "resource_type": "" - } - ] - } - ], - "resources": [], - "service_name": "AWS Tag Editor" + "service_name": "AWS Resilience Hub" }, { "conditions": [], @@ -254550,6 +263701,30 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create resource explorer setup", + "privilege": "CreateResourceExplorerSetup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create resource explorer streaming access", + "privilege": "CreateStreamingAccessForService", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a view that users can query", @@ -254579,6 +263754,18 @@ }, { "access_level": "Write", + "description": "Grants permission to delete resource explorer setup", + "privilege": "DeleteResourceExplorerSetup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Permissions management", "description": "Grants permission to delete the specified view's resource policy", "privilege": "DeleteResourcePolicy", "resource_types": [ @@ -254589,6 +263776,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete resource explorer streaming access", + "privilege": "DeleteStreamingAccessForService", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a view", @@ -254661,6 +263860,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get resource explorer setup", + "privilege": "GetResourceExplorerSetup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve information about the specified view's resource policy", @@ -254673,6 +263884,30 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get service index", + "privilege": "GetServiceIndex", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get service view", + "privilege": "GetServiceView", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve information about the specified view", @@ -254721,6 +263956,42 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list service indexes in all AWS Regions", + "privilege": "ListServiceIndexes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list service views in all AWS Regions", + "privilege": "ListServiceViews", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list streaming access for services", + "privilege": "ListStreamingAccessForServices", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to retrieve a list of all resource types currently supported by Resource Explorer", @@ -254763,7 +264034,7 @@ ] }, { - "access_level": "Write", + "access_level": "Permissions management", "description": "Grants permission to update the specified view's resource policy", "privilege": "PutResourcePolicy", "resource_types": [ @@ -256872,7 +266143,7 @@ { "condition": "route53:VPCs", "description": "Filters access by VPCs in request", - "type": "ArrayOfString" + "type": "String" } ], "prefix": "route53", @@ -258034,6 +267305,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete the RAM access control policy for a cluster", + "privilege": "DeleteResourcePolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a routing control", @@ -258202,6 +267485,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to define the RAM access control policy for a cluster", + "privilege": "PutResourcePolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, { "access_level": "Tagging", "description": "Grants permission to tag a resource", @@ -258254,14 +267549,25 @@ }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" } ] }, + { + "access_level": "Write", + "description": "Grants permission to update a cluster", + "privilege": "UpdateCluster", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update a cluster", @@ -260103,7 +269409,12 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "resolver-rule*" + "resource_type": "autodefined-rule" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "resolver-rule" } ] }, @@ -260115,7 +269426,12 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "resolver-rule*" + "resource_type": "autodefined-rule" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "resolver-rule" } ] }, @@ -260676,6 +269992,13 @@ ], "resource": "resolver-rule" }, + { + "arn": "arn:${Partition}:route53resolver:${Region}:${Account}:autodefined-rule/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "autodefined-rule" + }, { "arn": "arn:${Partition}:route53resolver:${Region}:${Account}:resolver-endpoint/${ResourceId}", "condition_keys": [ @@ -260726,6 +270049,549 @@ ], "service_name": "Amazon Route 53 Resolver" }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by a tag key and value pair that is allowed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by a tag key and value pair of a resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by a list of tag keys that are allowed in the request", + "type": "ArrayOfString" + }, + { + "condition": "rtbfabric:InboundExternalLinkGatewayId", + "description": "Filters access by gateway identifier supporting rtb-gw-* formats", + "type": "String" + }, + { + "condition": "rtbfabric:InboundExternalLinkLinkId", + "description": "Filters access by InboundExternalLink resource linkId identifier", + "type": "String" + }, + { + "condition": "rtbfabric:LinkLinkId", + "description": "Filters access by Link resource linkId identifier", + "type": "String" + }, + { + "condition": "rtbfabric:OutboundExternalLinkLinkId", + "description": "Filters access by OutboundExternalLink resource linkId identifier", + "type": "String" + }, + { + "condition": "rtbfabric:RequesterGatewayGatewayId", + "description": "Filters access by gateway identifier supporting rtb-gw-* formats", + "type": "String" + }, + { + "condition": "rtbfabric:ResponderGatewayGatewayId", + "description": "Filters access by gateway identifier supporting rtb-gw-* formats", + "type": "String" + } + ], + "prefix": "rtbfabric", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to accept a link invitation from another Gateway", + "privilege": "AcceptLink", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Link*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an inbound external link for a responder gateway", + "privilege": "CreateInboundExternalLink", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ResponderGateway*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a new link between RTB applications", + "privilege": "CreateLink", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an outbound external link for a requester gateway to connect to external public responder endpoints", + "privilege": "CreateOutboundExternalLink", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "RequesterGateway*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a requester gateway", + "privilege": "CreateRequesterGateway", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a responder gateway", + "privilege": "CreateResponderGateway", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an inbound external link", + "privilege": "DeleteInboundExternalLink", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "InboundExternalLink*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ResponderGateway*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a link between RTB applications", + "privilege": "DeleteLink", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Link*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an outbound external link", + "privilege": "DeleteOutboundExternalLink", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "OutboundExternalLink*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "RequesterGateway*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a requester gateway", + "privilege": "DeleteRequesterGateway", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "RequesterGateway*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a responder gateway", + "privilege": "DeleteResponderGateway", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ResponderGateway*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about an inbound external link", + "privilege": "GetInboundExternalLink", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "InboundExternalLink*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ResponderGateway*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about a link between RTB applications", + "privilege": "GetLink", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Link*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about an outbound external link", + "privilege": "GetOutboundExternalLink", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "OutboundExternalLink*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "RequesterGateway*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about a requester gateway", + "privilege": "GetRequesterGateway", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "RequesterGateway*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about a responder gateway", + "privilege": "GetResponderGateway", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ResponderGateway*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list links associated with an RTB application", + "privilege": "ListLinks", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list requester gateways with optional filtering and pagination", + "privilege": "ListRequesterGateways", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list responder gateways with optional filtering and pagination", + "privilege": "ListResponderGateways", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list tags for a resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "InboundExternalLink" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Link" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "OutboundExternalLink" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "RequesterGateway" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ResponderGateway" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to reject a link request between RTB applications", + "privilege": "RejectLink", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Link*" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to assign one or more tags (key-value pairs) to the specified resource", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "InboundExternalLink" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Link" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "OutboundExternalLink" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "RequesterGateway" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ResponderGateway" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to remove a tag or tags from a resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "InboundExternalLink" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Link" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "OutboundExternalLink" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "RequesterGateway" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ResponderGateway" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update configuration settings for an existing link", + "privilege": "UpdateLink", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Link*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a link module flow", + "privilege": "UpdateLinkModuleFlow", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Link*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a requester gateway", + "privilege": "UpdateRequesterGateway", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "RequesterGateway*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a responder gateway", + "privilege": "UpdateResponderGateway", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ResponderGateway*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:rtbfabric:${Region}:${Account}:gateway/${GatewayId}/link/${LinkId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "rtbfabric:InboundExternalLinkLinkId", + "rtbfabric:ResponderGatewayGatewayId" + ], + "resource": "InboundExternalLink" + }, + { + "arn": "arn:${Partition}:rtbfabric:${Region}:${Account}:gateway/${GatewayId}/link/${LinkId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "rtbfabric:LinkLinkId", + "rtbfabric:RequesterGatewayGatewayId", + "rtbfabric:ResponderGatewayGatewayId" + ], + "resource": "Link" + }, + { + "arn": "arn:${Partition}:rtbfabric:${Region}:${Account}:gateway/${GatewayId}/link/${LinkId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "rtbfabric:OutboundExternalLinkLinkId", + "rtbfabric:RequesterGatewayGatewayId" + ], + "resource": "OutboundExternalLink" + }, + { + "arn": "arn:${Partition}:rtbfabric:${Region}:${Account}:gateway/${GatewayId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "rtbfabric:RequesterGatewayGatewayId" + ], + "resource": "RequesterGateway" + }, + { + "arn": "arn:${Partition}:rtbfabric:${Region}:${Account}:gateway/${GatewayId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "rtbfabric:ResponderGatewayGatewayId" + ], + "resource": "ResponderGateway" + } + ], + "service_name": "AWS RTB Fabric" + }, { "conditions": [ { @@ -260817,6 +270683,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a resource policy attached to an app monitor", + "privilege": "DeleteResourcePolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "AppMonitorResource*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete rum metrics destinations", @@ -260853,6 +270731,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a resource policy attached to an app monitor", + "privilege": "GetResourcePolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "AppMonitorResource*" + } + ] + }, { "access_level": "List", "description": "Grants permission to list appMonitors metadata", @@ -260889,6 +270779,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to attach a resource policy to an app monitor", + "privilege": "PutResourcePolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "AppMonitorResource*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to put RUM events for appmonitor", @@ -261008,16 +270910,31 @@ "description": "Filters access by the tag keys that are passed in the request", "type": "ArrayOfString" }, + { + "condition": "s3:AccessGrantScope", + "description": "Filters access by the grant scope of access grants grant", + "type": "String" + }, { "condition": "s3:AccessGrantsInstanceArn", "description": "Filters access by access grants instance ARN", "type": "ARN" }, + { + "condition": "s3:AccessGrantsLocationScope", + "description": "Filters access by the location scope of access grants location", + "type": "String" + }, { "condition": "s3:AccessPointNetworkOrigin", "description": "Filters access by the network origin (Internet or VPC)", "type": "String" }, + { + "condition": "s3:AccessPointTag/${TagKey}", + "description": "Filters access by existing access point tag key and value", + "type": "String" + }, { "condition": "s3:DataAccessPointAccount", "description": "Filters access by the AWS Account ID that owns the access point", @@ -261254,13 +271171,227 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "object*" + "resource_type": "accesspointobject" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "object" }, { "condition_keys": [ - "s3:DataAccessPointArn", "s3:AccessGrantsInstanceArn", + "s3:authType", + "s3:ResourceAccount", + "s3:signatureAge", + "s3:signatureversion", + "s3:TlsVersion", + "s3:x-amz-content-sha256" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to associate Access Grants identity center", + "privilege": "AssociateAccessGrantsIdentityCenter", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accessgrantsinstance*" + }, + { + "condition_keys": [ + "s3:authType", + "s3:ResourceAccount", + "s3:signatureAge", + "s3:signatureversion", + "s3:TlsVersion", + "s3:x-amz-content-sha256", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to allow circumvention of governance-mode object retention settings", + "privilege": "BypassGovernanceRetention", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accesspointobject" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "object" + }, + { + "condition_keys": [ + "s3:RequestObjectTag/", + "s3:RequestObjectTagKeys", + "s3:authType", + "s3:ResourceAccount", + "s3:signatureAge", + "s3:signatureversion", + "s3:TlsVersion", + "s3:x-amz-acl", + "s3:x-amz-content-sha256", + "s3:x-amz-copy-source", + "s3:x-amz-grant-full-control", + "s3:x-amz-grant-read", + "s3:x-amz-grant-read-acp", + "s3:x-amz-grant-write", + "s3:x-amz-grant-write-acp", + "s3:x-amz-metadata-directive", + "s3:x-amz-server-side-encryption", + "s3:x-amz-server-side-encryption-aws-kms-key-id", + "s3:x-amz-server-side-encryption-customer-algorithm", + "s3:x-amz-storage-class", + "s3:x-amz-website-redirect-location" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to create Access Grant", + "privilege": "CreateAccessGrant", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accessgrantslocation*" + }, + { + "condition_keys": [ + "s3:AccessGrantScope", + "s3:authType", + "s3:ResourceAccount", + "s3:signatureAge", + "s3:signatureversion", + "s3:TlsVersion", + "s3:x-amz-content-sha256", + "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to Create Access Grants Instance", + "privilege": "CreateAccessGrantsInstance", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accessgrantsinstance*" + }, + { + "condition_keys": [ + "s3:authType", + "s3:ResourceAccount", + "s3:signatureAge", + "s3:signatureversion", + "s3:TlsVersion", + "s3:x-amz-content-sha256", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to create Access Grants location", + "privilege": "CreateAccessGrantsLocation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accessgrantsinstance*" + }, + { + "condition_keys": [ + "s3:AccessGrantsLocationScope", + "s3:authType", + "s3:ResourceAccount", + "s3:signatureAge", + "s3:signatureversion", + "s3:TlsVersion", + "s3:x-amz-content-sha256", + "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a new access point", + "privilege": "CreateAccessPoint", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accesspoint*" + }, + { + "condition_keys": [ "s3:DataAccessPointAccount", + "s3:DataAccessPointArn", + "s3:AccessPointNetworkOrigin", + "s3:authType", + "s3:locationconstraint", + "s3:ResourceAccount", + "s3:signatureAge", + "s3:signatureversion", + "s3:TlsVersion", + "s3:x-amz-acl", + "s3:x-amz-content-sha256", + "s3:AccessPointTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an object lambda enabled accesspoint", + "privilege": "CreateAccessPointForObjectLambda", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "objectlambdaaccesspoint*" + }, + { + "condition_keys": [ + "s3:DataAccessPointAccount", + "s3:DataAccessPointArn", "s3:AccessPointNetworkOrigin", "s3:authType", "s3:ResourceAccount", @@ -261276,8 +271407,170 @@ }, { "access_level": "Write", - "description": "Grants permission to associate Access Grants identity center", - "privilege": "AssociateAccessGrantsIdentityCenter", + "description": "Grants permission to create a new bucket", + "privilege": "CreateBucket", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bucket*" + }, + { + "condition_keys": [ + "s3:authType", + "s3:locationconstraint", + "s3:ResourceAccount", + "s3:signatureAge", + "s3:signatureversion", + "s3:TlsVersion", + "s3:x-amz-acl", + "s3:x-amz-content-sha256", + "s3:x-amz-grant-full-control", + "s3:x-amz-grant-read", + "s3:x-amz-grant-read-acp", + "s3:x-amz-grant-write", + "s3:x-amz-grant-write-acp", + "s3:x-amz-object-ownership" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a new S3 Metadata configuration for a specified general purpose bucket", + "privilege": "CreateBucketMetadataTableConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "kms:DescribeKey", + "s3tables:CreateNamespace", + "s3tables:CreateTable", + "s3tables:CreateTableBucket", + "s3tables:GetTable", + "s3tables:PutTableEncryption", + "s3tables:PutTablePolicy" + ], + "resource_type": "bucket*" + }, + { + "condition_keys": [ + "s3:authType", + "s3:ResourceAccount", + "s3:signatureAge", + "s3:signatureversion", + "s3:TlsVersion", + "s3:x-amz-content-sha256" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a new Amazon S3 Batch Operations job", + "privilege": "CreateJob", + "resource_types": [ + { + "condition_keys": [ + "s3:authType", + "s3:ResourceAccount", + "s3:signatureAge", + "s3:signatureversion", + "s3:TlsVersion", + "s3:x-amz-content-sha256", + "s3:RequestJobPriority", + "s3:RequestJobOperation", + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a new Multi-Region Access Point", + "privilege": "CreateMultiRegionAccessPoint", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "multiregionaccesspoint*" + }, + { + "condition_keys": [ + "s3:DataAccessPointAccount", + "s3:DataAccessPointArn", + "s3:AccessPointNetworkOrigin", + "s3:authType", + "s3:ResourceAccount", + "s3:signatureversion", + "s3:signatureAge", + "s3:TlsVersion" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an Amazon S3 Storage Lens group", + "privilege": "CreateStorageLensGroup", + "resource_types": [ + { + "condition_keys": [ + "s3:authType", + "s3:ResourceAccount", + "s3:signatureAge", + "s3:signatureversion", + "s3:TlsVersion", + "s3:x-amz-content-sha256", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to delete Access Grant", + "privilege": "DeleteAccessGrant", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accessgrant*" + }, + { + "condition_keys": [ + "s3:AccessGrantScope", + "s3:authType", + "s3:ResourceAccount", + "s3:signatureAge", + "s3:signatureversion", + "s3:TlsVersion", + "s3:x-amz-content-sha256", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to Delete Access Grants Instance", + "privilege": "DeleteAccessGrantsInstance", "resource_types": [ { "condition_keys": [], @@ -261301,372 +271594,6 @@ }, { "access_level": "Permissions management", - "description": "Grants permission to allow circumvention of governance-mode object retention settings", - "privilege": "BypassGovernanceRetention", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "object*" - }, - { - "condition_keys": [ - "s3:DataAccessPointAccount", - "s3:DataAccessPointArn", - "s3:AccessPointNetworkOrigin", - "s3:RequestObjectTag/", - "s3:RequestObjectTagKeys", - "s3:authType", - "s3:ResourceAccount", - "s3:signatureAge", - "s3:signatureversion", - "s3:TlsVersion", - "s3:x-amz-acl", - "s3:x-amz-content-sha256", - "s3:x-amz-copy-source", - "s3:x-amz-grant-full-control", - "s3:x-amz-grant-read", - "s3:x-amz-grant-read-acp", - "s3:x-amz-grant-write", - "s3:x-amz-grant-write-acp", - "s3:x-amz-metadata-directive", - "s3:x-amz-server-side-encryption", - "s3:x-amz-server-side-encryption-aws-kms-key-id", - "s3:x-amz-server-side-encryption-customer-algorithm", - "s3:x-amz-storage-class", - "s3:x-amz-website-redirect-location", - "s3:object-lock-mode", - "s3:object-lock-retain-until-date", - "s3:object-lock-remaining-retention-days", - "s3:object-lock-legal-hold" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create Access Grant", - "privilege": "CreateAccessGrant", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "accessgrantslocation*" - }, - { - "condition_keys": [ - "s3:authType", - "s3:ResourceAccount", - "s3:signatureAge", - "s3:signatureversion", - "s3:TlsVersion", - "s3:x-amz-content-sha256", - "aws:ResourceTag/${TagKey}", - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to Create Access Grants Instance", - "privilege": "CreateAccessGrantsInstance", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "accessgrantsinstance*" - }, - { - "condition_keys": [ - "s3:authType", - "s3:ResourceAccount", - "s3:signatureAge", - "s3:signatureversion", - "s3:TlsVersion", - "s3:x-amz-content-sha256", - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create Access Grants location", - "privilege": "CreateAccessGrantsLocation", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "accessgrantsinstance*" - }, - { - "condition_keys": [ - "s3:authType", - "s3:ResourceAccount", - "s3:signatureAge", - "s3:signatureversion", - "s3:TlsVersion", - "s3:x-amz-content-sha256", - "aws:ResourceTag/${TagKey}", - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a new access point", - "privilege": "CreateAccessPoint", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "accesspoint*" - }, - { - "condition_keys": [ - "s3:DataAccessPointAccount", - "s3:DataAccessPointArn", - "s3:AccessPointNetworkOrigin", - "s3:authType", - "s3:locationconstraint", - "s3:ResourceAccount", - "s3:signatureAge", - "s3:signatureversion", - "s3:TlsVersion", - "s3:x-amz-acl", - "s3:x-amz-content-sha256" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create an object lambda enabled accesspoint", - "privilege": "CreateAccessPointForObjectLambda", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "objectlambdaaccesspoint*" - }, - { - "condition_keys": [ - "s3:DataAccessPointAccount", - "s3:DataAccessPointArn", - "s3:AccessPointNetworkOrigin", - "s3:authType", - "s3:ResourceAccount", - "s3:signatureAge", - "s3:signatureversion", - "s3:TlsVersion", - "s3:x-amz-content-sha256" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a new bucket", - "privilege": "CreateBucket", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "bucket*" - }, - { - "condition_keys": [ - "s3:authType", - "s3:locationconstraint", - "s3:ResourceAccount", - "s3:signatureAge", - "s3:signatureversion", - "s3:TlsVersion", - "s3:x-amz-acl", - "s3:x-amz-content-sha256", - "s3:x-amz-grant-full-control", - "s3:x-amz-grant-read", - "s3:x-amz-grant-read-acp", - "s3:x-amz-grant-write", - "s3:x-amz-grant-write-acp", - "s3:x-amz-object-ownership" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a new S3 Metadata configuration for a specified bucket", - "privilege": "CreateBucketMetadataTableConfiguration", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "s3tables:CreateNamespace", - "s3tables:CreateTable", - "s3tables:GetTable", - "s3tables:PutTablePolicy" - ], - "resource_type": "bucket*" - }, - { - "condition_keys": [ - "s3:authType", - "s3:ResourceAccount", - "s3:signatureAge", - "s3:signatureversion", - "s3:TlsVersion", - "s3:x-amz-content-sha256" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a new Amazon S3 Batch Operations job", - "privilege": "CreateJob", - "resource_types": [ - { - "condition_keys": [ - "s3:authType", - "s3:ResourceAccount", - "s3:signatureAge", - "s3:signatureversion", - "s3:TlsVersion", - "s3:x-amz-content-sha256", - "s3:RequestJobPriority", - "s3:RequestJobOperation", - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [ - "iam:PassRole" - ], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a new Multi-Region Access Point", - "privilege": "CreateMultiRegionAccessPoint", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "multiregionaccesspoint*" - }, - { - "condition_keys": [ - "s3:DataAccessPointAccount", - "s3:DataAccessPointArn", - "s3:AccessPointNetworkOrigin", - "s3:authType", - "s3:ResourceAccount", - "s3:signatureversion", - "s3:signatureAge", - "s3:TlsVersion" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create an Amazon S3 Storage Lens group", - "privilege": "CreateStorageLensGroup", - "resource_types": [ - { - "condition_keys": [ - "s3:authType", - "s3:ResourceAccount", - "s3:signatureAge", - "s3:signatureversion", - "s3:TlsVersion", - "s3:x-amz-content-sha256", - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete Access Grant", - "privilege": "DeleteAccessGrant", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "accessgrant*" - }, - { - "condition_keys": [ - "s3:authType", - "s3:ResourceAccount", - "s3:signatureAge", - "s3:signatureversion", - "s3:TlsVersion", - "s3:x-amz-content-sha256", - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to Delete Access Grants Instance", - "privilege": "DeleteAccessGrantsInstance", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "accessgrantsinstance*" - }, - { - "condition_keys": [ - "s3:authType", - "s3:ResourceAccount", - "s3:signatureAge", - "s3:signatureversion", - "s3:TlsVersion", - "s3:x-amz-content-sha256", - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", "description": "Grants permission to read Access grants instance resource policy", "privilege": "DeleteAccessGrantsInstanceResourcePolicy", "resource_types": [ @@ -261691,7 +271618,7 @@ ] }, { - "access_level": "Write", + "access_level": "Permissions management", "description": "Grants permission to delete Access Grants location", "privilege": "DeleteAccessGrantsLocation", "resource_types": [ @@ -261702,6 +271629,7 @@ }, { "condition_keys": [ + "s3:AccessGrantsLocationScope", "s3:authType", "s3:ResourceAccount", "s3:signatureAge", @@ -261735,7 +271663,9 @@ "s3:signatureAge", "s3:signatureversion", "s3:TlsVersion", - "s3:x-amz-content-sha256" + "s3:x-amz-content-sha256", + "s3:AccessPointTag/${TagKey}", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -261789,7 +271719,9 @@ "s3:signatureAge", "s3:signatureversion", "s3:TlsVersion", - "s3:x-amz-content-sha256" + "s3:x-amz-content-sha256", + "s3:AccessPointTag/${TagKey}", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -261849,7 +271781,7 @@ }, { "access_level": "Write", - "description": "Grants permission to delete the S3 Metadata configuration for a specified bucket", + "description": "Grants permission to delete the S3 Metadata configuration for a specified general purpose bucket", "privilege": "DeleteBucketMetadataTableConfiguration", "resource_types": [ { @@ -261979,20 +271911,23 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "object*" + "resource_type": "accesspointobject" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "object" }, { "condition_keys": [ "s3:AccessGrantsInstanceArn", - "s3:DataAccessPointAccount", - "s3:DataAccessPointArn", - "s3:AccessPointNetworkOrigin", "s3:authType", "s3:ResourceAccount", "s3:signatureAge", "s3:signatureversion", "s3:TlsVersion", - "s3:x-amz-content-sha256" + "s3:x-amz-content-sha256", + "s3:if-match" ], "dependent_actions": [], "resource_type": "" @@ -262007,13 +271942,15 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "object*" + "resource_type": "accesspointobject" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "object" }, { "condition_keys": [ - "s3:DataAccessPointAccount", - "s3:DataAccessPointArn", - "s3:AccessPointNetworkOrigin", "s3:ExistingObjectTag/", "s3:authType", "s3:ResourceAccount", @@ -262035,14 +271972,16 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "object*" + "resource_type": "accesspointobject" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "object" }, { "condition_keys": [ "s3:AccessGrantsInstanceArn", - "s3:DataAccessPointAccount", - "s3:DataAccessPointArn", - "s3:AccessPointNetworkOrigin", "s3:authType", "s3:ResourceAccount", "s3:signatureAge", @@ -262064,13 +272003,15 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "object*" + "resource_type": "accesspointobject" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "object" }, { "condition_keys": [ - "s3:DataAccessPointAccount", - "s3:DataAccessPointArn", - "s3:AccessPointNetworkOrigin", "s3:ExistingObjectTag/", "s3:authType", "s3:ResourceAccount", @@ -262205,7 +272146,7 @@ ] }, { - "access_level": "Write", + "access_level": "Permissions management", "description": "Grants permission to disassociate Access Grants identity center", "privilege": "DissociateAccessGrantsIdentityCenter", "resource_types": [ @@ -262265,6 +272206,7 @@ }, { "condition_keys": [ + "s3:AccessGrantScope", "s3:authType", "s3:ResourceAccount", "s3:signatureAge", @@ -262365,6 +272307,7 @@ }, { "condition_keys": [ + "s3:AccessGrantsLocationScope", "s3:authType", "s3:ResourceAccount", "s3:signatureAge", @@ -262393,7 +272336,9 @@ "s3:signatureAge", "s3:signatureversion", "s3:TlsVersion", - "s3:x-amz-content-sha256" + "s3:x-amz-content-sha256", + "s3:AccessPointTag/${TagKey}", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -262474,7 +272419,9 @@ "s3:signatureAge", "s3:signatureversion", "s3:TlsVersion", - "s3:x-amz-content-sha256" + "s3:x-amz-content-sha256", + "s3:AccessPointTag/${TagKey}", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -262528,7 +272475,9 @@ "s3:signatureAge", "s3:signatureversion", "s3:TlsVersion", - "s3:x-amz-content-sha256" + "s3:x-amz-content-sha256", + "s3:AccessPointTag/${TagKey}", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -262613,7 +272562,12 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bucket*" + "resource_type": "accesspoint" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bucket" }, { "condition_keys": [ @@ -262637,7 +272591,12 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bucket*" + "resource_type": "accesspoint" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bucket" }, { "condition_keys": [ @@ -262661,7 +272620,12 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bucket*" + "resource_type": "accesspoint" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bucket" }, { "condition_keys": [ @@ -262703,7 +272667,7 @@ }, { "access_level": "Read", - "description": "Grants permission to return the S3 Metadata configuration for a specified bucket", + "description": "Grants permission to return the S3 Metadata configuration for a specified general purpose bucket", "privilege": "GetBucketMetadataTableConfiguration", "resource_types": [ { @@ -262733,7 +272697,12 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bucket*" + "resource_type": "accesspoint" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bucket" }, { "condition_keys": [ @@ -262805,7 +272774,12 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bucket*" + "resource_type": "accesspoint" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bucket" }, { "condition_keys": [ @@ -263214,55 +273188,55 @@ }, { "access_level": "Read", - "description": "Grants permission to return the route configuration for a Multi-Region Access Point", - "privilege": "GetMultiRegionAccessPointRoutes", + "description": "Grants permission to return the route configuration for a Multi-Region Access Point", + "privilege": "GetMultiRegionAccessPointRoutes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "multiregionaccesspoint*" + }, + { + "condition_keys": [ + "s3:DataAccessPointAccount", + "s3:DataAccessPointArn", + "s3:AccessPointNetworkOrigin", + "s3:authType", + "s3:ResourceAccount", + "s3:signatureversion", + "s3:signatureAge", + "s3:TlsVersion" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve objects from Amazon S3", + "privilege": "GetObject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "multiregionaccesspoint*" + "resource_type": "accesspointobject" }, - { - "condition_keys": [ - "s3:DataAccessPointAccount", - "s3:DataAccessPointArn", - "s3:AccessPointNetworkOrigin", - "s3:authType", - "s3:ResourceAccount", - "s3:signatureversion", - "s3:signatureAge", - "s3:TlsVersion" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve objects from Amazon S3", - "privilege": "GetObject", - "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "object*" + "resource_type": "object" }, { "condition_keys": [ "s3:AccessGrantsInstanceArn", - "s3:DataAccessPointAccount", - "s3:DataAccessPointArn", - "s3:AccessPointNetworkOrigin", "s3:ExistingObjectTag/", "s3:authType", "s3:ResourceAccount", "s3:signatureAge", "s3:signatureversion", "s3:TlsVersion", - "s3:x-amz-content-sha256", - "s3:if-match", - "s3:if-none-match" + "s3:x-amz-content-sha256" ], "dependent_actions": [], "resource_type": "" @@ -263277,14 +273251,16 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "object*" + "resource_type": "accesspointobject" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "object" }, { "condition_keys": [ "s3:AccessGrantsInstanceArn", - "s3:DataAccessPointAccount", - "s3:DataAccessPointArn", - "s3:AccessPointNetworkOrigin", "s3:ExistingObjectTag/", "s3:authType", "s3:ResourceAccount", @@ -263306,18 +273282,15 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "accesspoint*" + "resource_type": "accesspointobject" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "object*" + "resource_type": "object" }, { "condition_keys": [ - "s3:DataAccessPointAccount", - "s3:DataAccessPointArn", - "s3:AccessPointNetworkOrigin", "s3:ExistingObjectTag/", "s3:authType", "s3:ResourceAccount", @@ -263339,13 +273312,15 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "object*" + "resource_type": "accesspointobject" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "object" }, { "condition_keys": [ - "s3:DataAccessPointAccount", - "s3:DataAccessPointArn", - "s3:AccessPointNetworkOrigin", "s3:authType", "s3:ResourceAccount", "s3:signatureAge", @@ -263366,13 +273341,15 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "object*" + "resource_type": "accesspointobject" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "object" }, { "condition_keys": [ - "s3:DataAccessPointAccount", - "s3:DataAccessPointArn", - "s3:AccessPointNetworkOrigin", "s3:authType", "s3:ResourceAccount", "s3:signatureAge", @@ -263393,13 +273370,15 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "object*" + "resource_type": "accesspointobject" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "object" }, { "condition_keys": [ - "s3:DataAccessPointAccount", - "s3:DataAccessPointArn", - "s3:AccessPointNetworkOrigin", "s3:ExistingObjectTag/", "s3:authType", "s3:ResourceAccount", @@ -263445,14 +273424,16 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "object*" + "resource_type": "accesspointobject" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "object" }, { "condition_keys": [ "s3:AccessGrantsInstanceArn", - "s3:DataAccessPointAccount", - "s3:DataAccessPointArn", - "s3:AccessPointNetworkOrigin", "s3:ExistingObjectTag/", "s3:authType", "s3:ResourceAccount", @@ -263475,14 +273456,16 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "object*" + "resource_type": "accesspointobject" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "object" }, { "condition_keys": [ "s3:AccessGrantsInstanceArn", - "s3:DataAccessPointAccount", - "s3:DataAccessPointArn", - "s3:AccessPointNetworkOrigin", "s3:ExistingObjectTag/", "s3:authType", "s3:ResourceAccount", @@ -263505,13 +273488,15 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "object*" + "resource_type": "accesspointobject" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "object" }, { "condition_keys": [ - "s3:DataAccessPointAccount", - "s3:DataAccessPointArn", - "s3:AccessPointNetworkOrigin", "s3:ExistingObjectTag/", "s3:authType", "s3:ResourceAccount", @@ -263558,13 +273543,15 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "object*" + "resource_type": "accesspointobject" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "object" }, { "condition_keys": [ - "s3:DataAccessPointAccount", - "s3:DataAccessPointArn", - "s3:AccessPointNetworkOrigin", "s3:ExistingObjectTag/", "s3:authType", "s3:ResourceAccount", @@ -263877,14 +273864,16 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bucket*" + "resource_type": "accesspoint" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bucket" }, { "condition_keys": [ "s3:AccessGrantsInstanceArn", - "s3:DataAccessPointAccount", - "s3:DataAccessPointArn", - "s3:AccessPointNetworkOrigin", "s3:authType", "s3:delimiter", "s3:max-keys", @@ -263921,7 +273910,9 @@ "s3:signatureAge", "s3:signatureversion", "s3:TlsVersion", - "s3:x-amz-content-sha256" + "s3:x-amz-content-sha256", + "s3:AccessPointTag/${TagKey}", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -263936,14 +273927,16 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bucket*" + "resource_type": "accesspoint" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bucket" }, { "condition_keys": [ "s3:AccessGrantsInstanceArn", - "s3:DataAccessPointAccount", - "s3:DataAccessPointArn", - "s3:AccessPointNetworkOrigin", "s3:authType", "s3:delimiter", "s3:max-keys", @@ -264029,14 +274022,16 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "object*" + "resource_type": "accesspointobject" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "object" }, { "condition_keys": [ "s3:AccessGrantsInstanceArn", - "s3:DataAccessPointAccount", - "s3:DataAccessPointArn", - "s3:AccessPointNetworkOrigin", "s3:authType", "s3:ResourceAccount", "s3:signatureAge", @@ -264107,6 +274102,11 @@ "dependent_actions": [], "resource_type": "accessgrantslocation" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accesspoint" + }, { "condition_keys": [], "dependent_actions": [], @@ -264203,7 +274203,7 @@ ] }, { - "access_level": "Write", + "access_level": "Permissions management", "description": "Grants permission to put Access grants instance resource policy", "privilege": "PutAccessGrantsInstanceResourcePolicy", "resource_types": [ @@ -264266,9 +274266,6 @@ }, { "condition_keys": [ - "s3:DataAccessPointAccount", - "s3:DataAccessPointArn", - "s3:AccessPointNetworkOrigin", "s3:authType", "s3:ResourceAccount", "s3:signatureAge", @@ -264839,14 +274836,16 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "object*" + "resource_type": "accesspointobject" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "object" }, { "condition_keys": [ "s3:AccessGrantsInstanceArn", - "s3:DataAccessPointAccount", - "s3:DataAccessPointArn", - "s3:AccessPointNetworkOrigin", "s3:RequestObjectTag/", "s3:RequestObjectTagKeys", "s3:authType", @@ -264889,14 +274888,16 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "object*" + "resource_type": "accesspointobject" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "object" }, { "condition_keys": [ "s3:AccessGrantsInstanceArn", - "s3:DataAccessPointAccount", - "s3:DataAccessPointArn", - "s3:AccessPointNetworkOrigin", "s3:ExistingObjectTag/", "s3:authType", "s3:ResourceAccount", @@ -264925,13 +274926,15 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "object*" + "resource_type": "accesspointobject" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "object" }, { "condition_keys": [ - "s3:DataAccessPointAccount", - "s3:DataAccessPointArn", - "s3:AccessPointNetworkOrigin", "s3:authType", "s3:ResourceAccount", "s3:signatureAge", @@ -264953,13 +274956,15 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "object*" + "resource_type": "accesspointobject" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "object" }, { "condition_keys": [ - "s3:DataAccessPointAccount", - "s3:DataAccessPointArn", - "s3:AccessPointNetworkOrigin", "s3:authType", "s3:ResourceAccount", "s3:signatureAge", @@ -264983,13 +274988,15 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "object*" + "resource_type": "accesspointobject" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "object" }, { "condition_keys": [ - "s3:DataAccessPointAccount", - "s3:DataAccessPointArn", - "s3:AccessPointNetworkOrigin", "s3:ExistingObjectTag/", "s3:RequestObjectTag/", "s3:RequestObjectTagKeys", @@ -265013,14 +275020,16 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "object*" + "resource_type": "accesspointobject" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "object" }, { "condition_keys": [ "s3:AccessGrantsInstanceArn", - "s3:DataAccessPointAccount", - "s3:DataAccessPointArn", - "s3:AccessPointNetworkOrigin", "s3:ExistingObjectTag/", "s3:authType", "s3:ResourceAccount", @@ -265050,13 +275059,15 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "object*" + "resource_type": "accesspointobject" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "object" }, { "condition_keys": [ - "s3:DataAccessPointAccount", - "s3:DataAccessPointArn", - "s3:AccessPointNetworkOrigin", "s3:ExistingObjectTag/", "s3:RequestObjectTag/", "s3:RequestObjectTagKeys", @@ -265230,13 +275241,15 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "object*" + "resource_type": "accesspointobject" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "object" }, { "condition_keys": [ - "s3:DataAccessPointAccount", - "s3:DataAccessPointArn", - "s3:AccessPointNetworkOrigin", "s3:authType", "s3:ResourceAccount", "s3:signatureAge", @@ -265295,6 +275308,11 @@ "dependent_actions": [], "resource_type": "accessgrantslocation" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accesspoint" + }, { "condition_keys": [], "dependent_actions": [], @@ -265336,6 +275354,11 @@ "dependent_actions": [], "resource_type": "accessgrantslocation" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accesspoint" + }, { "condition_keys": [], "dependent_actions": [], @@ -265357,7 +275380,7 @@ ] }, { - "access_level": "Write", + "access_level": "Permissions management", "description": "Grants permission to update Access Grants location", "privilege": "UpdateAccessGrantsLocation", "resource_types": [ @@ -265368,6 +275391,7 @@ }, { "condition_keys": [ + "s3:AccessGrantsLocationScope", "s3:authType", "s3:ResourceAccount", "s3:signatureAge", @@ -265381,6 +275405,62 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update the inventory table configuration on an existing S3 Metadata configuration for a specified general purpose bucket", + "privilege": "UpdateBucketMetadataInventoryTableConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "kms:DescribeKey", + "s3tables:CreateNamespace", + "s3tables:CreateTable", + "s3tables:CreateTableBucket", + "s3tables:GetTable", + "s3tables:PutTableEncryption", + "s3tables:PutTablePolicy" + ], + "resource_type": "bucket*" + }, + { + "condition_keys": [ + "s3:authType", + "s3:ResourceAccount", + "s3:signatureAge", + "s3:signatureversion", + "s3:TlsVersion", + "s3:x-amz-content-sha256" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the journal table configuration on an existing S3 Metadata configuration for a specified general purpose bucket", + "privilege": "UpdateBucketMetadataJournalTableConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bucket*" + }, + { + "condition_keys": [ + "s3:authType", + "s3:ResourceAccount", + "s3:signatureAge", + "s3:signatureversion", + "s3:TlsVersion", + "s3:x-amz-content-sha256" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update the priority of an existing job", @@ -265463,9 +275543,26 @@ "resources": [ { "arn": "arn:${Partition}:s3:${Region}:${Account}:accesspoint/${AccessPointName}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "s3:AccessPointNetworkOrigin", + "s3:AccessPointTag/${TagKey}", + "s3:DataAccessPointAccount", + "s3:DataAccessPointArn" + ], "resource": "accesspoint" }, + { + "arn": "arn:${Partition}:s3:${Region}:${Account}:accesspoint/${AccessPointName}/object/${ObjectName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "s3:AccessPointNetworkOrigin", + "s3:AccessPointTag/${TagKey}", + "s3:DataAccessPointAccount", + "s3:DataAccessPointArn" + ], + "resource": "accesspointobject" + }, { "arn": "arn:${Partition}:s3:::${BucketName}", "condition_keys": [], @@ -267369,16 +277466,61 @@ }, { "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + }, + { + "condition": "s3express:AccessPointNetworkOrigin", + "description": "Filters access by the network origin (Internet or VPC)", + "type": "String" + }, + { + "condition": "s3express:AccessPointTag/${TagKey}", + "description": "Filters access by tag key-value pairs attached to the access point", + "type": "String" + }, { "condition": "s3express:AllAccessRestrictedToLocalZoneGroup", - "description": "Filters all access to the bucket unless the request originates from the AWS Local Zone network border group(s) provided in this condition key", + "description": "Filters access by AWS Local Zone network border group(s) provided in this condition key", + "type": "String" + }, + { + "condition": "s3express:BucketTag/${TagKey}", + "description": "Filters access by tag key-value pairs attached to the bucket", + "type": "String" + }, + { + "condition": "s3express:DataAccessPointAccount", + "description": "Filters access by the AWS Account ID that owns the access point", "type": "String" }, + { + "condition": "s3express:DataAccessPointArn", + "description": "Filters access by an access point Amazon Resource Name (ARN)", + "type": "ARN" + }, { "condition": "s3express:LocationName", - "description": "Filters access by a specific Availability Zone ID", + "description": "Filters access by a specific Availability Zone or Local Zone ID", "type": "String" }, + { + "condition": "s3express:Permissions", + "description": "Filters access by the permission requested by Access Point Scope configuration, such as GetObject, PutObject", + "type": "ArrayOfString" + }, { "condition": "s3express:ResourceAccount", "description": "Filters access by the resource owner AWS account ID", @@ -267427,6 +277569,35 @@ ], "prefix": "s3express", "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create a new access point", + "privilege": "CreateAccessPoint", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accesspoint*" + }, + { + "condition_keys": [ + "s3express:DataAccessPointAccount", + "s3express:DataAccessPointArn", + "s3express:AccessPointNetworkOrigin", + "s3express:authType", + "s3express:LocationName", + "s3express:ResourceAccount", + "s3express:signatureversion", + "s3express:TlsVersion", + "s3express:x-amz-content-sha256", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a new bucket", @@ -267444,7 +277615,9 @@ "s3express:ResourceAccount", "s3express:signatureversion", "s3express:TlsVersion", - "s3express:x-amz-content-sha256" + "s3express:x-amz-content-sha256", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -267452,8 +277625,8 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to Create Session token which is used for object APIs such as PutObject, GetObject, ect", + "access_level": "Write", + "description": "Grants permission to Create Session token which is used for object APIs such as PutObject, GetObject, etc", "privilege": "CreateSession", "resource_types": [ { @@ -267461,6 +277634,13 @@ "dependent_actions": [], "resource_type": "bucket*" }, + { + "condition_keys": [ + "s3express:Permissions" + ], + "dependent_actions": [], + "resource_type": "accesspoint" + }, { "condition_keys": [ "s3express:authType", @@ -267471,7 +277651,87 @@ "s3express:TlsVersion", "s3express:x-amz-content-sha256", "s3express:x-amz-server-side-encryption", - "s3express:x-amz-server-side-encryption-aws-kms-key-id" + "s3express:x-amz-server-side-encryption-aws-kms-key-id", + "s3express:AllAccessRestrictedToLocalZoneGroup", + "s3express:Permissions" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the access point named in the URI", + "privilege": "DeleteAccessPoint", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accesspoint*" + }, + { + "condition_keys": [ + "s3express:DataAccessPointAccount", + "s3express:DataAccessPointArn", + "s3express:AccessPointNetworkOrigin", + "s3express:authType", + "s3express:ResourceAccount", + "s3express:signatureversion", + "s3express:TlsVersion", + "s3express:x-amz-content-sha256" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to delete the policy on a specified access point", + "privilege": "DeleteAccessPointPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accesspoint*" + }, + { + "condition_keys": [ + "s3express:DataAccessPointAccount", + "s3express:DataAccessPointArn", + "s3express:AccessPointNetworkOrigin", + "s3express:authType", + "s3express:ResourceAccount", + "s3express:signatureversion", + "s3express:TlsVersion", + "s3express:x-amz-content-sha256" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to delete the scope configuration on a specified access point", + "privilege": "DeleteAccessPointScope", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accesspoint*" + }, + { + "condition_keys": [ + "s3express:DataAccessPointAccount", + "s3express:DataAccessPointArn", + "s3express:AccessPointNetworkOrigin", + "s3express:authType", + "s3express:ResourceAccount", + "s3express:signatureversion", + "s3express:TlsVersion", + "s3express:x-amz-content-sha256" ], "dependent_actions": [], "resource_type": "" @@ -267526,8 +277786,132 @@ }, { "access_level": "Read", - "description": "Grants permission to return the policy of the specified bucket", - "privilege": "GetBucketPolicy", + "description": "Grants permission to return configuration information about the specified access point", + "privilege": "GetAccessPoint", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accesspoint*" + }, + { + "condition_keys": [ + "s3express:DataAccessPointAccount", + "s3express:DataAccessPointArn", + "s3express:AccessPointNetworkOrigin", + "s3express:authType", + "s3express:ResourceAccount", + "s3express:signatureversion", + "s3express:TlsVersion", + "s3express:x-amz-content-sha256" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return the access point policy associated with the specified access point", + "privilege": "GetAccessPointPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accesspoint*" + }, + { + "condition_keys": [ + "s3express:DataAccessPointAccount", + "s3express:DataAccessPointArn", + "s3express:AccessPointNetworkOrigin", + "s3express:authType", + "s3express:ResourceAccount", + "s3express:signatureversion", + "s3express:TlsVersion", + "s3express:x-amz-content-sha256" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return the scope configuration associated with the specified access point", + "privilege": "GetAccessPointScope", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accesspoint*" + }, + { + "condition_keys": [ + "s3express:DataAccessPointAccount", + "s3express:DataAccessPointArn", + "s3express:AccessPointNetworkOrigin", + "s3express:authType", + "s3express:ResourceAccount", + "s3express:signatureversion", + "s3express:TlsVersion", + "s3express:x-amz-content-sha256" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return the policy of the specified bucket", + "privilege": "GetBucketPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bucket*" + }, + { + "condition_keys": [ + "s3express:authType", + "s3express:ResourceAccount", + "s3express:signatureversion", + "s3express:TlsVersion", + "s3express:x-amz-content-sha256" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return the default encryption configuration for a directory bucket", + "privilege": "GetEncryptionConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bucket*" + }, + { + "condition_keys": [ + "s3express:authType", + "s3express:ResourceAccount", + "s3express:signatureversion", + "s3express:TlsVersion", + "s3express:x-amz-content-sha256" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return the lifecycle configuration information set on a directory bucket", + "privilege": "GetLifecycleConfiguration", "resource_types": [ { "condition_keys": [], @@ -267548,14 +277932,55 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to return the default encryption configuration for a directory bucket", - "privilege": "GetEncryptionConfiguration", + "access_level": "List", + "description": "Grants permission to list access points", + "privilege": "ListAccessPointsForDirectoryBuckets", + "resource_types": [ + { + "condition_keys": [ + "s3express:authType", + "s3express:ResourceAccount", + "s3express:signatureversion", + "s3express:TlsVersion", + "s3express:x-amz-content-sha256" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all directory buckets owned by the authenticated sender of the request", + "privilege": "ListAllMyDirectoryBuckets", + "resource_types": [ + { + "condition_keys": [ + "s3express:authType", + "s3express:ResourceAccount", + "s3express:signatureversion", + "s3express:TlsVersion", + "s3express:x-amz-content-sha256" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to lists all of the tags for a specified resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bucket*" + "resource_type": "accesspoint" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bucket" }, { "condition_keys": [ @@ -267571,17 +277996,20 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to return the lifecycle configuration information set on a directory bucket", - "privilege": "GetLifecycleConfiguration", + "access_level": "Permissions management", + "description": "Grants permission to associate an access policy with a specified access point", + "privilege": "PutAccessPointPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bucket*" + "resource_type": "accesspoint*" }, { "condition_keys": [ + "s3express:DataAccessPointAccount", + "s3express:DataAccessPointArn", + "s3express:AccessPointNetworkOrigin", "s3express:authType", "s3express:ResourceAccount", "s3express:signatureversion", @@ -267594,12 +278022,20 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all directory buckets owned by the authenticated sender of the request", - "privilege": "ListAllMyDirectoryBuckets", + "access_level": "Permissions management", + "description": "Grants permission to associate an access point with a specified access point scope configuration", + "privilege": "PutAccessPointScope", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accesspoint*" + }, { "condition_keys": [ + "s3express:DataAccessPointAccount", + "s3express:DataAccessPointArn", + "s3express:AccessPointNetworkOrigin", "s3express:authType", "s3express:ResourceAccount", "s3express:signatureversion", @@ -267679,19 +278115,119 @@ "resource_type": "" } ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to create a new user-defined tag or update an existing tag", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accesspoint" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bucket" + }, + { + "condition_keys": [ + "s3express:authType", + "s3express:ResourceAccount", + "s3express:signatureversion", + "s3express:TlsVersion", + "s3express:x-amz-content-sha256", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to remove the specified user-defined tags from an S3 resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accesspoint" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bucket" + }, + { + "condition_keys": [ + "s3express:authType", + "s3express:ResourceAccount", + "s3express:signatureversion", + "s3express:TlsVersion", + "s3express:x-amz-content-sha256", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] } ], "resources": [ { "arn": "arn:${Partition}:s3express:${Region}:${Account}:bucket/${BucketName}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "s3express:BucketTag/${TagKey}" + ], "resource": "bucket" + }, + { + "arn": "arn:${Partition}:s3express:${Region}:${Account}:accesspoint/${AccessPointName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "s3express:AccessPointTag/${TagKey}" + ], + "resource": "accesspoint" } ], "service_name": "Amazon S3 Express" }, { "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + }, + { + "condition": "s3tables:KMSKeyArn", + "description": "Filters access by the AWS KMS key ARN for the key used to encrypt a table", + "type": "ARN" + }, + { + "condition": "s3tables:SSEAlgorithm", + "description": "Filters access by the server-side encryption algorithm used to encrypt a table", + "type": "String" + }, + { + "condition": "s3tables:TableBucketTag/${TagKey}", + "description": "Filters access by the tags associated with the table bucket", + "type": "String" + }, { "condition": "s3tables:namespace", "description": "Filters access by the namespaces created in the table bucket", @@ -267729,7 +278265,13 @@ }, { "condition_keys": [ - "s3tables:namespace" + "s3tables:namespace", + "s3tables:SSEAlgorithm", + "s3tables:KMSKeyArn", + "s3tables:TableBucketTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -267745,6 +278287,18 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "TableBucket*" + }, + { + "condition_keys": [ + "s3tables:SSEAlgorithm", + "s3tables:KMSKeyArn", + "s3tables:TableBucketTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -267799,6 +278353,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete encryption configuration on a table bucket", + "privilege": "DeleteTableBucketEncryption", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "TableBucket*" + } + ] + }, { "access_level": "Permissions management", "description": "Grants permission to delete a policy on a table bucket", @@ -267882,6 +278448,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve encryption configuration on a table bucket", + "privilege": "GetTableBucketEncryption", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "TableBucket*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve a maintenance configuration on a table bucket", @@ -267926,6 +278504,26 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve encryption configuration on a table", + "privilege": "GetTableEncryption", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Table*" + }, + { + "condition_keys": [ + "s3tables:namespace", + "s3tables:tableName" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve a maintenance configuration on a table", @@ -268049,6 +278647,51 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list the tag for a S3Table's resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Table" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "TableBucket" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "s3tables:TableBucketTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to put or overwrite encryption configuration on a table bucket", + "privilege": "PutTableBucketEncryption", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "TableBucket*" + }, + { + "condition_keys": [ + "s3tables:KMSKeyArn", + "s3tables:SSEAlgorithm" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to put a maintenance configuration on a table bucket", @@ -268093,6 +278736,27 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to put encryption configuration on a table", + "privilege": "PutTableEncryption", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Table*" + }, + { + "condition_keys": [ + "s3tables:namespace", + "s3tables:SSEAlgorithm", + "s3tables:KMSKeyArn" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to put a maintenance configuration on a table", @@ -268145,7 +278809,61 @@ }, { "condition_keys": [ - "s3tables:namespace" + "s3tables:namespace", + "s3tables:tableName" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to tag a S3Table's resource", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Table" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "TableBucket" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "s3tables:TableBucketTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to untag a S3Table's resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Table" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "TableBucket" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:ResourceTag/${TagKey}", + "s3tables:TableBucketTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -268176,12 +278894,17 @@ "resources": [ { "arn": "arn:${Partition}:s3tables:${Region}:${Account}:bucket/${TableBucketName}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "s3tables:TableBucketTag/${TagKey}" + ], "resource": "TableBucket" }, { "arn": "arn:${Partition}:s3tables:${Region}:${Account}:bucket/${TableBucketName}/table/${TableID}", "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "s3tables:TableBucketTag/${TagKey}", "s3tables:namespace", "s3tables:tableName" ], @@ -268190,6 +278913,240 @@ ], "service_name": "Amazon S3 Tables" }, + { + "conditions": [ + { + "condition": "s3vectors:kmsKeyArn", + "description": "Filters access by the AWS KMS key ARN for the key used to encrypt a vector bucket", + "type": "ARN" + }, + { + "condition": "s3vectors:sseType", + "description": "Filters access by server-side encryption type", + "type": "String" + } + ], + "prefix": "s3vectors", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create a new vector index within a specified vector bucket", + "privilege": "CreateIndex", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Index*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a new vector bucket", + "privilege": "CreateVectorBucket", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "VectorBucket*" + }, + { + "condition_keys": [ + "s3vectors:sseType", + "s3vectors:kmsKeyArn" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a specified vector index", + "privilege": "DeleteIndex", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Index*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a specified vector bucket", + "privilege": "DeleteVectorBucket", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "VectorBucket*" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to delete the IAM resource policy from a specified vector bucket", + "privilege": "DeleteVectorBucketPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "VectorBucket*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a batch of vectors from a specified vector index", + "privilege": "DeleteVectors", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Index*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the attributes of a specified vector index", + "privilege": "GetIndex", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Index*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the attributes of a specified vector bucket", + "privilege": "GetVectorBucket", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "VectorBucket*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the IAM resource policy for a specific vector bucket", + "privilege": "GetVectorBucketPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "VectorBucket*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a batch of vectors by their vector keys", + "privilege": "GetVectors", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Index*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to get a paginated list of all indexes in a specified vector bucket", + "privilege": "ListIndexes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "VectorBucket*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to get a paginated list of all vector buckets in the account", + "privilege": "ListVectorBuckets", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to get a paginated list of all vectors in a specified vector index", + "privilege": "ListVectors", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "s3vectors:GetVectors" + ], + "resource_type": "Index*" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to add an IAM resource policy to a specified vector bucket", + "privilege": "PutVectorBucketPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "VectorBucket*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to add a batch of vectors to a specified vector index", + "privilege": "PutVectors", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Index*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to find approximate nearest neighbors within a specified search vector index for a given query vector", + "privilege": "QueryVectors", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "s3vectors:GetVectors" + ], + "resource_type": "Index*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:s3vectors:${Region}:${Account}:bucket/${BucketName}/index/${IndexName}", + "condition_keys": [], + "resource": "Index" + }, + { + "arn": "arn:${Partition}:s3vectors:${Region}:${Account}:bucket/${BucketName}", + "condition_keys": [], + "resource": "VectorBucket" + } + ], + "service_name": "Amazon S3 Vectors" + }, { "conditions": [ { @@ -268217,6 +279174,21 @@ "description": "Filters access by the app network access type associated with the resource in the request", "type": "String" }, + { + "condition": "sagemaker:CurrentCustomerMetadataProperties/${MetadataKey}", + "description": "Filters access by a current metadata key and value pair associated with the model-package resource", + "type": "String" + }, + { + "condition": "sagemaker:CurrentModelLifeCycleStage", + "description": "Filters access by the current value of the Stage field in the model life cycle object associated with the model-package resource", + "type": "String" + }, + { + "condition": "sagemaker:CurrentModelLifeCycleStageStatus", + "description": "Filters access by the current value of the StageStatus field in the model life cycle object associated with the model-package resource", + "type": "String" + }, { "condition": "sagemaker:CustomerMetadataProperties/${MetadataKey}", "description": "Filters access by a metadata key and value pair", @@ -268227,6 +279199,11 @@ "description": "Filters access by the list of metadata properties associated with the model-package resource in the request", "type": "ArrayOfString" }, + { + "condition": "sagemaker:DirectGatedModelAccess", + "description": "Used to deny direct access to SageMaker gated ModelReferences", + "type": "String" + }, { "condition": "sagemaker:DirectInternetAccess", "description": "Filters access by the direct internet access associated with the resource in the request", @@ -268347,6 +279324,16 @@ "description": "Filters access by the model arn associated with the resource in the request", "type": "ARN" }, + { + "condition": "sagemaker:ModelLifeCycle:Stage", + "description": "Filters access by stage field in the model life cycle object associated with the model-package resource in the request", + "type": "String" + }, + { + "condition": "sagemaker:ModelLifeCycle:StageStatus", + "description": "Filters access by stageStatus field in the model life cycle object associated with the model-package resource in the request", + "type": "String" + }, { "condition": "sagemaker:NetworkIsolation", "description": "Filters access by the network isolation associated with the resource in the request", @@ -268362,6 +279349,16 @@ "description": "Filters access by the OwnerUserProfile arn associated with the space in the request", "type": "ARN" }, + { + "condition": "sagemaker:PipelineVersionId", + "description": "Filters access to specific version IDs of a Sagemaker pipeline", + "type": "String" + }, + { + "condition": "sagemaker:RemoteAccess", + "description": "Filters access by the remote access flag associated with the space in the request", + "type": "String" + }, { "condition": "sagemaker:ResourceTag/", "description": "Filters access by the preface string for a tag key and value pair attached to a resource", @@ -268668,7 +279665,11 @@ "resource_type": "model-explainability-job-definition" }, { - "condition_keys": [], + "condition_keys": [ + "sagemaker:CurrentModelLifeCycleStageStatus", + "sagemaker:CurrentModelLifeCycleStage", + "sagemaker:CurrentCustomerMetadataProperties/${MetadataKey}" + ], "dependent_actions": [], "resource_type": "model-package" }, @@ -268692,6 +279693,11 @@ "dependent_actions": [], "resource_type": "notebook-instance" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "notebook-instance-lifecycle-config" + }, { "condition_keys": [], "dependent_actions": [], @@ -268785,6 +279791,36 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to attach an Amazon EBS volume to a SageMaker HyperPod cluster node", + "privilege": "AttachClusterNodeVolume", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "ec2:AttachVolume", + "ec2:DescribeVolumes", + "eks:DescribeCluster" + ], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to add multiple nodes at a time to a SageMaker HyperPod cluster", + "privilege": "BatchAddClusterNodes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "eks:DescribeCluster" + ], + "resource_type": "cluster*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to batch delete SageMaker HyperPod cluster nodes", @@ -268805,7 +279841,11 @@ "privilege": "BatchDescribeModelPackage", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "sagemaker:CurrentModelLifeCycleStageStatus", + "sagemaker:CurrentModelLifeCycleStage", + "sagemaker:CurrentCustomerMetadataProperties/${MetadataKey}" + ], "dependent_actions": [], "resource_type": "model-package*" } @@ -269048,6 +280088,10 @@ { "condition_keys": [], "dependent_actions": [ + "ec2:DescribeImages", + "ec2:DescribeSnapshots", + "ec2:ModifyImageAttribute", + "ec2:ModifySnapshotAttribute", "eks:AssociateAccessPolicy", "eks:CreateAccessEntry", "eks:DeleteAccessEntry", @@ -269072,7 +280116,10 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "sagemaker:InstanceTypes", + "sagemaker:VpcSecurityGroupIds", + "sagemaker:VpcSubnets" ], "dependent_actions": [], "resource_type": "" @@ -269520,6 +280567,23 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to generate S3 presigned URLs with GetObject permission for accessing model artifacts", + "privilege": "CreateHubContentPresignedUrls", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "hub*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "hub-content*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create hub content reference", @@ -269794,7 +280858,8 @@ "aws:TagKeys", "sagemaker:NetworkIsolation", "sagemaker:VpcSecurityGroupIds", - "sagemaker:VpcSubnets" + "sagemaker:VpcSubnets", + "sagemaker:DirectGatedModelAccess" ], "dependent_actions": [], "resource_type": "" @@ -269903,7 +280968,11 @@ "privilege": "CreateModelPackage", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "sagemaker:CurrentModelLifeCycleStageStatus", + "sagemaker:CurrentModelLifeCycleStage", + "sagemaker:CurrentCustomerMetadataProperties/${MetadataKey}" + ], "dependent_actions": [ "sagemaker:AddTags" ], @@ -269919,7 +280988,9 @@ "aws:RequestTag/${TagKey}", "aws:TagKeys", "sagemaker:ModelApprovalStatus", - "sagemaker:CustomerMetadataProperties/${MetadataKey}" + "sagemaker:CustomerMetadataProperties/${MetadataKey}", + "sagemaker:ModelLifeCycle:Stage", + "sagemaker:ModelLifeCycle:StageStatus" ], "dependent_actions": [], "resource_type": "" @@ -270048,8 +281119,18 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "sagemaker:AddTags" + ], "resource_type": "notebook-instance-lifecycle-config*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -270276,6 +281357,7 @@ "sagemaker:ImageArns", "sagemaker:ImageVersionArns", "sagemaker:OwnerUserProfileArn", + "sagemaker:RemoteAccess", "sagemaker:SpaceSharingType" ], "dependent_actions": [], @@ -270345,7 +281427,8 @@ "sagemaker:VpcSecurityGroupIds", "sagemaker:VpcSubnets", "sagemaker:KeepAlivePeriod", - "sagemaker:EnableRemoteDebug" + "sagemaker:EnableRemoteDebug", + "sagemaker:DirectGatedModelAccess" ], "dependent_actions": [], "resource_type": "" @@ -271031,7 +282114,11 @@ "privilege": "DeleteModelPackage", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "sagemaker:CurrentModelLifeCycleStageStatus", + "sagemaker:CurrentModelLifeCycleStage", + "sagemaker:CurrentCustomerMetadataProperties/${MetadataKey}" + ], "dependent_actions": [], "resource_type": "model-package*" } @@ -271409,7 +282496,11 @@ "resource_type": "model-explainability-job-definition" }, { - "condition_keys": [], + "condition_keys": [ + "sagemaker:CurrentModelLifeCycleStageStatus", + "sagemaker:CurrentModelLifeCycleStage", + "sagemaker:CurrentCustomerMetadataProperties/${MetadataKey}" + ], "dependent_actions": [], "resource_type": "model-package" }, @@ -271433,6 +282524,11 @@ "dependent_actions": [], "resource_type": "notebook-instance" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "notebook-instance-lifecycle-config" + }, { "condition_keys": [], "dependent_actions": [], @@ -271692,6 +282788,30 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to return information about an Event within a SageMaker HyperPod cluster", + "privilege": "DescribeClusterEvent", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get information about the inference operator for a SageMaker HyperPod cluster", + "privilege": "DescribeClusterInference", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to return information about a SageMaker HyperPod cluster node", @@ -272135,7 +283255,11 @@ "privilege": "DescribeModelPackage", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "sagemaker:CurrentModelLifeCycleStageStatus", + "sagemaker:CurrentModelLifeCycleStage", + "sagemaker:CurrentCustomerMetadataProperties/${MetadataKey}" + ], "dependent_actions": [], "resource_type": "model-package*" } @@ -272234,6 +283358,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "pipeline*" + }, + { + "condition_keys": [ + "sagemaker:PipelineVersionId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -272285,6 +283416,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to return information about a specified Reserved Capacity", + "privilege": "DescribeReservedCapacity", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "reserved-capacity*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe a shared model in a SageMaker Studio application", @@ -272429,6 +283572,22 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to detach an Amazon EBS volume from a SageMaker HyperPod cluster node", + "privilege": "DetachClusterNodeVolume", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "ec2:DescribeVolumes", + "ec2:DetachVolume", + "eks:DescribeCluster" + ], + "resource_type": "cluster*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to disable a SageMaker Service Catalog Portfolio", @@ -272788,6 +283947,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list events within a SageMaker HyperPod cluster", + "privilege": "ListClusterEvents", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, { "access_level": "List", "description": "Grants permission to list nodes within a SageMaker HyperPod cluster", @@ -273453,6 +284624,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list versions of a pipeline", + "privilege": "ListPipelineVersions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "pipeline*" + } + ] + }, { "access_level": "List", "description": "Grants permission to list pipelines", @@ -273781,7 +284964,11 @@ "resource_type": "model-explainability-job-definition" }, { - "condition_keys": [], + "condition_keys": [ + "sagemaker:CurrentModelLifeCycleStageStatus", + "sagemaker:CurrentModelLifeCycleStage", + "sagemaker:CurrentCustomerMetadataProperties/${MetadataKey}" + ], "dependent_actions": [], "resource_type": "model-package" }, @@ -273805,6 +284992,11 @@ "dependent_actions": [], "resource_type": "notebook-instance" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "notebook-instance-lifecycle-config" + }, { "condition_keys": [], "dependent_actions": [], @@ -273820,6 +285012,11 @@ "dependent_actions": [], "resource_type": "pipeline" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "pipeline-execution" + }, { "condition_keys": [], "dependent_actions": [], @@ -273944,6 +285141,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list all UltraServers in a specified Reserved Capacity", + "privilege": "ListUltraServersByReservedCapacity", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "reserved-capacity*" + } + ] + }, { "access_level": "List", "description": "Grants permission to list the UserProfiles in your account", @@ -274241,6 +285450,25 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "pipeline*" + }, + { + "condition_keys": [ + "sagemaker:PipelineVersionId" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start a remote session for a SageMaker space", + "privilege": "StartSession", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "space*" } ] }, @@ -274448,6 +285676,23 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to train a model in hub", + "privilege": "TrainHubModel", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "hub*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "hub-content*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update an action", @@ -274492,12 +285737,17 @@ { "condition_keys": [], "dependent_actions": [ + "ec2:DescribeImages", + "ec2:DescribeSnapshots", + "ec2:ModifyImageAttribute", + "ec2:ModifySnapshotAttribute", "eks:AssociateAccessPolicy", "eks:CreateAccessEntry", "eks:DeleteAccessEntry", "eks:DescribeAccessEntry", "eks:DescribeCluster", "iam:PassRole", + "sagemaker:BatchAddClusterNodes", "sagemaker:BatchDeleteClusterNodes" ], "resource_type": "cluster*" @@ -274511,6 +285761,33 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "training-plan" + }, + { + "condition_keys": [ + "sagemaker:InstanceTypes", + "sagemaker:VpcSecurityGroupIds", + "sagemaker:VpcSubnets" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the inference operator for a SageMaker HyperPod cluster", + "privilege": "UpdateClusterInference", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "eks:AssociateAccessPolicy", + "eks:DescribeCluster", + "eks:ListAssociatedAccessPolicies", + "iam:PassRole", + "sagemaker:DescribeCluster" + ], + "resource_type": "cluster*" } ] }, @@ -274534,6 +285811,10 @@ { "condition_keys": [], "dependent_actions": [ + "ec2:DescribeImages", + "ec2:DescribeSnapshots", + "ec2:ModifyImageAttribute", + "ec2:ModifySnapshotAttribute", "eks:DescribeCluster" ], "resource_type": "cluster*" @@ -274702,6 +285983,40 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update hub content", + "privilege": "UpdateHubContent", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "hub*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "hub-content*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update hub content reference", + "privilege": "UpdateHubContentReference", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "hub*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "hub-content*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update the properties of a SageMaker Image", @@ -274794,7 +286109,11 @@ "privilege": "UpdateModelPackage", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "sagemaker:CurrentModelLifeCycleStageStatus", + "sagemaker:CurrentModelLifeCycleStage", + "sagemaker:CurrentCustomerMetadataProperties/${MetadataKey}" + ], "dependent_actions": [], "resource_type": "model-package*" }, @@ -274802,7 +286121,9 @@ "condition_keys": [ "sagemaker:ModelApprovalStatus", "sagemaker:CustomerMetadataProperties/${MetadataKey}", - "sagemaker:CustomerMetadataPropertiesToRemove" + "sagemaker:CustomerMetadataPropertiesToRemove", + "sagemaker:ModelLifeCycle:Stage", + "sagemaker:ModelLifeCycle:StageStatus" ], "dependent_actions": [], "resource_type": "" @@ -274928,6 +286249,25 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update a pipeline version", + "privilege": "UpdatePipelineVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "pipeline*" + }, + { + "condition_keys": [ + "sagemaker:PipelineVersionId" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update a Project", @@ -274976,6 +286316,7 @@ "sagemaker:ImageArns", "sagemaker:ImageVersionArns", "sagemaker:OwnerUserProfileArn", + "sagemaker:RemoteAccess", "sagemaker:SpaceSharingType" ], "dependent_actions": [], @@ -275245,7 +286586,10 @@ }, { "arn": "arn:${Partition}:sagemaker:${Region}:${Account}:notebook-instance-lifecycle-config/${NotebookInstanceLifecycleConfigName}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "sagemaker:ResourceTag/${TagKey}" + ], "resource": "notebook-instance-lifecycle-config" }, { @@ -275266,7 +286610,10 @@ }, { "arn": "arn:${Partition}:sagemaker:${Region}:${Account}:image-version/${ImageName}/${Version}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "sagemaker:ResourceTag/${TagKey}" + ], "resource": "image-version" }, { @@ -275337,6 +286684,9 @@ "arn": "arn:${Partition}:sagemaker:${Region}:${Account}:model-package/${ModelPackageName}", "condition_keys": [ "aws:ResourceTag/${TagKey}", + "sagemaker:CurrentCustomerMetadataProperties/${MetadataKey}", + "sagemaker:CurrentModelLifeCycleStage", + "sagemaker:CurrentModelLifeCycleStageStatus", "sagemaker:ResourceTag/${TagKey}" ], "resource": "model-package" @@ -275500,7 +286850,10 @@ }, { "arn": "arn:${Partition}:sagemaker:${Region}:${Account}:pipeline/${PipelineName}/execution/${RandomString}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "sagemaker:ResourceTag/${TagKey}" + ], "resource": "pipeline-execution" }, { @@ -276039,158 +287392,6 @@ ], "service_name": "Amazon SageMaker geospatial capabilities" }, - { - "conditions": [], - "prefix": "sagemaker-groundtruth-synthetic", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to create a project", - "privilege": "CreateProject", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a project", - "privilege": "DeleteProject", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get account details", - "privilege": "GetAccountDetails", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get a batch", - "privilege": "GetBatch", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get a project", - "privilege": "GetProject", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list batch data transfers", - "privilege": "ListBatchDataTransfers", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list batch summaries", - "privilege": "ListBatchSummaries", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list project data transfers", - "privilege": "ListProjectDataTransfers", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list project summaries", - "privilege": "ListProjectSummaries", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to start a batch data transfer", - "privilege": "StartBatchDataTransfer", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to start a project data transfer", - "privilege": "StartProjectDataTransfer", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a batch", - "privilege": "UpdateBatch", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - } - ], - "resources": [], - "service_name": "Amazon SageMaker Ground Truth Synthetic" - }, { "conditions": [ { @@ -276278,6 +287479,30 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a logged model in MLflow", + "privilege": "DeleteLoggedModel", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "mlflow-tracking-server*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a tag for a logged model in MLflow", + "privilege": "DeleteLoggedModelTag", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "mlflow-tracking-server*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a model version", @@ -276398,6 +287623,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to set status for a logged model in MLflow", + "privilege": "FinalizeLoggedModel", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "mlflow-tracking-server*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get a URI to download model artifacts for a specific model version", @@ -276446,6 +287683,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get a logged model in MLflow", + "privilege": "GetLoggedModel", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "mlflow-tracking-server*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get a list of all values for the specified metric for a given run", @@ -276530,6 +287779,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list artifacts for a logged model in MLflow", + "privilege": "ListLoggedModelArtifacts", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "mlflow-tracking-server*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to log a batch of metrics, parameters, and tags for a run", @@ -276554,6 +287815,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to log params for a logged model in MLflow", + "privilege": "LogLoggedModelParams", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "mlflow-tracking-server*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to log a metric for a run", @@ -276578,6 +287851,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to log outputs, such as models, for a run in MLflow", + "privilege": "LogOutputs", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "mlflow-tracking-server*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to log a parameter tracked during a run", @@ -276638,6 +287923,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to search for logged models in MLflow", + "privilege": "SearchLoggedModels", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "mlflow-tracking-server*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to search for a model version", @@ -276698,6 +287995,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to set tags for a logged model in MLflow", + "privilege": "SetLoggedModelTags", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "mlflow-tracking-server*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to set a tag for the model version", @@ -276852,7 +288161,7 @@ }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tag-value assoicated with the resource", + "description": "Filters access by tag-value associated with the resource", "type": "String" }, { @@ -277842,6 +289151,14 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "instance*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -277854,6 +289171,34 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "instance*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create the data lake namespace", + "privilege": "CreateDataLakeNamespace", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -277866,6 +289211,14 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "instance*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -277905,6 +289258,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete the data lake namespace", + "privilege": "DeleteDataLakeNamespace", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "namespace*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete an AWS Supply Chain instance", @@ -277953,6 +289318,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get a DataIntegrationEvent", + "privilege": "GetDataIntegrationEvent", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "instance*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get the DataIntegrationFlow details", @@ -277965,6 +289342,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get a particular execution of one specified DataIntegrationFlow", + "privilege": "GetDataIntegrationFlowExecution", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "data-integration-flow*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get the dataset details", @@ -277977,6 +289366,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get the namespace details", + "privilege": "GetDataLakeNamespace", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "namespace*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to view details of an AWS Supply Chain instance", @@ -278001,6 +289402,30 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list all DataIntegrationEvents under an instance", + "privilege": "ListDataIntegrationEvents", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "instance*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all executions of one specified DataIntegrationFlow", + "privilege": "ListDataIntegrationFlowExecutions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "data-integration-flow*" + } + ] + }, { "access_level": "List", "description": "Grants permission to list all the DataIntegrationFlows in a paginated way", @@ -278015,7 +289440,7 @@ }, { "access_level": "List", - "description": "Grants permission to list the data lake datasets under specific instance and namespace", + "description": "Grants permission to list the data lake datasets under specific instance or namespace", "privilege": "ListDataLakeDatasets", "resource_types": [ { @@ -278025,6 +289450,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list the data lake namespaces under specific instance", + "privilege": "ListDataLakeNamespaces", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "instance*" + } + ] + }, { "access_level": "List", "description": "Grants permission to view the AWS Supply Chain instances associated with an AWS account", @@ -278136,6 +289573,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update the data lake namespace", + "privilege": "UpdateDataLakeNamespace", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "namespace*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update an AWS Supply Chain instance", @@ -278152,7 +289601,9 @@ "resources": [ { "arn": "arn:${Partition}:scn:${Region}:${Account}:instance/${InstanceId}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "instance" }, { @@ -278162,12 +289613,23 @@ }, { "arn": "arn:${Partition}:scn:${Region}:${Account}:instance/${InstanceId}/data-integration-flows/${FlowName}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "data-integration-flow" }, + { + "arn": "arn:${Partition}:scn:${Region}:${Account}:instance/${InstanceId}/namespaces/${Namespace}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "namespace" + }, { "arn": "arn:${Partition}:scn:${Region}:${Account}:instance/${InstanceId}/namespaces/${Namespace}/datasets/${DatasetName}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "dataset" } ], @@ -278396,7 +289858,7 @@ }, { "condition": "secretsmanager:SecretPrimaryRegion", - "description": "Filters access by primary region in which the secret is created", + "description": "Filters access by primary region in which the secret is created if the secret is a multi-Region secret", "type": "String" }, { @@ -279012,6 +290474,11 @@ "description": "Grants permission to create a case", "privilege": "CreateCase", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "case*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -279040,15 +290507,20 @@ "privilege": "CreateMembership", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [ "iam:CreateServiceLinkedRole", "organizations:DescribeOrganization", "organizations:ListDelegatedAdministrators" ], + "resource_type": "membership*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] @@ -279269,7 +290741,8 @@ { "condition_keys": [], "dependent_actions": [ - "iam:CreateServiceLinkedRole" + "iam:CreateServiceLinkedRole", + "organizations:DescribeOrganizationalUnit" ], "resource_type": "membership*" } @@ -279328,6 +290801,11 @@ "description": "Filters access by the specified fields and values in the request", "type": "String" }, + { + "condition": "securityhub:OCSFSyntaxPath/${OCSFSyntaxPath}", + "description": "Filters access by the specified fields and values in the request", + "type": "String" + }, { "condition": "securityhub:TargetAccount", "description": "Filters access by the AwsAccountId field that is specified in the request", @@ -279501,9 +290979,15 @@ "dependent_actions": [], "resource_type": "hub" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "hubv2" + }, { "condition_keys": [ - "securityhub:ASFFSyntaxPath/${ASFFSyntaxPath}" + "securityhub:ASFFSyntaxPath/${ASFFSyntaxPath}", + "securityhub:OCSFSyntaxPath/${OCSFSyntaxPath}" ], "dependent_actions": [], "resource_type": "" @@ -279524,6 +291008,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to complete the OAuth 2.0 authorization code flow based on input parameters", + "privilege": "ConnectorRegistrationsV2", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create custom actions in Security Hub", @@ -279536,6 +291032,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create an aggregatorV2, which configures data aggregation across Regions", + "privilege": "CreateAggregatorV2", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create an automation rule based on input parameters", @@ -279551,6 +291059,21 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create an automation rule V2 based on input parameters", + "privilege": "CreateAutomationRuleV2", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a configuration policy to manage organization member settings in Security Hub", @@ -279566,6 +291089,21 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a connector V2 based on input parameters", + "privilege": "CreateConnectorV2", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a finding aggregator, which contains the cross-Region finding aggregation configuration", @@ -279602,6 +291140,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create ticket for a selected OCSF finding", + "privilege": "CreateTicketV2", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connectorv2" + } + ] + }, { "access_level": "Write", "description": "Grants permission to decline Security Hub invitations to become a member account", @@ -279626,6 +291176,30 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete an aggregatorV2, which configures data aggregation across Regions", + "privilege": "DeleteAggregatorV2", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "aggregatorv2*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an automation rule V2 in Security Hub", + "privilege": "DeleteAutomationRuleV2", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "automation-rulev2*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete an existing configuration policy", @@ -279638,6 +291212,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a connector V2 in Security Hub", + "privilege": "DeleteConnectorV2", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connectorv2*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a finding aggregator, which disables finding aggregation across Regions", @@ -279734,6 +291320,30 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about the available Security Hub V2 product integrations", + "privilege": "DescribeProductsV2", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "hubv2" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about the hub V2 resource in your account", + "privilege": "DescribeSecurityHubV2", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve information about Security Hub standards", @@ -279778,7 +291388,9 @@ { "condition_keys": [], "dependent_actions": [ - "organizations:DescribeOrganization" + "organizations:DeregisterDelegatedAdministrator", + "organizations:DescribeOrganization", + "organizations:ListDelegatedAdministrators" ], "resource_type": "hub" } @@ -279796,6 +291408,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to disable Security Hub V2", + "privilege": "DisableSecurityHubV2", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to a Security Hub member account to disassociate from the associated administrator account", @@ -279854,6 +291478,8 @@ "dependent_actions": [ "organizations:DescribeOrganization", "organizations:EnableAWSServiceAccess", + "organizations:ListAWSServiceAccessForOrganization", + "organizations:ListDelegatedAdministrators", "organizations:RegisterDelegatedAdministrator" ], "resource_type": "hub" @@ -279880,15 +291506,35 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to enable Security Hub V2", + "privilege": "EnableSecurityHubV2", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", - "description": "Grants permission to retrieve insight results by providing a set of filters instead of an insight ARN", + "description": "Grants permission to retrieve aggregated statistical data about the findings", "privilege": "GetAdhocInsightResults", "resource_types": [ { "condition_keys": [], "dependent_actions": [], "resource_type": "hub" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "hubv2" } ] }, @@ -279904,6 +291550,30 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve details for an aggregatorV2, which configures data aggregation across Regions", + "privilege": "GetAggregatorV2", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "aggregatorv2*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve details for an automation rule V2 from Security Hub based on rule Amazon Resource Name (ARN)", + "privilege": "GetAutomationRuleV2", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "automation-rulev2*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get a complete overview of one configuration policy created by the calling account", @@ -279928,6 +291598,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve details for a connector V2 from Security Hub based on connector id", + "privilege": "GetConnectorV2", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connectorv2*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve a security score and counts of finding and control statuses for a security standard", @@ -279985,6 +291667,11 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "hub" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "hubv2" } ] }, @@ -280084,6 +291771,30 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve aggregate statistics about resources", + "privilege": "GetResourcesStatisticsV2", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "hubv2" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a list of resources", + "privilege": "GetResourcesV2", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "hubv2" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get the definition details of a specific security control identified by ID", @@ -280122,6 +291833,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to retrieve a list of aggregatorsV2, which configures data aggregation across Regions", + "privilege": "ListAggregatorsV2", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to retrieve a list of automation rules and their metadata for the calling account from Security Hub", @@ -280134,6 +291857,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to retrieve a list of automation rules V2 and their metadata for the calling account from Security Hub", + "privilege": "ListAutomationRulesV2", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list the summaries of all configuration policies created by the calling account", @@ -280158,6 +291893,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to retrieve a list of connectors V2 and their metadata for the calling account from Security Hub", + "privilege": "ListConnectorsV2", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve a list of controls for a standard, including the control IDs, statuses and finding counts", @@ -280226,7 +291973,8 @@ { "condition_keys": [], "dependent_actions": [ - "organizations:DescribeOrganization" + "organizations:DescribeOrganization", + "organizations:ListDelegatedAdministrators" ], "resource_type": "hub" } @@ -280333,20 +292081,40 @@ "description": "Grants permission to add tags to a Security Hub resource", "privilege": "TagResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "aggregatorv2" + }, { "condition_keys": [], "dependent_actions": [], "resource_type": "automation-rule" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "automation-rulev2" + }, { "condition_keys": [], "dependent_actions": [], "resource_type": "configuration-policy" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connectorv2" + }, { "condition_keys": [], "dependent_actions": [], "resource_type": "hub" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "hubv2" } ] }, @@ -280355,20 +292123,40 @@ "description": "Grants permission to remove tags from a Security Hub resource", "privilege": "UntagResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "aggregatorv2" + }, { "condition_keys": [], "dependent_actions": [], "resource_type": "automation-rule" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "automation-rulev2" + }, { "condition_keys": [], "dependent_actions": [], "resource_type": "configuration-policy" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connectorv2" + }, { "condition_keys": [], "dependent_actions": [], "resource_type": "hub" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "hubv2" } ] }, @@ -280384,6 +292172,30 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update an aggregatorV2, which configures data aggregation across Regions", + "privilege": "UpdateAggregatorV2", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "aggregatorv2*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update an automation rule V2 in Security Hub based on rule Amazon Resource Name (ARN) and input parameters", + "privilege": "UpdateAutomationRuleV2", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "automation-rulev2*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update an existing configuration policy", @@ -280396,6 +292208,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update a connector V2 in Security Hub based on connector id and input parameters", + "privilege": "UpdateConnectorV2", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connectorv2*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update a finding aggregator, which contains the cross-Region finding aggregation configuration", @@ -280491,6 +292315,13 @@ ], "resource": "hub" }, + { + "arn": "arn:${Partition}:securityhub:${Region}:${Account}:hubv2/${HubV2Id}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "hubv2" + }, { "arn": "arn:${Partition}:securityhub:${Region}:${Account}:product/${Company}/${ProductId}", "condition_keys": [], @@ -280501,15 +292332,40 @@ "condition_keys": [], "resource": "finding-aggregator" }, + { + "arn": "arn:${Partition}:securityhub:${Region}:${Account}:aggregatorv2/${AggregatorV2Id}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "aggregatorv2" + }, { "arn": "arn:${Partition}:securityhub:${Region}:${Account}:automation-rule/${AutomationRuleId}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "automation-rule" }, + { + "arn": "arn:${Partition}:securityhub:${Region}:${Account}:automation-rulev2/${AutomationRuleV2Id}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "automation-rulev2" + }, { "arn": "arn:${Partition}:securityhub:${Region}:${Account}:configuration-policy/${ConfigurationPolicyId}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "configuration-policy" + }, + { + "arn": "arn:${Partition}:securityhub:${Region}:${Account}:connectorv2/${ConnectorV2Id}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "connectorv2" } ], "service_name": "AWS Security Hub" @@ -280663,6 +292519,7 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [ @@ -282543,60 +294400,1026 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Portfolio*" + "resource_type": "Portfolio*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the provisioned product plans", + "privilege": "ListProvisionedProductPlans", + "resource_types": [ + { + "condition_keys": [ + "servicecatalog:accountLevel", + "servicecatalog:roleLevel", + "servicecatalog:userLevel" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the provisioning artifacts associated with a given product", + "privilege": "ListProvisioningArtifacts", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Product*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all provisioning artifacts for the specified self-service action", + "privilege": "ListProvisioningArtifactsForServiceAction", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all the records in your account or all the records related to a given provisioned product", + "privilege": "ListRecordHistory", + "resource_types": [ + { + "condition_keys": [ + "servicecatalog:accountLevel", + "servicecatalog:roleLevel", + "servicecatalog:userLevel" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the resources associated with the specified TagOption", + "privilege": "ListResourcesForTagOption", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all self-service actions", + "privilege": "ListServiceActions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all the service actions associated with the specified provisioning artifact in your account", + "privilege": "ListServiceActionsForProvisioningArtifact", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Product*" + }, + { + "condition_keys": [ + "servicecatalog:accountLevel", + "servicecatalog:roleLevel", + "servicecatalog:userLevel" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list account, region and status of each stack instances that are associated with a CFN_STACKSET type provisioned product", + "privilege": "ListStackInstancesForProvisionedProduct", + "resource_types": [ + { + "condition_keys": [ + "servicecatalog:accountLevel", + "servicecatalog:roleLevel", + "servicecatalog:userLevel" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the specified TagOptions or all TagOptions", + "privilege": "ListTagOptions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list the tags for a service catalog appregistry resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Application" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "AttributeGroup" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to notify the result of the provisioning engine execution", + "privilege": "NotifyProvisionProductEngineWorkflowResult", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to notify the result of the terminate engine execution", + "privilege": "NotifyTerminateProvisionedProductEngineWorkflowResult", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to notify the result of the update engine execution", + "privilege": "NotifyUpdateProvisionedProductEngineWorkflowResult", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to provision a product with a specified provisioning artifact and launch parameters", + "privilege": "ProvisionProduct", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Product*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to assign AppRegistry configurations", + "privilege": "PutConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to add a resource-based policy for the specified resource", + "privilege": "PutResourcePolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Application" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "AttributeGroup" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to reject a portfolio that has been shared with you that you previously accepted", + "privilege": "RejectPortfolioShare", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Portfolio*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all the provisioned products in your account", + "privilege": "ScanProvisionedProducts", + "resource_types": [ + { + "condition_keys": [ + "servicecatalog:accountLevel", + "servicecatalog:roleLevel", + "servicecatalog:userLevel" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the products available to you as an end-user", + "privilege": "SearchProducts", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all the products in your account or all the products associated with a given portfolio", + "privilege": "SearchProductsAsAdmin", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all the provisioned products in your account", + "privilege": "SearchProvisionedProducts", + "resource_types": [ + { + "condition_keys": [ + "servicecatalog:accountLevel", + "servicecatalog:roleLevel", + "servicecatalog:userLevel" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to sync a resource with its current state in AppRegistry", + "privilege": "SyncResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "cloudformation:UpdateStack" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to tag a service catalog appregistry resource", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Application" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "AttributeGroup" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to terminate an existing provisioned product", + "privilege": "TerminateProvisionedProduct", + "resource_types": [ + { + "condition_keys": [ + "servicecatalog:accountLevel", + "servicecatalog:roleLevel", + "servicecatalog:userLevel" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to remove a tag from a service catalog appregistry resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Application" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "AttributeGroup" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the attributes of an existing application", + "privilege": "UpdateApplication", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iam:CreateServiceLinkedRole" + ], + "resource_type": "Application*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the attributes of an existing attribute group", + "privilege": "UpdateAttributeGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "AttributeGroup*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the metadata fields of an existing constraint", + "privilege": "UpdateConstraint", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the metadata fields and/or tags of an existing portfolio", + "privilege": "UpdatePortfolio", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Portfolio*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to enable or disable resource sharing for an existing portfolio share", + "privilege": "UpdatePortfolioShare", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Portfolio*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the metadata fields and/or tags of an existing product", + "privilege": "UpdateProduct", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Product*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update an existing provisioned product", + "privilege": "UpdateProvisionedProduct", + "resource_types": [ + { + "condition_keys": [ + "servicecatalog:accountLevel", + "servicecatalog:roleLevel", + "servicecatalog:userLevel" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the properties of an existing provisioned product", + "privilege": "UpdateProvisionedProductProperties", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the metadata fields of an existing provisioning artifact", + "privilege": "UpdateProvisioningArtifact", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Product*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a self-service action", + "privilege": "UpdateServiceAction", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the specified TagOption", + "privilege": "UpdateTagOption", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:servicecatalog:${Region}:${Account}:/applications/${ApplicationId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Application" + }, + { + "arn": "arn:${Partition}:servicecatalog:${Region}:${Account}:/attribute-groups/${AttributeGroupId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "AttributeGroup" + }, + { + "arn": "arn:${Partition}:catalog:${Region}:${Account}:portfolio/${PortfolioId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Portfolio" + }, + { + "arn": "arn:${Partition}:catalog:${Region}:${Account}:product/${ProductId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Product" + } + ], + "service_name": "AWS Service Catalog" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters actions based on the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters actions based on the tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters actions based on the tag keys that are passed in the request", + "type": "ArrayOfString" + }, + { + "condition": "servicediscovery:NamespaceArn", + "description": "Filters access by specifying the Amazon Resource Name (ARN) for the related namespace", + "type": "ARN" + }, + { + "condition": "servicediscovery:NamespaceName", + "description": "Filters access by specifying the name of the related namespace", + "type": "String" + }, + { + "condition": "servicediscovery:ServiceArn", + "description": "Filters access by specifying the Amazon Resource Name (ARN) for the related service", + "type": "ARN" + }, + { + "condition": "servicediscovery:ServiceCreatedByAccount", + "description": "Filters access by specifying the account id of the related service creator", + "type": "String" + }, + { + "condition": "servicediscovery:ServiceName", + "description": "Filters access by specifying the name of the related service", + "type": "String" + } + ], + "prefix": "servicediscovery", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create an HTTP namespace", + "privilege": "CreateHttpNamespace", + "resource_types": [ + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a private namespace based on DNS, which will be visible only inside a specified Amazon VPC", + "privilege": "CreatePrivateDnsNamespace", + "resource_types": [ + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a public namespace based on DNS, which will be visible on the internet", + "privilege": "CreatePublicDnsNamespace", + "resource_types": [ + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a service", + "privilege": "CreateService", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "namespace*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service*" + }, + { + "condition_keys": [ + "servicediscovery:NamespaceArn", + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a specified namespace", + "privilege": "DeleteNamespace", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "namespace*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the RAM access control policy for a namespace", + "privilege": "DeleteResourcePolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "namespace*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a specified service", + "privilege": "DeleteService", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service*" + }, + { + "condition_keys": [ + "servicediscovery:ServiceCreatedByAccount" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete specified attributes from a service", + "privilege": "DeleteServiceAttributes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service*" + }, + { + "condition_keys": [ + "servicediscovery:ServiceCreatedByAccount" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the records and the health check, if any, that Amazon Route 53 created for the specified instance", + "privilege": "DeregisterInstance", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service*" + }, + { + "condition_keys": [ + "servicediscovery:ServiceArn", + "servicediscovery:ServiceCreatedByAccount" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to discover registered instances for a specified namespace and service", + "privilege": "DiscoverInstances", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "namespace*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service*" + }, + { + "condition_keys": [ + "servicediscovery:NamespaceName", + "servicediscovery:ServiceName" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to discover the revision of the instances for a specified namespace and service", + "privilege": "DiscoverInstancesRevision", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "namespace*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service*" + }, + { + "condition_keys": [ + "servicediscovery:NamespaceName", + "servicediscovery:ServiceName" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get information about a specified instance", + "privilege": "GetInstance", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service*" + }, + { + "condition_keys": [ + "servicediscovery:ServiceArn" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the current health status (Healthy, Unhealthy, or Unknown) of one or more instances", + "privilege": "GetInstancesHealthStatus", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service*" + }, + { + "condition_keys": [ + "servicediscovery:ServiceArn" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get information about a namespace", + "privilege": "GetNamespace", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "namespace*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get information about a specific operation", + "privilege": "GetOperation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "namespace*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to read the RAM access control policy for a namespace", + "privilege": "GetResourcePolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "namespace*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the settings for a specified service", + "privilege": "GetService", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the attributes for a specified service", + "privilege": "GetServiceAttributes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get summary information about the instances that were registered with a specified service", + "privilege": "ListInstances", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service*" + }, + { + "condition_keys": [ + "servicediscovery:ServiceArn" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get information about the namespaces", + "privilege": "ListNamespaces", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list operations that match the criteria that you specify", + "privilege": "ListOperations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get settings for all the services that match specified filters", + "privilege": "ListServices", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the provisioned product plans", - "privilege": "ListProvisionedProductPlans", + "access_level": "Read", + "description": "Grants permission to lists tags for the specified resource", + "privilege": "ListTagsForResource", "resource_types": [ { - "condition_keys": [ - "servicecatalog:accountLevel", - "servicecatalog:roleLevel", - "servicecatalog:userLevel" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the provisioning artifacts associated with a given product", - "privilege": "ListProvisioningArtifacts", + "access_level": "Write", + "description": "Grants permission to define the RAM access control policy for a namespace", + "privilege": "PutResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Product*" + "resource_type": "namespace*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all provisioning artifacts for the specified self-service action", - "privilege": "ListProvisioningArtifactsForServiceAction", + "access_level": "Write", + "description": "Grants permission to register an instance based on the settings in a specified service", + "privilege": "RegisterInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "service*" + }, + { + "condition_keys": [ + "servicediscovery:ServiceArn", + "servicediscovery:ServiceCreatedByAccount" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all the records in your account or all the records related to a given provisioned product", - "privilege": "ListRecordHistory", + "access_level": "Tagging", + "description": "Grants permission to add one or more tags to the specified resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [ - "servicecatalog:accountLevel", - "servicecatalog:roleLevel", - "servicecatalog:userLevel" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -282604,44 +295427,45 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the resources associated with the specified TagOption", - "privilege": "ListResourcesForTagOption", + "access_level": "Tagging", + "description": "Grants permission to remove one or more tags from the specified resource", + "privilege": "UntagResource", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all self-service actions", - "privilege": "ListServiceActions", + "access_level": "Write", + "description": "Grants permission to update the settings for a HTTP namespace", + "privilege": "UpdateHttpNamespace", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "namespace*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all the service actions associated with the specified provisioning artifact in your account", - "privilege": "ListServiceActionsForProvisioningArtifact", + "access_level": "Write", + "description": "Grants permission to update the current health status for an instance that has a custom health check", + "privilege": "UpdateInstanceCustomHealthStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Product*" + "resource_type": "service*" }, { "condition_keys": [ - "servicecatalog:accountLevel", - "servicecatalog:roleLevel", - "servicecatalog:userLevel" + "servicediscovery:ServiceArn", + "servicediscovery:ServiceCreatedByAccount" ], "dependent_actions": [], "resource_type": "" @@ -282649,66 +295473,94 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list account, region and status of each stack instances that are associated with a CFN_STACKSET type provisioned product", - "privilege": "ListStackInstancesForProvisionedProduct", + "access_level": "Write", + "description": "Grants permission to update the settings for a private DNS namespace", + "privilege": "UpdatePrivateDnsNamespace", "resource_types": [ { - "condition_keys": [ - "servicecatalog:accountLevel", - "servicecatalog:roleLevel", - "servicecatalog:userLevel" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "namespace*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the specified TagOptions or all TagOptions", - "privilege": "ListTagOptions", + "access_level": "Write", + "description": "Grants permission to update the settings for a public DNS namespace", + "privilege": "UpdatePublicDnsNamespace", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "namespace*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list the tags for a service catalog appregistry resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to update the settings in a specified service", + "privilege": "UpdateService", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Application" + "resource_type": "service*" }, { - "condition_keys": [], + "condition_keys": [ + "servicediscovery:ServiceCreatedByAccount" + ], "dependent_actions": [], - "resource_type": "AttributeGroup" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to notify the result of the provisioning engine execution", - "privilege": "NotifyProvisionProductEngineWorkflowResult", + "description": "Grants permission to update the attributes in a specified service", + "privilege": "UpdateServiceAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "service*" + }, + { + "condition_keys": [ + "servicediscovery:ServiceCreatedByAccount" + ], + "dependent_actions": [], "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:servicediscovery:${Region}:${Account}:namespace/${NamespaceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "namespace" }, { - "access_level": "Write", - "description": "Grants permission to notify the result of the terminate engine execution", - "privilege": "NotifyTerminateProvisionedProductEngineWorkflowResult", + "arn": "arn:${Partition}:servicediscovery:${Region}:${Account}:service/${ServiceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "service" + } + ], + "service_name": "AWS Cloud Map" + }, + { + "conditions": [], + "prefix": "serviceextract", + "privileges": [ + { + "access_level": "Read", + "description": "Grants permission to get required configuration for the AWS Microservice Extractor for .NET desktop client", + "privilege": "GetConfig", "resource_types": [ { "condition_keys": [], @@ -282716,92 +295568,121 @@ "resource_type": "" } ] + } + ], + "resources": [], + "service_name": "AWS Microservice Extractor for .NET" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + }, + { + "condition": "servicequotas:service", + "description": "Filters access by the specified AWS service", + "type": "String" + } + ], + "prefix": "servicequotas", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to notify the result of the update engine execution", - "privilege": "NotifyUpdateProvisionedProductEngineWorkflowResult", + "description": "Grants permission to associate the Service Quotas template with your organization", + "privilege": "AssociateServiceQuotaTemplate", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "organizations:DescribeOrganization", + "organizations:EnableAWSServiceAccess" + ], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to provision a product with a specified provisioning artifact and launch parameters", - "privilege": "ProvisionProduct", + "description": "Grants permission to submit a request to create a support case for an existing quota increase request", + "privilege": "CreateSupportCase", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Product*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to assign AppRegistry configurations", - "privilege": "PutConfiguration", + "description": "Grants permission to remove the specified service quota from the service quota template", + "privilege": "DeleteServiceQuotaIncreaseRequestFromTemplate", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "organizations:DescribeOrganization" + ], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to add a resource-based policy for the specified resource", - "privilege": "PutResourcePolicy", + "description": "Grants permission to disassociate the Service Quotas template from your organization", + "privilege": "DisassociateServiceQuotaTemplate", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "Application" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "AttributeGroup" + "dependent_actions": [ + "organizations:DescribeOrganization" + ], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to reject a portfolio that has been shared with you that you previously accepted", - "privilege": "RejectPortfolioShare", + "access_level": "Read", + "description": "Grants permission to return the details for the specified service quota, including the AWS default value", + "privilege": "GetAWSDefaultServiceQuota", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Portfolio*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all the provisioned products in your account", - "privilege": "ScanProvisionedProducts", + "access_level": "Read", + "description": "Grants permission to retrieve the ServiceQuotaTemplateAssociationStatus value, which tells you if the Service Quotas template is associated with an organization", + "privilege": "GetAssociationForServiceQuotaTemplate", "resource_types": [ { - "condition_keys": [ - "servicecatalog:accountLevel", - "servicecatalog:roleLevel", - "servicecatalog:userLevel" + "condition_keys": [], + "dependent_actions": [ + "organizations:DescribeOrganization" ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the products available to you as an end-user", - "privilege": "SearchProducts", + "access_level": "Read", + "description": "Grants permission to retrieve the automatic management of Service Quotas configuration, including notification settings, opt-in type, and excluded quotas", + "privilege": "GetAutoManagementConfiguration", "resource_types": [ { "condition_keys": [], @@ -282811,9 +295692,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all the products in your account or all the products associated with a given portfolio", - "privilege": "SearchProductsAsAdmin", + "access_level": "Read", + "description": "Grants permission to retrieve the details for a particular service quota increase request", + "privilege": "GetRequestedServiceQuotaChange", "resource_types": [ { "condition_keys": [], @@ -282823,130 +295704,127 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all the provisioned products in your account", - "privilege": "SearchProvisionedProducts", + "access_level": "Read", + "description": "Grants permission to return the details for the specified service quota, including the applied value", + "privilege": "GetServiceQuota", "resource_types": [ { - "condition_keys": [ - "servicecatalog:accountLevel", - "servicecatalog:roleLevel", - "servicecatalog:userLevel" + "condition_keys": [], + "dependent_actions": [ + "autoscaling:DescribeAccountLimits", + "cloudformation:DescribeAccountLimits", + "dynamodb:DescribeLimits", + "elasticloadbalancing:DescribeAccountLimits", + "iam:GetAccountSummary", + "kinesis:DescribeLimits", + "rds:DescribeAccountAttributes", + "route53:GetAccountLimit" ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to sync a resource with its current state in AppRegistry", - "privilege": "SyncResource", + "access_level": "Read", + "description": "Grants permission to retrieve the details for a service quota increase request from the service quota template", + "privilege": "GetServiceQuotaIncreaseRequestFromTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "cloudformation:UpdateStack" + "organizations:DescribeOrganization" ], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag a service catalog appregistry resource", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to list all default service quotas for the specified AWS service", + "privilege": "ListAWSDefaultServiceQuotas", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Application" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "AttributeGroup" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to terminate an existing provisioned product", - "privilege": "TerminateProvisionedProduct", + "access_level": "Read", + "description": "Grants permission to request a list of the changes to quotas for a service", + "privilege": "ListRequestedServiceQuotaChangeHistory", "resource_types": [ { - "condition_keys": [ - "servicecatalog:accountLevel", - "servicecatalog:roleLevel", - "servicecatalog:userLevel" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove a tag from a service catalog appregistry resource", - "privilege": "UntagResource", + "access_level": "Read", + "description": "Grants permission to request a list of the changes to specific service quotas", + "privilege": "ListRequestedServiceQuotaChangeHistoryByQuota", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Application" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return a list of the service quota increase requests from the service quota template", + "privilege": "ListServiceQuotaIncreaseRequestsInTemplate", + "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "AttributeGroup" - }, - { - "condition_keys": [ - "aws:TagKeys" + "dependent_actions": [ + "organizations:DescribeOrganization" ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the attributes of an existing application", - "privilege": "UpdateApplication", + "access_level": "Read", + "description": "Grants permission to list all service quotas for the specified AWS service, in that account, in that Region", + "privilege": "ListServiceQuotas", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "iam:CreateServiceLinkedRole" + "autoscaling:DescribeAccountLimits", + "cloudformation:DescribeAccountLimits", + "dynamodb:DescribeLimits", + "elasticloadbalancing:DescribeAccountLimits", + "iam:GetAccountSummary", + "kinesis:DescribeLimits", + "rds:DescribeAccountAttributes", + "route53:GetAccountLimit" ], - "resource_type": "Application*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the attributes of an existing attribute group", - "privilege": "UpdateAttributeGroup", + "access_level": "Read", + "description": "Grants permission to list the AWS services available in Service Quotas", + "privilege": "ListServices", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "AttributeGroup*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the metadata fields of an existing constraint", - "privilege": "UpdateConstraint", + "access_level": "Read", + "description": "Grants permission to view the existing tags on a SQ resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], @@ -282957,50 +295835,38 @@ }, { "access_level": "Write", - "description": "Grants permission to update the metadata fields and/or tags of an existing portfolio", - "privilege": "UpdatePortfolio", + "description": "Grants permission to define and add a quota to the service quota template", + "privilege": "PutServiceQuotaIncreaseRequestIntoTemplate", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "Portfolio*" + "dependent_actions": [ + "organizations:DescribeOrganization" + ], + "resource_type": "quota" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "servicequotas:service" ], "dependent_actions": [], "resource_type": "" } ] }, - { - "access_level": "Permissions management", - "description": "Grants permission to enable or disable resource sharing for an existing portfolio share", - "privilege": "UpdatePortfolioShare", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Portfolio*" - } - ] - }, { "access_level": "Write", - "description": "Grants permission to update the metadata fields and/or tags of an existing product", - "privilege": "UpdateProduct", + "description": "Grants permission to submit the request for a service quota increase", + "privilege": "RequestServiceQuotaIncrease", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Product*" + "resource_type": "quota" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "servicequotas:service" ], "dependent_actions": [], "resource_type": "" @@ -283009,15 +295875,11 @@ }, { "access_level": "Write", - "description": "Grants permission to update an existing provisioned product", - "privilege": "UpdateProvisionedProduct", + "description": "Grants permission to enable automatic management of Service Quotas for an AWS account, including notification preferences and excluded quotas configurations", + "privilege": "StartAutoManagement", "resource_types": [ { - "condition_keys": [ - "servicecatalog:accountLevel", - "servicecatalog:roleLevel", - "servicecatalog:userLevel" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -283025,8 +295887,8 @@ }, { "access_level": "Write", - "description": "Grants permission to update the properties of an existing provisioned product", - "privilege": "UpdateProvisionedProductProperties", + "description": "Grants permission to stop automatic management of Service Quotas for an AWS account and remove all associated configurations", + "privilege": "StopAutoManagement", "resource_types": [ { "condition_keys": [], @@ -283036,24 +295898,29 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update the metadata fields of an existing provisioning artifact", - "privilege": "UpdateProvisioningArtifact", + "access_level": "Tagging", + "description": "Grants permission to associate a set of tags with an existing SQ resource", + "privilege": "TagResource", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "Product*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a self-service action", - "privilege": "UpdateServiceAction", + "access_level": "Tagging", + "description": "Grants permission to remove a set of tags from a SQ resource, where tags to be removed match a set of customer-supplied tag keys", + "privilege": "UntagResource", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -283061,8 +295928,8 @@ }, { "access_level": "Write", - "description": "Grants permission to update the specified TagOption", - "privilege": "UpdateTagOption", + "description": "Grants permission to update the automatic management of Service Quotas configuration, including notification preferences and excluded quotas", + "privilege": "UpdateAutoManagement", "resource_types": [ { "condition_keys": [], @@ -283074,85 +295941,97 @@ ], "resources": [ { - "arn": "arn:${Partition}:servicecatalog:${Region}:${Account}:/applications/${ApplicationId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Application" - }, - { - "arn": "arn:${Partition}:servicecatalog:${Region}:${Account}:/attribute-groups/${AttributeGroupId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "AttributeGroup" - }, - { - "arn": "arn:${Partition}:catalog:${Region}:${Account}:portfolio/${PortfolioId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Portfolio" - }, - { - "arn": "arn:${Partition}:catalog:${Region}:${Account}:product/${ProductId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Product" + "arn": "arn:${Partition}:servicequotas:${Region}:${Account}:${ServiceCode}/${QuotaCode}", + "condition_keys": [], + "resource": "quota" } ], - "service_name": "AWS Service Catalog" + "service_name": "Service Quotas" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the tags that are passed in the request", + "description": "Filters access by the presence of tag key-value pairs in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on the tags associated with the resource", + "description": "Filters access by tag key-value pairs attached to the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters actions based on the tag keys that are passed in the request", + "description": "Filters access by the presence of tag keys in the request", "type": "ArrayOfString" }, { - "condition": "servicediscovery:NamespaceArn", - "description": "Filters access by specifying the Amazon Resource Name (ARN) for the related namespace", - "type": "ARN" + "condition": "ses:ApiVersion", + "description": "Filters access by the SES API version", + "type": "String" }, { - "condition": "servicediscovery:NamespaceName", - "description": "Filters access by specifying the name of the related namespace", + "condition": "ses:ExportSourceType", + "description": "Filters access by the export source type", "type": "String" }, { - "condition": "servicediscovery:ServiceArn", - "description": "Filters access by specifying the Amazon Resource Name (ARN) for the related service", - "type": "ARN" + "condition": "ses:FeedbackAddress", + "description": "Filters access by the \"Return-Path\" address, which specifies where bounces and complaints are sent by email feedback forwarding", + "type": "String" }, { - "condition": "servicediscovery:ServiceName", - "description": "Filters access by specifying the name of the related service", + "condition": "ses:FromAddress", + "description": "Filters access by the \"From\" address of a message", + "type": "String" + }, + { + "condition": "ses:FromDisplayName", + "description": "Filters access by the \"From\" address that is used as the display name of a message", + "type": "String" + }, + { + "condition": "ses:MultiRegionEndpointId", + "description": "Filters access by the multi-region endpoint ID that is used to send email", + "type": "String" + }, + { + "condition": "ses:Recipients", + "description": "Filters access by the recipient addresses of a message, which include the \"To\", \"CC\", and \"BCC\" addresses", + "type": "ArrayOfString" + }, + { + "condition": "ses:ReplicaRegion", + "description": "Filters access by the replica regions for Replicating domain DKIM signing key", + "type": "ArrayOfString" + }, + { + "condition": "ses:TenantName", + "description": "Filters access by the tenant name that is used to send email", "type": "String" } ], - "prefix": "servicediscovery", + "prefix": "ses", "privileges": [ { - "access_level": "Write", - "description": "Grants permission to create an HTTP namespace", - "privilege": "CreateHttpNamespace", + "access_level": "Read", + "description": "Grants permission to get metric data on your activity", + "privilege": "BatchGetMetricData", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configuration-set" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "identity" + }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "ses:ApiVersion", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -283161,13 +296040,18 @@ }, { "access_level": "Write", - "description": "Grants permission to create a private namespace based on DNS, which will be visible only inside a specified Amazon VPC", - "privilege": "CreatePrivateDnsNamespace", + "description": "Grants permission to cancel an export job", + "privilege": "CancelExportJob", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "export-job*" + }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "ses:ApiVersion", + "ses:ExportSourceType" ], "dependent_actions": [], "resource_type": "" @@ -283176,11 +296060,27 @@ }, { "access_level": "Write", - "description": "Grants permission to create a public namespace based on DNS, which will be visible on the internet", - "privilege": "CreatePublicDnsNamespace", + "description": "Grants permission to create a new configuration set", + "privilege": "CreateConfigurationSet", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configuration-set*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dedicated-ip-pool" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "mailmanager-archive" + }, { "condition_keys": [ + "ses:ApiVersion", "aws:TagKeys", "aws:RequestTag/${TagKey}" ], @@ -283191,24 +296091,18 @@ }, { "access_level": "Write", - "description": "Grants permission to create a service", - "privilege": "CreateService", + "description": "Grants permission to create a configuration set event destination", + "privilege": "CreateConfigurationSetEventDestination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "namespace*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "service*" + "resource_type": "configuration-set*" }, { "condition_keys": [ - "servicediscovery:NamespaceArn", - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "ses:ApiVersion", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -283217,53 +296111,79 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a specified namespace", - "privilege": "DeleteNamespace", + "description": "Grants permission to create a contact", + "privilege": "CreateContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "namespace*" + "resource_type": "contact-list*" + }, + { + "condition_keys": [ + "ses:ApiVersion", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a specified service", - "privilege": "DeleteService", + "description": "Grants permission to create a contact list", + "privilege": "CreateContactList", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "service*" + "resource_type": "contact-list*" + }, + { + "condition_keys": [ + "ses:ApiVersion", + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete specified attributes from a service", - "privilege": "DeleteServiceAttributes", + "description": "Grants permission to create a new custom verification email template", + "privilege": "CreateCustomVerificationEmailTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "service*" + "resource_type": "custom-verification-email-template*" + }, + { + "condition_keys": [ + "ses:ApiVersion" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the records and the health check, if any, that Amazon Route 53 created for the specified instance", - "privilege": "DeregisterInstance", + "description": "Grants permission to create a new pool of dedicated IP addresses", + "privilege": "CreateDedicatedIpPool", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "service*" + "resource_type": "dedicated-ip-pool*" }, { "condition_keys": [ - "servicediscovery:ServiceArn" + "ses:ApiVersion", + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -283271,14 +296191,20 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to discover registered instances for a specified namespace and service", - "privilege": "DiscoverInstances", + "access_level": "Write", + "description": "Grants permission to create a new predictive inbox placement test", + "privilege": "CreateDeliverabilityTestReport", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "identity*" + }, { "condition_keys": [ - "servicediscovery:NamespaceName", - "servicediscovery:ServiceName" + "ses:ApiVersion", + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -283286,14 +296212,20 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to discover the revision of the instances for a specified namespace and service", - "privilege": "DiscoverInstancesRevision", + "access_level": "Write", + "description": "Grants permission to start the process of verifying an email identity", + "privilege": "CreateEmailIdentity", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "identity*" + }, { "condition_keys": [ - "servicediscovery:NamespaceName", - "servicediscovery:ServiceName" + "ses:ApiVersion", + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -283301,13 +296233,19 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get information about a specified instance", - "privilege": "GetInstance", + "access_level": "Permissions management", + "description": "Grants permission to create the specified sending authorization policy for the given identity", + "privilege": "CreateEmailIdentityPolicy", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "identity*" + }, { "condition_keys": [ - "servicediscovery:ServiceArn" + "ses:ApiVersion", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -283315,13 +296253,18 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get the current health status (Healthy, Unhealthy, or Unknown) of one or more instances", - "privilege": "GetInstancesHealthStatus", + "access_level": "Write", + "description": "Grants permission to create an email template", + "privilege": "CreateEmailTemplate", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "template*" + }, { "condition_keys": [ - "servicediscovery:ServiceArn" + "ses:ApiVersion" ], "dependent_actions": [], "resource_type": "" @@ -283329,61 +296272,103 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get information about a namespace", - "privilege": "GetNamespace", + "access_level": "Write", + "description": "Grants permission to create an export job", + "privilege": "CreateExportJob", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "ses:ApiVersion", + "ses:ExportSourceType" + ], "dependent_actions": [], - "resource_type": "namespace*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about a specific operation", - "privilege": "GetOperation", + "access_level": "Write", + "description": "Grants permission to creates an import job for a data destination", + "privilege": "CreateImportJob", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "ses:ApiVersion" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the settings for a specified service", - "privilege": "GetService", + "access_level": "Write", + "description": "Grants permission to create a new multi-region endpoint", + "privilege": "CreateMultiRegionEndpoint", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "service*" + "condition_keys": [ + "ses:ApiVersion", + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [ + "iam:CreateServiceLinkedRole" + ], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the attributes for a specified service", - "privilege": "GetServiceAttributes", + "access_level": "Write", + "description": "Grants permission to create a new tenant", + "privilege": "CreateTenant", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "service*" + "resource_type": "tenant*" + }, + { + "condition_keys": [ + "ses:ApiVersion", + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get summary information about the instances that were registered with a specified service", - "privilege": "ListInstances", + "access_level": "Write", + "description": "Grants permission to associate a SES resource to a tenant", + "privilege": "CreateTenantResourceAssociation", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configuration-set*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "identity*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "template*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "tenant*" + }, { "condition_keys": [ - "servicediscovery:ServiceArn" + "ses:ApiVersion", + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -283391,66 +296376,98 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get information about the namespaces", - "privilege": "ListNamespaces", + "access_level": "Write", + "description": "Grants permission to delete an existing configuration set", + "privilege": "DeleteConfigurationSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "configuration-set*" + }, + { + "condition_keys": [ + "ses:ApiVersion", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list operations that match the criteria that you specify", - "privilege": "ListOperations", + "access_level": "Write", + "description": "Grants permission to delete an event destination", + "privilege": "DeleteConfigurationSetEventDestination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "configuration-set*" + }, + { + "condition_keys": [ + "ses:ApiVersion", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get settings for all the services that match specified filters", - "privilege": "ListServices", + "access_level": "Write", + "description": "Grants permission to delete a contact from a contact list", + "privilege": "DeleteContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "contact-list*" + }, + { + "condition_keys": [ + "ses:ApiVersion", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to lists tags for the specified resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to delete a contact list with all of its contacts", + "privilege": "DeleteContactList", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "contact-list*" + }, + { + "condition_keys": [ + "ses:ApiVersion", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to register an instance based on the settings in a specified service", - "privilege": "RegisterInstance", + "description": "Grants permission to delete an existing custom verification email template", + "privilege": "DeleteCustomVerificationEmailTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "service*" + "resource_type": "custom-verification-email-template*" }, { "condition_keys": [ - "servicediscovery:ServiceArn" + "ses:ApiVersion" ], "dependent_actions": [], "resource_type": "" @@ -283458,14 +296475,19 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to add one or more tags to the specified resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to delete a dedicated IP pool", + "privilege": "DeleteDedicatedIpPool", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dedicated-ip-pool*" + }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "ses:ApiVersion", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -283473,13 +296495,19 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove one or more tags from the specified resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to delete an email identity", + "privilege": "DeleteEmailIdentity", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "identity*" + }, { "condition_keys": [ - "aws:TagKeys" + "ses:ApiVersion", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -283487,25 +296515,38 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update the settings for a HTTP namespace", - "privilege": "UpdateHttpNamespace", + "access_level": "Permissions management", + "description": "Grants permission to delete the specified sending authorization policy for the given identity (an email address or a domain)", + "privilege": "DeleteEmailIdentityPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "namespace*" + "resource_type": "identity*" + }, + { + "condition_keys": [ + "ses:ApiVersion", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the current health status for an instance that has a custom health check", - "privilege": "UpdateInstanceCustomHealthStatus", + "description": "Grants permission to delete an email template", + "privilege": "DeleteEmailTemplate", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "template*" + }, { "condition_keys": [ - "servicediscovery:ServiceArn" + "ses:ApiVersion" ], "dependent_actions": [], "resource_type": "" @@ -283514,251 +296555,282 @@ }, { "access_level": "Write", - "description": "Grants permission to update the settings for a private DNS namespace", - "privilege": "UpdatePrivateDnsNamespace", + "description": "Grants permission to delete a multi-region endpoint", + "privilege": "DeleteMultiRegionEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "namespace*" + "resource_type": "multi-region-endpoint*" + }, + { + "condition_keys": [ + "ses:ApiVersion", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the settings for a public DNS namespace", - "privilege": "UpdatePublicDnsNamespace", + "description": "Grants permission to remove an email address from the suppression list for your account", + "privilege": "DeleteSuppressedDestination", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "ses:ApiVersion" + ], "dependent_actions": [], - "resource_type": "namespace*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the settings in a specified service", - "privilege": "UpdateService", + "description": "Grants permission to delete a tenant", + "privilege": "DeleteTenant", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "service*" + "resource_type": "tenant*" + }, + { + "condition_keys": [ + "ses:ApiVersion", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the attributes in a specified service", - "privilege": "UpdateServiceAttributes", + "description": "Grants permission to remove an associated SES resource from a tenant", + "privilege": "DeleteTenantResourceAssociation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "service*" + "resource_type": "configuration-set*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "identity*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "template*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "tenant*" + }, + { + "condition_keys": [ + "ses:ApiVersion", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:servicediscovery:${Region}:${Account}:namespace/${NamespaceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "namespace" }, - { - "arn": "arn:${Partition}:servicediscovery:${Region}:${Account}:service/${ServiceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "service" - } - ], - "service_name": "AWS Cloud Map" - }, - { - "conditions": [], - "prefix": "serviceextract", - "privileges": [ { "access_level": "Read", - "description": "Grants permission to get required configuration for the AWS Microservice Extractor for .NET desktop client", - "privilege": "GetConfig", + "description": "Grants permission to get information about the email-sending status and capabilities for your account", + "privilege": "GetAccount", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "ses:ApiVersion" + ], "dependent_actions": [], "resource_type": "" - } - ] - } - ], - "resources": [], - "service_name": "AWS Microservice Extractor for .NET" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", - "type": "ArrayOfString" - }, - { - "condition": "servicequotas:service", - "description": "Filters access by the specified AWS service", - "type": "String" - } - ], - "prefix": "servicequotas", - "privileges": [ + } + ] + }, { - "access_level": "Write", - "description": "Grants permission to associate the Service Quotas template with your organization", - "privilege": "AssociateServiceQuotaTemplate", + "access_level": "Read", + "description": "Grants permission to retrieve a list of the deny lists on which your dedicated IP addresses or tracked domains appear", + "privilege": "GetBlacklistReports", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [ - "organizations:DescribeOrganization", - "organizations:EnableAWSServiceAccess" + "condition_keys": [ + "ses:ApiVersion" ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to remove the specified service quota from the service quota template", - "privilege": "DeleteServiceQuotaIncreaseRequestFromTemplate", + "access_level": "Read", + "description": "Grants permission to get information about an existing configuration set", + "privilege": "GetConfigurationSet", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "organizations:DescribeOrganization" + "dependent_actions": [], + "resource_type": "configuration-set*" + }, + { + "condition_keys": [ + "ses:ApiVersion", + "aws:ResourceTag/${TagKey}" ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to disassociate the Service Quotas template from your organization", - "privilege": "DisassociateServiceQuotaTemplate", + "access_level": "Read", + "description": "Grants permission to retrieve a list of event destinations that are associated with a configuration set", + "privilege": "GetConfigurationSetEventDestinations", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "organizations:DescribeOrganization" + "dependent_actions": [], + "resource_type": "configuration-set*" + }, + { + "condition_keys": [ + "ses:ApiVersion", + "aws:ResourceTag/${TagKey}" ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to return the details for the specified service quota, including the AWS default value", - "privilege": "GetAWSDefaultServiceQuota", + "description": "Grants permission to return a contact from a contact list", + "privilege": "GetContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "contact-list*" + }, + { + "condition_keys": [ + "ses:ApiVersion", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the ServiceQuotaTemplateAssociationStatus value, which tells you if the Service Quotas template is associated with an organization", - "privilege": "GetAssociationForServiceQuotaTemplate", + "description": "Grants permission to return contact list metadata", + "privilege": "GetContactList", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "organizations:DescribeOrganization" + "dependent_actions": [], + "resource_type": "contact-list*" + }, + { + "condition_keys": [ + "ses:ApiVersion" ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the details for a particular service quota increase request", - "privilege": "GetRequestedServiceQuotaChange", + "description": "Grants permission to return the custom email verification template for the template name you specify", + "privilege": "GetCustomVerificationEmailTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "custom-verification-email-template*" + }, + { + "condition_keys": [ + "ses:ApiVersion" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to return the details for the specified service quota, including the applied value", - "privilege": "GetServiceQuota", + "description": "Grants permission to get information about a dedicated IP address", + "privilege": "GetDedicatedIp", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [ - "autoscaling:DescribeAccountLimits", - "cloudformation:DescribeAccountLimits", - "dynamodb:DescribeLimits", - "elasticloadbalancing:DescribeAccountLimits", - "iam:GetAccountSummary", - "kinesis:DescribeLimits", - "rds:DescribeAccountAttributes", - "route53:GetAccountLimit" + "condition_keys": [ + "ses:ApiVersion" ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the details for a service quota increase request from the service quota template", - "privilege": "GetServiceQuotaIncreaseRequestFromTemplate", + "description": "Grants permission to get information about a dedicated IP pool", + "privilege": "GetDedicatedIpPool", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "organizations:DescribeOrganization" + "dependent_actions": [], + "resource_type": "dedicated-ip-pool*" + }, + { + "condition_keys": [ + "ses:ApiVersion", + "aws:ResourceTag/${TagKey}" ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to list all default service quotas for the specified AWS service", - "privilege": "ListAWSDefaultServiceQuotas", + "description": "Grants permission to list the dedicated IP addresses a dedicated IP pool", + "privilege": "GetDedicatedIps", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "dedicated-ip-pool*" + }, + { + "condition_keys": [ + "ses:ApiVersion", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to request a list of the changes to quotas for a service", - "privilege": "ListRequestedServiceQuotaChangeHistory", + "description": "Grants permission to get the status of the Deliverability dashboard", + "privilege": "GetDeliverabilityDashboardOptions", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "ses:ApiVersion" + ], "dependent_actions": [], "resource_type": "" } @@ -283766,90 +296838,111 @@ }, { "access_level": "Read", - "description": "Grants permission to request a list of the changes to specific service quotas", - "privilege": "ListRequestedServiceQuotaChangeHistoryByQuota", + "description": "Grants permission to retrieve the results of a predictive inbox placement test", + "privilege": "GetDeliverabilityTestReport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "deliverability-test-report*" + }, + { + "condition_keys": [ + "ses:ApiVersion", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to return a list of the service quota increase requests from the service quota template", - "privilege": "ListServiceQuotaIncreaseRequestsInTemplate", + "description": "Grants permission to retrieve all the deliverability data for a specific campaign", + "privilege": "GetDomainDeliverabilityCampaign", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [ - "organizations:DescribeOrganization" + "condition_keys": [ + "ses:ApiVersion" ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to list all service quotas for the specified AWS service, in that account, in that Region", - "privilege": "ListServiceQuotas", + "description": "Grants permission to retrieve inbox placement and engagement rates for the domains that you use to send email", + "privilege": "GetDomainStatisticsReport", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "autoscaling:DescribeAccountLimits", - "cloudformation:DescribeAccountLimits", - "dynamodb:DescribeLimits", - "elasticloadbalancing:DescribeAccountLimits", - "iam:GetAccountSummary", - "kinesis:DescribeLimits", - "rds:DescribeAccountAttributes", - "route53:GetAccountLimit" + "dependent_actions": [], + "resource_type": "identity*" + }, + { + "condition_keys": [ + "ses:ApiVersion", + "aws:ResourceTag/${TagKey}" ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to list the AWS services available in Service Quotas", - "privilege": "ListServices", + "description": "Grants permission to get information about a specific identity", + "privilege": "GetEmailIdentity", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "identity*" + }, + { + "condition_keys": [ + "ses:ApiVersion", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to view the existing tags on a SQ resource", - "privilege": "ListTagsForResource", + "description": "Grants permission to return the requested sending authorization policies for the given identity (an email address or a domain)", + "privilege": "GetEmailIdentityPolicies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "identity*" + }, + { + "condition_keys": [ + "ses:ApiVersion", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to define and add a quota to the service quota template", - "privilege": "PutServiceQuotaIncreaseRequestIntoTemplate", + "access_level": "Read", + "description": "Grants permission to return the template object, which includes the subject line, HTML part, and text part for the template you specify", + "privilege": "GetEmailTemplate", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "organizations:DescribeOrganization" - ], - "resource_type": "quota" + "dependent_actions": [], + "resource_type": "template*" }, { "condition_keys": [ - "servicequotas:service" + "ses:ApiVersion" ], "dependent_actions": [], "resource_type": "" @@ -283857,18 +296950,19 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to submit the request for a service quota increase", - "privilege": "RequestServiceQuotaIncrease", + "access_level": "Read", + "description": "Grants permission to get information about an export job", + "privilege": "GetExportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "quota" + "resource_type": "export-job*" }, { "condition_keys": [ - "servicequotas:service" + "ses:ApiVersion", + "ses:ExportSourceType" ], "dependent_actions": [], "resource_type": "" @@ -283876,14 +296970,18 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to associate a set of tags with an existing SQ resource", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to provide information about an import job", + "privilege": "GetImportJob", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "import-job*" + }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "ses:ApiVersion" ], "dependent_actions": [], "resource_type": "" @@ -283891,84 +296989,33 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove a set of tags from a SQ resource, where tags to be removed match a set of customer-supplied tag keys", - "privilege": "UntagResource", + "access_level": "Read", + "description": "Grants permission to provide insights about a message", + "privilege": "GetMessageInsights", "resource_types": [ { "condition_keys": [ - "aws:TagKeys" + "ses:ApiVersion" ], "dependent_actions": [], "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:servicequotas:${Region}:${Account}:${ServiceCode}/${QuotaCode}", - "condition_keys": [], - "resource": "quota" - } - ], - "service_name": "Service Quotas" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the presence of tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on tag key-value pairs attached to the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters actions based on the presence of tag keys in the request", - "type": "ArrayOfString" - }, - { - "condition": "ses:ApiVersion", - "description": "Filters actions based on the SES API version", - "type": "String" - }, - { - "condition": "ses:FeedbackAddress", - "description": "Filters actions based on the \"Return-Path\" address, which specifies where bounces and complaints are sent by email feedback forwarding", - "type": "String" - }, - { - "condition": "ses:FromAddress", - "description": "Filters actions based on the \"From\" address of a message", - "type": "String" - }, - { - "condition": "ses:FromDisplayName", - "description": "Filters actions based on the \"From\" address that is used as the display name of a message", - "type": "String" }, { - "condition": "ses:Recipients", - "description": "Filters actions based on the recipient addresses of a message, which include the \"To\", \"CC\", and \"BCC\" addresses", - "type": "ArrayOfString" - } - ], - "prefix": "ses", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to create a configuration set", - "privilege": "CreateConfigurationSet", + "access_level": "Read", + "description": "Grants permission to get information about a multi-region endpoint", + "privilege": "GetMultiRegionEndpoint", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "multi-region-endpoint*" + }, { "condition_keys": [ "ses:ApiVersion", - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -283976,14 +297023,14 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a configuration set event destination", - "privilege": "CreateConfigurationSetEventDestination", + "access_level": "Read", + "description": "Grants permission to retrieve information about a reputation entity's status", + "privilege": "GetReputationEntity", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuration-set*" + "resource_type": "tenant*" }, { "condition_keys": [ @@ -283996,15 +297043,13 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a new pool of dedicated IP addresses", - "privilege": "CreateDedicatedIpPool", + "access_level": "Read", + "description": "Grants permission to retrieve information about a specific email address that's on the suppression list for your account", + "privilege": "GetSuppressedDestination", "resource_types": [ { "condition_keys": [ - "ses:ApiVersion", - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "ses:ApiVersion" ], "dependent_actions": [], "resource_type": "" @@ -284012,20 +297057,19 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a new predictive inbox placement test", - "privilege": "CreateDeliverabilityTestReport", + "access_level": "Read", + "description": "Grants permission to get information about a tenant", + "privilege": "GetTenant", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identity*" + "resource_type": "tenant*" }, { "condition_keys": [ "ses:ApiVersion", - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -284033,15 +297077,13 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to start the process of verifying an email identity", - "privilege": "CreateEmailIdentity", + "access_level": "List", + "description": "Grants permission to list all of the configuration sets for your account", + "privilege": "ListConfigurationSets", "resource_types": [ { "condition_keys": [ - "ses:ApiVersion", - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "ses:ApiVersion" ], "dependent_actions": [], "resource_type": "" @@ -284049,19 +297091,13 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete an existing configuration set", - "privilege": "DeleteConfigurationSet", + "access_level": "List", + "description": "Grants permission to list all of the contact lists available for your account", + "privilege": "ListContactLists", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "configuration-set*" - }, { "condition_keys": [ - "ses:ApiVersion", - "aws:ResourceTag/${TagKey}" + "ses:ApiVersion" ], "dependent_actions": [], "resource_type": "" @@ -284069,19 +297105,18 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete an event destination", - "privilege": "DeleteConfigurationSetEventDestination", + "access_level": "List", + "description": "Grants permission to list the contacts present in a specific contact list", + "privilege": "ListContacts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuration-set*" + "resource_type": "contact-list*" }, { "condition_keys": [ - "ses:ApiVersion", - "aws:ResourceTag/${TagKey}" + "ses:ApiVersion" ], "dependent_actions": [], "resource_type": "" @@ -284089,19 +297124,13 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete a dedicated IP pool", - "privilege": "DeleteDedicatedIpPool", + "access_level": "List", + "description": "Grants permission to list all of the existing custom verification email templates for your account", + "privilege": "ListCustomVerificationEmailTemplates", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "dedicated-ip-pool*" - }, { "condition_keys": [ - "ses:ApiVersion", - "aws:ResourceTag/${TagKey}" + "ses:ApiVersion" ], "dependent_actions": [], "resource_type": "" @@ -284109,19 +297138,27 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete an email identity that you previously verified", - "privilege": "DeleteEmailIdentity", + "access_level": "List", + "description": "Grants permission to list all of the dedicated IP pools for your account", + "privilege": "ListDedicatedIpPools", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "ses:ApiVersion" + ], "dependent_actions": [], - "resource_type": "identity*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve the list of the predictive inbox placement tests that you've performed, regardless of their statuses, for your account", + "privilege": "ListDeliverabilityTestReports", + "resource_types": [ { "condition_keys": [ - "ses:ApiVersion", - "aws:ResourceTag/${TagKey}" + "ses:ApiVersion" ], "dependent_actions": [], "resource_type": "" @@ -284130,8 +297167,8 @@ }, { "access_level": "Read", - "description": "Grants permission to get information about the email-sending status and capabilities", - "privilege": "GetAccount", + "description": "Grants permission to list deliverability data for campaigns that used a specific domain to send email during a specified time range", + "privilege": "ListDomainDeliverabilityCampaigns", "resource_types": [ { "condition_keys": [ @@ -284143,9 +297180,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a list of the deny lists on which your dedicated IP addresses appear", - "privilege": "GetBlacklistReports", + "access_level": "List", + "description": "Grants permission to list the email identities for your account", + "privilege": "ListEmailIdentities", "resource_types": [ { "condition_keys": [ @@ -284157,19 +297194,28 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get information about an existing configuration set", - "privilege": "GetConfigurationSet", + "access_level": "List", + "description": "Grants permission to list all of the email templates for your account", + "privilege": "ListEmailTemplates", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "ses:ApiVersion" + ], "dependent_actions": [], - "resource_type": "configuration-set*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all the exports jobs for your account", + "privilege": "ListExportJobs", + "resource_types": [ { "condition_keys": [ "ses:ApiVersion", - "aws:ResourceTag/${TagKey}" + "ses:ExportSourceType" ], "dependent_actions": [], "resource_type": "" @@ -284177,19 +297223,13 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a list of event destinations that are associated with a configuration set", - "privilege": "GetConfigurationSetEventDestinations", + "access_level": "List", + "description": "Grants permission to list all of the import jobs for your account", + "privilege": "ListImportJobs", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "configuration-set*" - }, { "condition_keys": [ - "ses:ApiVersion", - "aws:ResourceTag/${TagKey}" + "ses:ApiVersion" ], "dependent_actions": [], "resource_type": "" @@ -284197,9 +297237,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get information about a dedicated IP address", - "privilege": "GetDedicatedIp", + "access_level": "List", + "description": "Grants permission to list all of the multi-region endpoints for your account", + "privilege": "ListMultiRegionEndpoints", "resource_types": [ { "condition_keys": [ @@ -284212,13 +297252,13 @@ }, { "access_level": "Read", - "description": "Grants permission to list the dedicated IP addresses that are associated with your account", - "privilege": "GetDedicatedIps", + "description": "Grants permission to list recommendations for your account", + "privilege": "ListRecommendations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dedicated-ip-pool*" + "resource_type": "identity" }, { "condition_keys": [ @@ -284231,13 +297271,19 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get the status of the Deliverability dashboard", - "privilege": "GetDeliverabilityDashboardOptions", + "access_level": "List", + "description": "Grants permission to retrieve a list of reputation entities", + "privilege": "ListReputationEntities", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "tenant*" + }, { "condition_keys": [ - "ses:ApiVersion" + "ses:ApiVersion", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -284245,14 +297291,24 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the results of a predictive inbox placement test", - "privilege": "GetDeliverabilityTestReport", + "access_level": "List", + "description": "Grants permission to list all the tenants associated to a SES resource", + "privilege": "ListResourceTenants", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deliverability-test-report*" + "resource_type": "configuration-set*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "identity*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "template*" }, { "condition_keys": [ @@ -284266,8 +297322,8 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve all the deliverability data for a specific campaign", - "privilege": "GetDomainDeliverabilityCampaign", + "description": "Grants permission to list email addresses that are on the suppression list for your account", + "privilege": "ListSuppressedDestinations", "resource_types": [ { "condition_keys": [ @@ -284280,18 +297336,42 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve inbox placement and engagement rates for the domains that you use to send email", - "privilege": "GetDomainStatisticsReport", + "description": "Grants permission to retrieve a list of the tags (keys and values) that are associated with a specific resource for your account", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identity*" + "resource_type": "configuration-set" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-list" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dedicated-ip-pool" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "deliverability-test-report" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "identity" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "tenant" }, { "condition_keys": [ - "ses:ApiVersion", - "aws:ResourceTag/${TagKey}" + "ses:ApiVersion" ], "dependent_actions": [], "resource_type": "" @@ -284299,14 +297379,14 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get information about a specific identity associated with your account", - "privilege": "GetEmailIdentity", + "access_level": "List", + "description": "Grants permission to list all the resources associated to a tenant", + "privilege": "ListTenantResources", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identity*" + "resource_type": "tenant*" }, { "condition_keys": [ @@ -284320,8 +297400,8 @@ }, { "access_level": "List", - "description": "Grants permission to list all of the configuration sets associated with your account", - "privilege": "ListConfigurationSets", + "description": "Grants permission to list all the tenants for your account", + "privilege": "ListTenants", "resource_types": [ { "condition_keys": [ @@ -284333,9 +297413,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all of the dedicated IP pools that exist in your account", - "privilege": "ListDedicatedIpPools", + "access_level": "Write", + "description": "Grants permission to enable or disable the automatic warm-up feature for dedicated IP addresses", + "privilege": "PutAccountDedicatedIpWarmupAttributes", "resource_types": [ { "condition_keys": [ @@ -284347,9 +297427,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of the predictive inbox placement tests that you've performed, regardless of their statuses", - "privilege": "ListDeliverabilityTestReports", + "access_level": "Write", + "description": "Grants permission to update your account details", + "privilege": "PutAccountDetails", "resource_types": [ { "condition_keys": [ @@ -284361,9 +297441,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve deliverability data for all the campaigns that used a specific domain to send email during a specified time range", - "privilege": "ListDomainDeliverabilityCampaigns", + "access_level": "Write", + "description": "Grants permission to enable or disable the ability to send email for your account", + "privilege": "PutAccountSendingAttributes", "resource_types": [ { "condition_keys": [ @@ -284375,9 +297455,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all of the email identities that are associated with your account", - "privilege": "ListEmailIdentities", + "access_level": "Write", + "description": "Grants permission to change the settings for the account-level suppression list", + "privilege": "PutAccountSuppressionAttributes", "resource_types": [ { "condition_keys": [ @@ -284389,33 +297469,63 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a list of the tags (keys and values) that are associated with a specific resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to change the settings for VDM for your account", + "privilege": "PutAccountVdmAttributes", + "resource_types": [ + { + "condition_keys": [ + "ses:ApiVersion" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to associate a configuration set with a Mail Manager archive", + "privilege": "PutConfigurationSetArchivingOptions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuration-set" + "resource_type": "configuration-set*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "dedicated-ip-pool" + "resource_type": "mailmanager-archive" }, + { + "condition_keys": [ + "ses:ApiVersion", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to associate a configuration set with a dedicated IP pool", + "privilege": "PutConfigurationSetDeliveryOptions", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deliverability-test-report" + "resource_type": "configuration-set*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "identity" + "resource_type": "dedicated-ip-pool" }, { "condition_keys": [ - "ses:ApiVersion" + "ses:ApiVersion", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -284424,12 +297534,18 @@ }, { "access_level": "Write", - "description": "Grants permission to enable or disable the automatic warm-up feature for dedicated IP addresses", - "privilege": "PutAccountDedicatedIpWarmupAttributes", + "description": "Grants permission to enable or disable collection of reputation metrics for emails that you send using a particular configuration set", + "privilege": "PutConfigurationSetReputationOptions", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configuration-set*" + }, { "condition_keys": [ - "ses:ApiVersion" + "ses:ApiVersion", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -284438,12 +297554,18 @@ }, { "access_level": "Write", - "description": "Grants permission to enable or disable the ability of your account to send email", - "privilege": "PutAccountSendingAttributes", + "description": "Grants permission to enable or disable email sending for messages that use a particular configuration set", + "privilege": "PutConfigurationSetSendingOptions", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configuration-set*" + }, { "condition_keys": [ - "ses:ApiVersion" + "ses:ApiVersion", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -284452,8 +297574,8 @@ }, { "access_level": "Write", - "description": "Grants permission to associate a configuration set with a dedicated IP pool", - "privilege": "PutConfigurationSetDeliveryOptions", + "description": "Grants permission to specify the account suppression list preferences for a particular configuration set", + "privilege": "PutConfigurationSetSuppressionOptions", "resource_types": [ { "condition_keys": [], @@ -284472,8 +297594,8 @@ }, { "access_level": "Write", - "description": "Grants permission to enable or disable collection of reputation metrics for emails that you send using a particular configuration set", - "privilege": "PutConfigurationSetReputationOptions", + "description": "Grants permission to specify a custom domain to use for open and click tracking elements in email that you send for a particular configuration set", + "privilege": "PutConfigurationSetTrackingOptions", "resource_types": [ { "condition_keys": [], @@ -284492,8 +297614,8 @@ }, { "access_level": "Write", - "description": "Grants permission to enable or disable email sending for messages that use a particular configuration set", - "privilege": "PutConfigurationSetSendingOptions", + "description": "Grants permission to override account-level VDM settings for a particular configuration set", + "privilege": "PutConfigurationSetVdmOptions", "resource_types": [ { "condition_keys": [], @@ -284512,13 +297634,13 @@ }, { "access_level": "Write", - "description": "Grants permission to specify a custom domain to use for open and click tracking elements in email that you send using a particular configuration set", - "privilege": "PutConfigurationSetTrackingOptions", + "description": "Grants permission to move a dedicated IP address to an existing dedicated IP pool", + "privilege": "PutDedicatedIpInPool", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuration-set*" + "resource_type": "dedicated-ip-pool*" }, { "condition_keys": [ @@ -284532,8 +297654,8 @@ }, { "access_level": "Write", - "description": "Grants permission to move a dedicated IP address to an existing dedicated IP pool", - "privilege": "PutDedicatedIpInPool", + "description": "Grants permission to transition a dedicated IP pool from Standard to Managed", + "privilege": "PutDedicatedIpPoolScalingAttributes", "resource_types": [ { "condition_keys": [], @@ -284552,7 +297674,7 @@ }, { "access_level": "Write", - "description": "Grants permission to enable dedicated IP warm up attributes", + "description": "Grants permission to put Dedicated IP warm up attributes", "privilege": "PutDedicatedIpWarmupAttributes", "resource_types": [ { @@ -284578,6 +297700,31 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to associate a configuration set with an email identity", + "privilege": "PutEmailIdentityConfigurationSetAttributes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "identity*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configuration-set" + }, + { + "condition_keys": [ + "ses:ApiVersion", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to enable or disable DKIM authentication for an email identity", @@ -284600,7 +297747,27 @@ }, { "access_level": "Write", - "description": "Grants permission to enable or disable feedback forwarding for an identity", + "description": "Grants permission to configure or change the DKIM authentication settings for an email domain identity", + "privilege": "PutEmailIdentityDkimSigningAttributes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "identity*" + }, + { + "condition_keys": [ + "ses:ApiVersion", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to enable or disable feedback forwarding for an email identity", "privilege": "PutEmailIdentityFeedbackAttributes", "resource_types": [ { @@ -284638,6 +297805,89 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to add an email address to the suppression list", + "privilege": "PutSuppressedDestination", + "resource_types": [ + { + "condition_keys": [ + "ses:ApiVersion" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to replicate email identity DKIM signing key", + "privilege": "ReplicateEmailIdentityDkimSigningKey", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "identity*" + }, + { + "condition_keys": [ + "ses:ReplicaRegion" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to compose an email message to multiple destinations", + "privilege": "SendBulkEmail", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "identity*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "template*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configuration-set" + }, + { + "condition_keys": [ + "ses:ApiVersion", + "ses:MultiRegionEndpointId", + "ses:TenantName" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to add an email address to the list of identities and attempts to verify it", + "privilege": "SendCustomVerificationEmail", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "custom-verification-email-template*" + }, + { + "condition_keys": [ + "ses:ApiVersion" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to send an email message", @@ -284648,13 +297898,25 @@ "dependent_actions": [], "resource_type": "identity*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configuration-set" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "template" + }, { "condition_keys": [ "ses:ApiVersion", "ses:FeedbackAddress", "ses:FromAddress", "ses:FromDisplayName", - "ses:Recipients" + "ses:Recipients", + "ses:MultiRegionEndpointId", + "ses:TenantName" ], "dependent_actions": [], "resource_type": "" @@ -284671,6 +297933,11 @@ "dependent_actions": [], "resource_type": "configuration-set" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-list" + }, { "condition_keys": [], "dependent_actions": [], @@ -284686,6 +297953,11 @@ "dependent_actions": [], "resource_type": "identity" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "tenant" + }, { "condition_keys": [ "ses:ApiVersion", @@ -284697,6 +297969,25 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a preview of the MIME content of an email when provided with a template and a set of replacement data", + "privilege": "TestRenderEmailTemplate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "template*" + }, + { + "condition_keys": [ + "ses:ApiVersion" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Tagging", "description": "Grants permission to remove one or more tags (keys and values) from a specified resource", @@ -284707,6 +297998,11 @@ "dependent_actions": [], "resource_type": "configuration-set" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-list" + }, { "condition_keys": [], "dependent_actions": [], @@ -284722,6 +298018,11 @@ "dependent_actions": [], "resource_type": "identity" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "tenant" + }, { "condition_keys": [ "ses:ApiVersion", @@ -284751,9 +298052,157 @@ "resource_type": "" } ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a contact's preferences for a list", + "privilege": "UpdateContact", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-list*" + }, + { + "condition_keys": [ + "ses:ApiVersion", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update contact list metadata", + "privilege": "UpdateContactList", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-list*" + }, + { + "condition_keys": [ + "ses:ApiVersion", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update an existing custom verification email template", + "privilege": "UpdateCustomVerificationEmailTemplate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "custom-verification-email-template*" + }, + { + "condition_keys": [ + "ses:ApiVersion" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to update the specified sending authorization policy for the given identity (an email address or a domain)", + "privilege": "UpdateEmailIdentityPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "identity*" + }, + { + "condition_keys": [ + "ses:ApiVersion", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update an email template", + "privilege": "UpdateEmailTemplate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "template*" + }, + { + "condition_keys": [ + "ses:ApiVersion" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the customer-managed sending status", + "privilege": "UpdateReputationEntityCustomerManagedStatus", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "tenant*" + }, + { + "condition_keys": [ + "ses:ApiVersion", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to assign a reputation policy", + "privilege": "UpdateReputationEntityPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "reputation-policy*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "tenant*" + }, + { + "condition_keys": [ + "ses:ApiVersion", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] } ], "resources": [ + { + "arn": "arn:${Partition}:ses:${Region}:aws:reputation-policy/${ReputationPolicyName}", + "condition_keys": [], + "resource": "reputation-policy" + }, { "arn": "arn:${Partition}:ses:${Region}:${Account}:configuration-set/${ConfigurationSetName}", "condition_keys": [ @@ -284761,6 +298210,18 @@ ], "resource": "configuration-set" }, + { + "arn": "arn:${Partition}:ses:${Region}:${Account}:contact-list/${ContactListName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "contact-list" + }, + { + "arn": "arn:${Partition}:ses:${Region}:${Account}:custom-verification-email-template/${TemplateName}", + "condition_keys": [], + "resource": "custom-verification-email-template" + }, { "arn": "arn:${Partition}:ses:${Region}:${Account}:dedicated-ip-pool/${DedicatedIPPool}", "condition_keys": [ @@ -284775,15 +298236,49 @@ ], "resource": "deliverability-test-report" }, + { + "arn": "arn:${Partition}:ses:${Region}:${Account}:export-job/${ExportJobId}", + "condition_keys": [], + "resource": "export-job" + }, { "arn": "arn:${Partition}:ses:${Region}:${Account}:identity/${IdentityName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], "resource": "identity" + }, + { + "arn": "arn:${Partition}:ses:${Region}:${Account}:import-job/${ImportJobId}", + "condition_keys": [], + "resource": "import-job" + }, + { + "arn": "arn:${Partition}:ses:${Region}:${Account}:template/${TemplateName}", + "condition_keys": [], + "resource": "template" + }, + { + "arn": "arn:${Partition}:ses:${Region}:${Account}:multi-region-endpoint/${EndpointName}", + "condition_keys": [], + "resource": "multi-region-endpoint" + }, + { + "arn": "arn:${Partition}:ses:${Region}:${Account}:mailmanager-archive/${ArchiveId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "mailmanager-archive" + }, + { + "arn": "arn:${Partition}:ses:${Region}:${Account}:tenant/${TenantName}/${TenantId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "tenant" } ], - "service_name": "Amazon Pinpoint Email Service" + "service_name": "Amazon Simple Email Service v2" }, { "conditions": [ @@ -284930,6 +298425,7 @@ "ses:MailManagerTrafficPolicyArn" ], "dependent_actions": [ + "ec2:DescribeVpcEndpoints", "iam:CreateServiceLinkedRole" ], "resource_type": "" @@ -287059,117 +300555,52 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request", + "description": "Filters actions based on the presence of tag key-value pairs in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tag key-value pairs attached to the resource", + "description": "Filters actions based on tag key-value pairs attached to the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by the presence of tag keys in the request", + "description": "Filters actions based on the presence of tag keys in the request", "type": "ArrayOfString" }, { "condition": "ses:ApiVersion", - "description": "Filters access by the SES API version", - "type": "String" - }, - { - "condition": "ses:ExportSourceType", - "description": "Filters access by the export source type", + "description": "Filters actions based on the SES API version", "type": "String" }, { "condition": "ses:FeedbackAddress", - "description": "Filters access by the \"Return-Path\" address, which specifies where bounces and complaints are sent by email feedback forwarding", + "description": "Filters actions based on the \"Return-Path\" address, which specifies where bounces and complaints are sent by email feedback forwarding", "type": "String" }, { "condition": "ses:FromAddress", - "description": "Filters access by the \"From\" address of a message", + "description": "Filters actions based on the \"From\" address of a message", "type": "String" }, { "condition": "ses:FromDisplayName", - "description": "Filters access by the \"From\" address that is used as the display name of a message", - "type": "String" - }, - { - "condition": "ses:MultiRegionEndpointId", - "description": "Filters access by the multi-region endpoint ID that is used to send email", + "description": "Filters actions based on the \"From\" address that is used as the display name of a message", "type": "String" }, { "condition": "ses:Recipients", - "description": "Filters access by the recipient addresses of a message, which include the \"To\", \"CC\", and \"BCC\" addresses", - "type": "ArrayOfString" - }, - { - "condition": "ses:ReplicaRegion", - "description": "Filters access by the replica regions for Replicating domain DKIM signing key", + "description": "Filters actions based on the recipient addresses of a message, which include the \"To\", \"CC\", and \"BCC\" addresses", "type": "ArrayOfString" } ], "prefix": "ses", "privileges": [ - { - "access_level": "Read", - "description": "Grants permission to get metric data on your activity", - "privilege": "BatchGetMetricData", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "configuration-set" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "identity" - }, - { - "condition_keys": [ - "ses:ApiVersion", - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, { "access_level": "Write", - "description": "Grants permission to cancel an export job", - "privilege": "CancelExportJob", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "export-job*" - }, - { - "condition_keys": [ - "ses:ApiVersion", - "ses:ExportSourceType" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a new configuration set", + "description": "Grants permission to create a configuration set", "privilege": "CreateConfigurationSet", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "configuration-set*" - }, { "condition_keys": [ "ses:ApiVersion", @@ -287201,76 +300632,11 @@ } ] }, - { - "access_level": "Write", - "description": "Grants permission to create a contact", - "privilege": "CreateContact", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-list*" - }, - { - "condition_keys": [ - "ses:ApiVersion", - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a contact list", - "privilege": "CreateContactList", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-list*" - }, - { - "condition_keys": [ - "ses:ApiVersion", - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a new custom verification email template", - "privilege": "CreateCustomVerificationEmailTemplate", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "custom-verification-email-template*" - }, - { - "condition_keys": [ - "ses:ApiVersion" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, { "access_level": "Write", "description": "Grants permission to create a new pool of dedicated IP addresses", "privilege": "CreateDedicatedIpPool", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "dedicated-ip-pool*" - }, { "condition_keys": [ "ses:ApiVersion", @@ -287308,11 +300674,6 @@ "description": "Grants permission to start the process of verifying an email identity", "privilege": "CreateEmailIdentity", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "identity*" - }, { "condition_keys": [ "ses:ApiVersion", @@ -287324,92 +300685,6 @@ } ] }, - { - "access_level": "Permissions management", - "description": "Grants permission to create the specified sending authorization policy for the given identity", - "privilege": "CreateEmailIdentityPolicy", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "identity*" - }, - { - "condition_keys": [ - "ses:ApiVersion", - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create an email template", - "privilege": "CreateEmailTemplate", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "template*" - }, - { - "condition_keys": [ - "ses:ApiVersion" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create an export job", - "privilege": "CreateExportJob", - "resource_types": [ - { - "condition_keys": [ - "ses:ApiVersion", - "ses:ExportSourceType" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to creates an import job for a data destination", - "privilege": "CreateImportJob", - "resource_types": [ - { - "condition_keys": [ - "ses:ApiVersion" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a new multi-region endpoint", - "privilege": "CreateMultiRegionEndpoint", - "resource_types": [ - { - "condition_keys": [ - "ses:ApiVersion", - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [ - "iam:CreateServiceLinkedRole" - ], - "resource_type": "" - } - ] - }, { "access_level": "Write", "description": "Grants permission to delete an existing configuration set", @@ -287450,65 +300725,6 @@ } ] }, - { - "access_level": "Write", - "description": "Grants permission to delete a contact from a contact list", - "privilege": "DeleteContact", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-list*" - }, - { - "condition_keys": [ - "ses:ApiVersion", - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a contact list with all of its contacts", - "privilege": "DeleteContactList", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-list*" - }, - { - "condition_keys": [ - "ses:ApiVersion", - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete an existing custom verification email template", - "privilege": "DeleteCustomVerificationEmailTemplate", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "custom-verification-email-template*" - }, - { - "condition_keys": [ - "ses:ApiVersion" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, { "access_level": "Write", "description": "Grants permission to delete a dedicated IP pool", @@ -287531,7 +300747,7 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an email identity", + "description": "Grants permission to delete an email identity that you previously verified", "privilege": "DeleteEmailIdentity", "resource_types": [ { @@ -287549,82 +300765,9 @@ } ] }, - { - "access_level": "Permissions management", - "description": "Grants permission to delete the specified sending authorization policy for the given identity (an email address or a domain)", - "privilege": "DeleteEmailIdentityPolicy", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "identity*" - }, - { - "condition_keys": [ - "ses:ApiVersion", - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete an email template", - "privilege": "DeleteEmailTemplate", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "template*" - }, - { - "condition_keys": [ - "ses:ApiVersion" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a multi-region endpoint", - "privilege": "DeleteMultiRegionEndpoint", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "multi-region-endpoint*" - }, - { - "condition_keys": [ - "ses:ApiVersion", - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to remove an email address from the suppression list for your account", - "privilege": "DeleteSuppressedDestination", - "resource_types": [ - { - "condition_keys": [ - "ses:ApiVersion" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, { "access_level": "Read", - "description": "Grants permission to get information about the email-sending status and capabilities for your account", + "description": "Grants permission to get information about the email-sending status and capabilities", "privilege": "GetAccount", "resource_types": [ { @@ -287638,7 +300781,7 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve a list of the deny lists on which your dedicated IP addresses or tracked domains appear", + "description": "Grants permission to retrieve a list of the deny lists on which your dedicated IP addresses appear", "privilege": "GetBlacklistReports", "resource_types": [ { @@ -287690,64 +300833,6 @@ } ] }, - { - "access_level": "Read", - "description": "Grants permission to return a contact from a contact list", - "privilege": "GetContact", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-list*" - }, - { - "condition_keys": [ - "ses:ApiVersion", - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to return contact list metadata", - "privilege": "GetContactList", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-list*" - }, - { - "condition_keys": [ - "ses:ApiVersion" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to return the custom email verification template for the template name you specify", - "privilege": "GetCustomVerificationEmailTemplate", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "custom-verification-email-template*" - }, - { - "condition_keys": [ - "ses:ApiVersion" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, { "access_level": "Read", "description": "Grants permission to get information about a dedicated IP address", @@ -287764,27 +300849,7 @@ }, { "access_level": "Read", - "description": "Grants permission to get information about a dedicated IP pool", - "privilege": "GetDedicatedIpPool", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "dedicated-ip-pool*" - }, - { - "condition_keys": [ - "ses:ApiVersion", - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list the dedicated IP addresses a dedicated IP pool", + "description": "Grants permission to list the dedicated IP addresses that are associated with your account", "privilege": "GetDedicatedIps", "resource_types": [ { @@ -287872,7 +300937,7 @@ }, { "access_level": "Read", - "description": "Grants permission to get information about a specific identity", + "description": "Grants permission to get information about a specific identity associated with your account", "privilege": "GetEmailIdentity", "resource_types": [ { @@ -287890,135 +300955,9 @@ } ] }, - { - "access_level": "Read", - "description": "Grants permission to return the requested sending authorization policies for the given identity (an email address or a domain)", - "privilege": "GetEmailIdentityPolicies", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "identity*" - }, - { - "condition_keys": [ - "ses:ApiVersion", - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to return the template object, which includes the subject line, HTML part, and text part for the template you specify", - "privilege": "GetEmailTemplate", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "template*" - }, - { - "condition_keys": [ - "ses:ApiVersion" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get information about an export job", - "privilege": "GetExportJob", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "export-job*" - }, - { - "condition_keys": [ - "ses:ApiVersion", - "ses:ExportSourceType" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to provide information about an import job", - "privilege": "GetImportJob", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "import-job*" - }, - { - "condition_keys": [ - "ses:ApiVersion" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to provide insights about a message", - "privilege": "GetMessageInsights", - "resource_types": [ - { - "condition_keys": [ - "ses:ApiVersion" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get information about a multi-region endpoint", - "privilege": "GetMultiRegionEndpoint", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "multi-region-endpoint*" - }, - { - "condition_keys": [ - "ses:ApiVersion", - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve information about a specific email address that's on the suppression list for your account", - "privilege": "GetSuppressedDestination", - "resource_types": [ - { - "condition_keys": [ - "ses:ApiVersion" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, { "access_level": "List", - "description": "Grants permission to list all of the configuration sets for your account", + "description": "Grants permission to list all of the configuration sets associated with your account", "privilege": "ListConfigurationSets", "resource_types": [ { @@ -288032,54 +300971,7 @@ }, { "access_level": "List", - "description": "Grants permission to list all of the contact lists available for your account", - "privilege": "ListContactLists", - "resource_types": [ - { - "condition_keys": [ - "ses:ApiVersion" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list the contacts present in a specific contact list", - "privilege": "ListContacts", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-list*" - }, - { - "condition_keys": [ - "ses:ApiVersion" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list all of the existing custom verification email templates for your account", - "privilege": "ListCustomVerificationEmailTemplates", - "resource_types": [ - { - "condition_keys": [ - "ses:ApiVersion" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list all of the dedicated IP pools for your account", + "description": "Grants permission to list all of the dedicated IP pools that exist in your account", "privilege": "ListDedicatedIpPools", "resource_types": [ { @@ -288093,7 +300985,7 @@ }, { "access_level": "List", - "description": "Grants permission to retrieve the list of the predictive inbox placement tests that you've performed, regardless of their statuses, for your account", + "description": "Grants permission to retrieve a list of the predictive inbox placement tests that you've performed, regardless of their statuses", "privilege": "ListDeliverabilityTestReports", "resource_types": [ { @@ -288107,7 +300999,7 @@ }, { "access_level": "Read", - "description": "Grants permission to list deliverability data for campaigns that used a specific domain to send email during a specified time range", + "description": "Grants permission to retrieve deliverability data for all the campaigns that used a specific domain to send email during a specified time range", "privilege": "ListDomainDeliverabilityCampaigns", "resource_types": [ { @@ -288121,7 +301013,7 @@ }, { "access_level": "List", - "description": "Grants permission to list the email identities for your account", + "description": "Grants permission to list all of the email identities that are associated with your account", "privilege": "ListEmailIdentities", "resource_types": [ { @@ -288133,100 +301025,9 @@ } ] }, - { - "access_level": "List", - "description": "Grants permission to list all of the email templates for your account", - "privilege": "ListEmailTemplates", - "resource_types": [ - { - "condition_keys": [ - "ses:ApiVersion" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list all the exports jobs for your account", - "privilege": "ListExportJobs", - "resource_types": [ - { - "condition_keys": [ - "ses:ApiVersion", - "ses:ExportSourceType" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list all of the import jobs for your account", - "privilege": "ListImportJobs", - "resource_types": [ - { - "condition_keys": [ - "ses:ApiVersion" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list all of the multi-region endpoints for your account", - "privilege": "ListMultiRegionEndpoints", - "resource_types": [ - { - "condition_keys": [ - "ses:ApiVersion" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list recommendations for your account", - "privilege": "ListRecommendations", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "identity" - }, - { - "condition_keys": [ - "ses:ApiVersion", - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list email addresses that are on the suppression list for your account", - "privilege": "ListSuppressedDestinations", - "resource_types": [ - { - "condition_keys": [ - "ses:ApiVersion" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, { "access_level": "Read", - "description": "Grants permission to retrieve a list of the tags (keys and values) that are associated with a specific resource for your account", + "description": "Grants permission to retrieve a list of the tags (keys and values) that are associated with a specific resource", "privilege": "ListTagsForResource", "resource_types": [ { @@ -288234,11 +301035,6 @@ "dependent_actions": [], "resource_type": "configuration-set" }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-list" - }, { "condition_keys": [], "dependent_actions": [], @@ -288279,21 +301075,7 @@ }, { "access_level": "Write", - "description": "Grants permission to update your account details", - "privilege": "PutAccountDetails", - "resource_types": [ - { - "condition_keys": [ - "ses:ApiVersion" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to enable or disable the ability to send email for your account", + "description": "Grants permission to enable or disable the ability of your account to send email", "privilege": "PutAccountSendingAttributes", "resource_types": [ { @@ -288305,34 +301087,6 @@ } ] }, - { - "access_level": "Write", - "description": "Grants permission to change the settings for the account-level suppression list", - "privilege": "PutAccountSuppressionAttributes", - "resource_types": [ - { - "condition_keys": [ - "ses:ApiVersion" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to change the settings for VDM for your account", - "privilege": "PutAccountVdmAttributes", - "resource_types": [ - { - "condition_keys": [ - "ses:ApiVersion" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, { "access_level": "Write", "description": "Grants permission to associate a configuration set with a dedicated IP pool", @@ -288395,27 +301149,7 @@ }, { "access_level": "Write", - "description": "Grants permission to specify the account suppression list preferences for a particular configuration set", - "privilege": "PutConfigurationSetSuppressionOptions", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "configuration-set*" - }, - { - "condition_keys": [ - "ses:ApiVersion", - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to specify a custom domain to use for open and click tracking elements in email that you send for a particular configuration set", + "description": "Grants permission to specify a custom domain to use for open and click tracking elements in email that you send using a particular configuration set", "privilege": "PutConfigurationSetTrackingOptions", "resource_types": [ { @@ -288433,26 +301167,6 @@ } ] }, - { - "access_level": "Write", - "description": "Grants permission to override account-level VDM settings for a particular configuration set", - "privilege": "PutConfigurationSetVdmOptions", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "configuration-set*" - }, - { - "condition_keys": [ - "ses:ApiVersion", - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, { "access_level": "Write", "description": "Grants permission to move a dedicated IP address to an existing dedicated IP pool", @@ -288475,27 +301189,7 @@ }, { "access_level": "Write", - "description": "Grants permission to transition a dedicated IP pool from Standard to Managed", - "privilege": "PutDedicatedIpPoolScalingAttributes", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "dedicated-ip-pool*" - }, - { - "condition_keys": [ - "ses:ApiVersion", - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to put Dedicated IP warm up attributes", + "description": "Grants permission to enable dedicated IP warm up attributes", "privilege": "PutDedicatedIpWarmupAttributes", "resource_types": [ { @@ -288521,31 +301215,6 @@ } ] }, - { - "access_level": "Write", - "description": "Grants permission to associate a configuration set with an email identity", - "privilege": "PutEmailIdentityConfigurationSetAttributes", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "identity*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "configuration-set" - }, - { - "condition_keys": [ - "ses:ApiVersion", - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, { "access_level": "Write", "description": "Grants permission to enable or disable DKIM authentication for an email identity", @@ -288568,27 +301237,7 @@ }, { "access_level": "Write", - "description": "Grants permission to configure or change the DKIM authentication settings for an email domain identity", - "privilege": "PutEmailIdentityDkimSigningAttributes", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "identity*" - }, - { - "condition_keys": [ - "ses:ApiVersion", - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to enable or disable feedback forwarding for an email identity", + "description": "Grants permission to enable or disable feedback forwarding for an identity", "privilege": "PutEmailIdentityFeedbackAttributes", "resource_types": [ { @@ -288626,88 +301275,6 @@ } ] }, - { - "access_level": "Write", - "description": "Grants permission to add an email address to the suppression list", - "privilege": "PutSuppressedDestination", - "resource_types": [ - { - "condition_keys": [ - "ses:ApiVersion" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Permissions management", - "description": "Grants permission to replicate email identity DKIM signing key", - "privilege": "ReplicateEmailIdentityDkimSigningKey", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "identity*" - }, - { - "condition_keys": [ - "ses:ReplicaRegion" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to compose an email message to multiple destinations", - "privilege": "SendBulkEmail", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "identity*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "template*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "configuration-set" - }, - { - "condition_keys": [ - "ses:ApiVersion", - "ses:MultiRegionEndpointId" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to add an email address to the list of identities and attempts to verify it", - "privilege": "SendCustomVerificationEmail", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "custom-verification-email-template*" - }, - { - "condition_keys": [ - "ses:ApiVersion" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, { "access_level": "Write", "description": "Grants permission to send an email message", @@ -288718,24 +301285,13 @@ "dependent_actions": [], "resource_type": "identity*" }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "configuration-set" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "template" - }, { "condition_keys": [ "ses:ApiVersion", "ses:FeedbackAddress", "ses:FromAddress", "ses:FromDisplayName", - "ses:Recipients", - "ses:MultiRegionEndpointId" + "ses:Recipients" ], "dependent_actions": [], "resource_type": "" @@ -288752,11 +301308,6 @@ "dependent_actions": [], "resource_type": "configuration-set" }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-list" - }, { "condition_keys": [], "dependent_actions": [], @@ -288783,25 +301334,6 @@ } ] }, - { - "access_level": "Write", - "description": "Grants permission to create a preview of the MIME content of an email when provided with a template and a set of replacement data", - "privilege": "TestRenderEmailTemplate", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "template*" - }, - { - "condition_keys": [ - "ses:ApiVersion" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, { "access_level": "Tagging", "description": "Grants permission to remove one or more tags (keys and values) from a specified resource", @@ -288812,11 +301344,6 @@ "dependent_actions": [], "resource_type": "configuration-set" }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-list" - }, { "condition_keys": [], "dependent_actions": [], @@ -288861,104 +301388,6 @@ "resource_type": "" } ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a contact's preferences for a list", - "privilege": "UpdateContact", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-list*" - }, - { - "condition_keys": [ - "ses:ApiVersion", - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update contact list metadata", - "privilege": "UpdateContactList", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-list*" - }, - { - "condition_keys": [ - "ses:ApiVersion", - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update an existing custom verification email template", - "privilege": "UpdateCustomVerificationEmailTemplate", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "custom-verification-email-template*" - }, - { - "condition_keys": [ - "ses:ApiVersion" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Permissions management", - "description": "Grants permission to update the specified sending authorization policy for the given identity (an email address or a domain)", - "privilege": "UpdateEmailIdentityPolicy", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "identity*" - }, - { - "condition_keys": [ - "ses:ApiVersion", - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update an email template", - "privilege": "UpdateEmailTemplate", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "template*" - }, - { - "condition_keys": [ - "ses:ApiVersion" - ], - "dependent_actions": [], - "resource_type": "" - } - ] } ], "resources": [ @@ -288969,18 +301398,6 @@ ], "resource": "configuration-set" }, - { - "arn": "arn:${Partition}:ses:${Region}:${Account}:contact-list/${ContactListName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "contact-list" - }, - { - "arn": "arn:${Partition}:ses:${Region}:${Account}:custom-verification-email-template/${TemplateName}", - "condition_keys": [], - "resource": "custom-verification-email-template" - }, { "arn": "arn:${Partition}:ses:${Region}:${Account}:dedicated-ip-pool/${DedicatedIPPool}", "condition_keys": [ @@ -288995,35 +301412,15 @@ ], "resource": "deliverability-test-report" }, - { - "arn": "arn:${Partition}:ses:${Region}:${Account}:export-job/${ExportJobId}", - "condition_keys": [], - "resource": "export-job" - }, { "arn": "arn:${Partition}:ses:${Region}:${Account}:identity/${IdentityName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], "resource": "identity" - }, - { - "arn": "arn:${Partition}:ses:${Region}:${Account}:import-job/${ImportJobId}", - "condition_keys": [], - "resource": "import-job" - }, - { - "arn": "arn:${Partition}:ses:${Region}:${Account}:template/${TemplateName}", - "condition_keys": [], - "resource": "template" - }, - { - "arn": "arn:${Partition}:ses:${Region}:${Account}:multi-region-endpoint/${EndpointName}", - "condition_keys": [], - "resource": "multi-region-endpoint" } ], - "service_name": "Amazon Simple Email Service v2" + "service_name": "Amazon Pinpoint Email Service" }, { "conditions": [ @@ -289213,6 +301610,23 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get detailed information about the contributors to a specific DDoS attack", + "privilege": "DescribeAttackContributors", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "attack*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "protection-group" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe information about the number and type of attacks AWS Shield has detected in the last year", @@ -289403,6 +301817,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve global threat intelligence data and trends from AWS Shield's threat monitoring systems", + "privilege": "GetGlobalThreatData", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get subscription state", @@ -289427,6 +301853,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to retrieve a list of mitigation actions that have been applied during DDoS attacks", + "privilege": "ListMitigations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "attack*" + } + ] + }, { "access_level": "List", "description": "Grants permission to retrieve the protection groups for the account", @@ -292150,914 +304588,172 @@ "resource": "Pool" }, { - "arn": "arn:${Partition}:sms-voice:${Region}:${Account}:protect-configuration/${ProtectConfigurationId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "ProtectConfiguration" - }, - { - "arn": "arn:${Partition}:sms-voice:${Region}:${Account}:sender-id/${SenderId}/${IsoCountryCode}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "SenderId" - }, - { - "arn": "arn:${Partition}:sms-voice:${Region}:${Account}:registration/${RegistrationId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Registration" - }, - { - "arn": "arn:${Partition}:sms-voice:${Region}:${Account}:registration-attachment/${RegistrationAttachmentId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "RegistrationAttachment" - }, - { - "arn": "arn:${Partition}:sms-voice:${Region}:${Account}:verified-destination-number/${VerifiedDestinationNumberId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "VerifiedDestinationNumber" - }, - { - "arn": "arn:${Partition}:sms-voice:${Region}:${Account}:message/${MessageId}", - "condition_keys": [], - "resource": "Message" - } - ], - "service_name": "AWS End User Messaging SMS and Voice V2" - }, - { - "conditions": [], - "prefix": "sms-voice", - "privileges": [ - { - "access_level": "Write", - "description": "Create a new configuration set. After you create the configuration set, you can add one or more event destinations to it.", - "privilege": "CreateConfigurationSet", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Create a new event destination in a configuration set.", - "privilege": "CreateConfigurationSetEventDestination", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "iam:PassRole" - ], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Deletes an existing configuration set.", - "privilege": "DeleteConfigurationSet", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Deletes an event destination in a configuration set.", - "privilege": "DeleteConfigurationSetEventDestination", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Obtain information about an event destination, including the types of events it reports, the Amazon Resource Name (ARN) of the destination, and the name of the event destination.", - "privilege": "GetConfigurationSetEventDestinations", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Return a list of configuration sets. This operation only returns the configuration sets that are associated with your account in the current AWS Region.", - "privilege": "ListConfigurationSets", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Create a new voice message and send it to a recipient's phone number.", - "privilege": "SendVoiceMessage", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Update an event destination in a configuration set. An event destination is a location that you publish information about your voice calls to. For example, you can log an event to an Amazon CloudWatch destination when a call fails.", - "privilege": "UpdateConfigurationSetEventDestination", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "iam:PassRole" - ], - "resource_type": "" - } - ] - } - ], - "resources": [], - "service_name": "Amazon Pinpoint SMS and Voice Service" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", - "type": "ArrayOfString" - } - ], - "prefix": "sms-voice", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to associate an origination phone number or sender ID to a pool", - "privilege": "AssociateOriginationIdentity", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Pool*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "PhoneNumber" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "SenderId" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a configuration set", - "privilege": "CreateConfigurationSet", - "resource_types": [ - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "sms-voice:TagResource" - ], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create an event destination within a configuration set", - "privilege": "CreateEventDestination", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "iam:PassRole" - ], - "resource_type": "ConfigurationSet*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create an opt-out list", - "privilege": "CreateOptOutList", - "resource_types": [ - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "sms-voice:TagResource" - ], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a pool", - "privilege": "CreatePool", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "sms-voice:TagResource" - ], - "resource_type": "PhoneNumber" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "SenderId" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a configuration set", - "privilege": "DeleteConfigurationSet", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ConfigurationSet*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete the default message type for a configuration set", - "privilege": "DeleteDefaultMessageType", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ConfigurationSet*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete the default sender ID for a configuration set", - "privilege": "DeleteDefaultSenderId", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ConfigurationSet*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete an event destination within a configuration set", - "privilege": "DeleteEventDestination", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ConfigurationSet*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a keyword for a pool or origination phone number", - "privilege": "DeleteKeyword", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "PhoneNumber" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Pool" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete an opt-out list", - "privilege": "DeleteOptOutList", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "OptOutList*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a destination phone number from an opt-out list", - "privilege": "DeleteOptedOutNumber", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "OptOutList*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a pool", - "privilege": "DeletePool", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Pool*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete an override for your account's text messaging monthly spend limit", - "privilege": "DeleteTextMessageSpendLimitOverride", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete an override for your account's voice messaging monthly spend limit", - "privilege": "DeleteVoiceMessageSpendLimitOverride", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the attributes of your account", - "privilege": "DescribeAccountAttributes", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the service quotas for your account", - "privilege": "DescribeAccountLimits", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the configuration sets in your account", - "privilege": "DescribeConfigurationSets", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ConfigurationSet" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the keywords for a pool or origination phone number", - "privilege": "DescribeKeywords", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "PhoneNumber" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Pool" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the opt-out lists in your account", - "privilege": "DescribeOptOutLists", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "OptOutList" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the destination phone numbers in an opt-out list", - "privilege": "DescribeOptedOutNumbers", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "OptOutList*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the origination phone numbers in your account", - "privilege": "DescribePhoneNumbers", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "PhoneNumber" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the pools in your account", - "privilege": "DescribePools", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Pool" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the sender IDs in your account", - "privilege": "DescribeSenderIds", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "SenderId" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the monthly spend limits for your account", - "privilege": "DescribeSpendLimits", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to disassociate an origination phone number or sender ID from a pool", - "privilege": "DisassociateOriginationIdentity", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Pool*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "PhoneNumber" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "SenderId" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list all origination phone numbers and sender IDs associated to a pool", - "privilege": "ListPoolOriginationIdentities", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Pool*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list the tags for a resource", - "privilege": "ListTagsForResource", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ConfigurationSet" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "OptOutList" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "PhoneNumber" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Pool" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "SenderId" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create or update a keyword for a pool or origination phone number", - "privilege": "PutKeyword", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "PhoneNumber" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Pool" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to put a destination phone number into an opt-out list", - "privilege": "PutOptedOutNumber", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "OptOutList*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to release an origination phone number", - "privilege": "ReleasePhoneNumber", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "PhoneNumber*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to request an origination phone number", - "privilege": "RequestPhoneNumber", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "sms-voice:AssociateOriginationIdentity", - "sms-voice:TagResource" - ], - "resource_type": "Pool" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to send a text message to a destination phone number", - "privilege": "SendTextMessage", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "PhoneNumber" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Pool" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "SenderId" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to send a voice message to a destination phone number", - "privilege": "SendVoiceMessage", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "PhoneNumber" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Pool" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to set the default message type for a configuration set", - "privilege": "SetDefaultMessageType", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ConfigurationSet*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to set the default sender ID for a configuration set", - "privilege": "SetDefaultSenderId", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ConfigurationSet*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to set an override for your account's text messaging monthly spend limit", - "privilege": "SetTextMessageSpendLimitOverride", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to set an override for your account's voice messaging monthly spend limit", - "privilege": "SetVoiceMessageSpendLimitOverride", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to add tags to a resource", - "privilege": "TagResource", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ConfigurationSet" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "OptOutList" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "PhoneNumber" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Pool" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "SenderId" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to remove tags from a resource", - "privilege": "UntagResource", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ConfigurationSet" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "OptOutList" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "PhoneNumber" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Pool" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "SenderId" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update an event destination within a configuration set", - "privilege": "UpdateEventDestination", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "iam:PassRole" - ], - "resource_type": "ConfigurationSet*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update an origination phone number's configuration", - "privilege": "UpdatePhoneNumber", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "PhoneNumber*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a pool's configuration", - "privilege": "UpdatePool", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Pool*" - } - ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:sms-voice:${Region}:${Account}:configuration-set/${ConfigurationSetName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "ConfigurationSet" - }, - { - "arn": "arn:${Partition}:sms-voice:${Region}:${Account}:opt-out-list/${OptOutListName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "OptOutList" - }, - { - "arn": "arn:${Partition}:sms-voice:${Region}:${Account}:phone-number/${PhoneNumberId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "PhoneNumber" - }, - { - "arn": "arn:${Partition}:sms-voice:${Region}:${Account}:pool/${PoolId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Pool" - }, - { + "arn": "arn:${Partition}:sms-voice:${Region}:${Account}:protect-configuration/${ProtectConfigurationId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "ProtectConfiguration" + }, + { "arn": "arn:${Partition}:sms-voice:${Region}:${Account}:sender-id/${SenderId}/${IsoCountryCode}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], "resource": "SenderId" + }, + { + "arn": "arn:${Partition}:sms-voice:${Region}:${Account}:registration/${RegistrationId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Registration" + }, + { + "arn": "arn:${Partition}:sms-voice:${Region}:${Account}:registration-attachment/${RegistrationAttachmentId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "RegistrationAttachment" + }, + { + "arn": "arn:${Partition}:sms-voice:${Region}:${Account}:verified-destination-number/${VerifiedDestinationNumberId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "VerifiedDestinationNumber" + }, + { + "arn": "arn:${Partition}:sms-voice:${Region}:${Account}:message/${MessageId}", + "condition_keys": [], + "resource": "Message" + } + ], + "service_name": "AWS End User Messaging SMS and Voice V2" + }, + { + "conditions": [], + "prefix": "sms-voice", + "privileges": [ + { + "access_level": "Write", + "description": "Create a new configuration set. After you create the configuration set, you can add one or more event destinations to it.", + "privilege": "CreateConfigurationSet", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Create a new event destination in a configuration set.", + "privilege": "CreateConfigurationSetEventDestination", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Deletes an existing configuration set.", + "privilege": "DeleteConfigurationSet", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Deletes an event destination in a configuration set.", + "privilege": "DeleteConfigurationSetEventDestination", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Obtain information about an event destination, including the types of events it reports, the Amazon Resource Name (ARN) of the destination, and the name of the event destination.", + "privilege": "GetConfigurationSetEventDestinations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Return a list of configuration sets. This operation only returns the configuration sets that are associated with your account in the current AWS Region.", + "privilege": "ListConfigurationSets", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Create a new voice message and send it to a recipient's phone number.", + "privilege": "SendVoiceMessage", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Update an event destination in a configuration set. An event destination is a location that you publish information about your voice calls to. For example, you can log an event to an Amazon CloudWatch destination when a call fails.", + "privilege": "UpdateConfigurationSetEventDestination", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "" + } + ] } ], - "service_name": "Amazon Pinpoint SMS Voice V2" + "resources": [], + "service_name": "Amazon Pinpoint SMS and Voice Service" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access based on the presence of tag key-value pairs in the request", + "description": "Filters access by a tag's key and value in a request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access based on tag key-value pairs attached to the resource", + "description": "Filters access by the presence of tag key-value pairs attached to the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access based on the presence of tag keys in the request", - "type": "String" + "description": "Filters access by the presence of tag keys in the request", + "type": "ArrayOfString" } ], "prefix": "snow-device-management", @@ -293082,6 +304778,7 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -293242,7 +304939,6 @@ }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -294210,6 +305906,42 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a WhatsApp message template", + "privilege": "CreateWhatsAppMessageTemplate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "waba*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a WhatsApp message template from Meta's template library", + "privilege": "CreateWhatsAppMessageTemplateFromLibrary", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "waba*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create media for WhatsApp message templates", + "privilege": "CreateWhatsAppMessageTemplateMedia", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "waba*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a media object from WhatsApp", @@ -294222,6 +305954,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a WhatsApp message template", + "privilege": "DeleteWhatsAppMessageTemplate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "waba*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to disassociate a WhatsApp Business Account from your AWS account", @@ -294270,6 +306014,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get details of a WhatsApp message template", + "privilege": "GetWhatsAppMessageTemplate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "waba*" + } + ] + }, { "access_level": "List", "description": "Grants permission to view all of your WhatsApp Business Accounts", @@ -294299,6 +306055,30 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list WhatsApp message templates", + "privilege": "ListWhatsAppMessageTemplates", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "waba*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list available templates from Meta's template library", + "privilege": "ListWhatsAppTemplateLibrary", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "waba*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to upload a media object to WhatsApp", @@ -294385,6 +306165,18 @@ "resource_type": "" } ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a WhatsApp message template", + "privilege": "UpdateWhatsAppMessageTemplate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "waba*" + } + ] } ], "resources": [ @@ -295921,6 +307713,11 @@ "description": "Filters access by the ARN of the instance from which the request originated", "type": "ARN" }, + { + "condition": "ssm:AccessRequestId", + "description": "Filters access by verifying that a user has access to the access request ID specified in the request", + "type": "String" + }, { "condition": "ssm:AutoApprove", "description": "Filters access by verifying that a user has permission to start Change Manager workflows without a review step (with the exception of change freeze events)", @@ -295931,6 +307728,16 @@ "description": "Filters access by verifying that a user has permission to access a document belonging to a specific category enum", "type": "ArrayOfString" }, + { + "condition": "ssm:DocumentType", + "description": "Filters access by verifying that a user has permission to access a document belonging to a specific document type. Only available in \"aws\", \"aws-cn\", and \"aws-us-gov\" partitions", + "type": "String" + }, + { + "condition": "ssm:InventoryTypeName", + "description": "Filters access by verifying that a user also has access to the InventoryType specified in the request", + "type": "ArrayOfString" + }, { "condition": "ssm:Overwrite", "description": "Filters access by controling whether Systems Manager parameters can be overwritten", @@ -295946,6 +307753,11 @@ "description": "Filters access by Systems Manager parameters created in a hierarchical structure", "type": "String" }, + { + "condition": "ssm:SessionDocumentAccessCheck", + "description": "Filters access by verifying that a user has permission to access either the default Session Manager configuration document or the custom configuration document specified in a request", + "type": "Bool" + }, { "condition": "ssm:SourceInstanceARN", "description": "Filters access by verifying the Amazon Resource Name (ARN) of the AWS Systems Manager's managed instance from which the request is made. This key is not present when the request comes from the managed instance authenticated with an IAM role associated with EC2 instance profile", @@ -296183,7 +307995,8 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "ssm:DocumentType" ], "dependent_actions": [], "resource_type": "" @@ -296324,6 +308137,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "document*" + }, + { + "condition_keys": [ + "ssm:DocumentType" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -296449,6 +308269,11 @@ "description": "Grants permission to delete a Systems Manager resource policy", "privilege": "DeleteResourcePolicy", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "document" + }, { "condition_keys": [], "dependent_actions": [], @@ -296655,6 +308480,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "document*" + }, + { + "condition_keys": [ + "ssm:DocumentType" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -296679,6 +308511,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "document*" + }, + { + "condition_keys": [ + "ssm:DocumentType" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -297044,6 +308883,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to return a credentials set to be used with just-in-time node access", + "privilege": "GetAccessToken", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "opsitem*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to view details of a specified Automation execution", @@ -297165,7 +309016,8 @@ }, { "condition_keys": [ - "ssm:DocumentCategories" + "ssm:DocumentCategories", + "ssm:DocumentType" ], "dependent_actions": [], "resource_type": "" @@ -297421,6 +309273,11 @@ "description": "Grants permission to retrieve lists of Systems Manager resource policies", "privilege": "GetResourcePolicies", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "document" + }, { "condition_keys": [], "dependent_actions": [], @@ -297552,6 +309409,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "document*" + }, + { + "condition_keys": [ + "ssm:DocumentType" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -297564,6 +309428,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "document*" + }, + { + "condition_keys": [ + "ssm:DocumentType" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -297769,6 +309640,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "document*" + }, + { + "condition_keys": [ + "ssm:DocumentType" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -297827,7 +309705,9 @@ "privilege": "PutInventory", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "ssm:InventoryTypeName" + ], "dependent_actions": [], "resource_type": "" } @@ -297860,6 +309740,11 @@ "description": "Grants permission to create or update a Systems Manager resource policy", "privilege": "PutResourcePolicy", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "document" + }, { "condition_keys": [], "dependent_actions": [], @@ -298091,6 +309976,31 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to start the workflow for just-in-time node access sessions", + "privilege": "StartAccessRequest", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "instance" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "managed-instance" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to run a specified association manually", @@ -298120,6 +310030,11 @@ "dependent_actions": [], "resource_type": "automation-definition*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "document*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -298140,6 +310055,11 @@ "dependent_actions": [], "resource_type": "automation-definition*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "document*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -298190,8 +310110,10 @@ }, { "condition_keys": [ + "ssm:SessionDocumentAccessCheck", "ssm:resourceTag/${TagKey}", - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "ssm:AccessRequestId" ], "dependent_actions": [], "resource_type": "" @@ -298330,6 +310252,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "document*" + }, + { + "condition_keys": [ + "ssm:DocumentType" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -298342,6 +310271,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "document*" + }, + { + "condition_keys": [ + "ssm:DocumentType" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -298354,6 +310290,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "document*" + }, + { + "condition_keys": [ + "ssm:DocumentType" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -298582,6 +310525,7 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ssm:DocumentCategories", + "ssm:DocumentType", "ssm:resourceTag/${TagKey}" ], "resource": "document" @@ -299300,6 +311244,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to remove GUI Connect connection recording preferences", + "privilege": "DeleteConnectionRecordingPreferences", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get the metadata for a GUI Connect connection", @@ -299312,6 +311268,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get GUI Connect connection recording preferences", + "privilege": "GetConnectionRecordingPreferences", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list the metadata for GUI Connect connections", @@ -299335,6 +311303,18 @@ "resource_type": "" } ] + }, + { + "access_level": "Write", + "description": "Grants permission to update GUI Connect connection recording preferences", + "privilege": "UpdateConnectionRecordingPreferences", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] } ], "resources": [], @@ -300128,7 +312108,7 @@ ] }, { - "access_level": "Write", + "access_level": "Permissions management", "description": "Grants permission to delete the SSM for SAP level resource permissions associated with a SSM for SAP database resource", "privilege": "DeleteResourcePermission", "resource_types": [ @@ -300175,6 +312155,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get the details of a configuration check operation by specifying the operation ID", + "privilege": "GetConfigurationCheckOperation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to access information about a database registered with SSM for SAP by providing the application ID, component ID, and database ID", @@ -300200,7 +312192,7 @@ ] }, { - "access_level": "Read", + "access_level": "Permissions management", "description": "Grants permission to get the SSM for SAP level resource permissions associated with a SSM for SAP database resource", "privilege": "GetResourcePermission", "resource_types": [ @@ -300235,6 +312227,30 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list all configuration check types supported by AWS Systems Manager for SAP", + "privilege": "ListConfigurationCheckDefinitions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list past configuration check operations", + "privilege": "ListConfigurationCheckOperations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to retrieve a list of all databases in the account of customer, or a specific application", @@ -300271,6 +312287,30 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list the sub-check results of a specified configuration check operation", + "privilege": "ListSubCheckResults", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the rules of a specified sub-check belonging to a configuration check operation", + "privilege": "ListSubCheckRuleResults", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to list the tags on a specified resource ARN", @@ -300284,7 +312324,7 @@ ] }, { - "access_level": "Write", + "access_level": "Permissions management", "description": "Grants permission to add the SSM for SAP level resource permissions associated with a SSM for SAP database resource", "privilege": "PutResourcePermission", "resource_types": [ @@ -300346,6 +312386,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to iniitiate configuration check operations against a specified application", + "privilege": "StartConfigurationChecks", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to stop a registered SSM for SAP application", @@ -300537,70 +312589,6 @@ "resources": [], "service_name": "Amazon Message Gateway Service" }, - { - "conditions": [ - { - "condition": "ssm:SourceInstanceARN", - "description": "Filters access by verifying the Amazon Resource Name (ARN) of the AWS Systems Manager's managed instance from which the request is made. This key is not present when the request comes from the managed instance authenticated with an IAM role associated with EC2 instance profile", - "type": "String" - } - ], - "prefix": "ssmmessages", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to register a control channel for an instance to send control messages to Systems Manager service", - "privilege": "CreateControlChannel", - "resource_types": [ - { - "condition_keys": [ - "ssm:SourceInstanceARN" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to register a data channel for an instance to send data messages to Systems Manager service", - "privilege": "CreateDataChannel", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to open a websocket connection for a registered control channel stream from an instance to Systems Manager service", - "privilege": "OpenControlChannel", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to open a websocket connection for a registered data channel stream from an instance to Systems Manager service", - "privilege": "OpenDataChannel", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - } - ], - "resources": [], - "service_name": "Amazon Session Manager Message Gateway Service" - }, { "conditions": [ { @@ -300618,9 +312606,19 @@ "description": "Filters access by the tag keys that are passed in the request", "type": "ArrayOfString" }, + { + "condition": "identitycenter:ApplicationArn", + "description": "Filters access by the ARN of the IAM Identity Center application", + "type": "ARN" + }, + { + "condition": "identitycenter:InstanceArn", + "description": "Filters access by the ARN of the IAM Identity Center instance", + "type": "ARN" + }, { "condition": "sso:ApplicationAccount", - "description": "Filters access by the account which creates the application", + "description": "Filters access by the account which creates the application. This condition key is not supported for customer managed SAML applications", "type": "String" } ], @@ -300634,7 +312632,9 @@ { "condition_keys": [], "dependent_actions": [ - "ds:AuthorizeApplication" + "ds:AuthorizeApplication", + "identitystore:CreateIdentityStore", + "kms:Decrypt" ], "resource_type": "" } @@ -300647,7 +312647,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -300659,7 +312661,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Instance*" }, { @@ -300676,7 +312680,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Instance*" }, { @@ -300693,7 +312699,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Account*" }, { @@ -300715,7 +312723,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "ApplicationProvider*" }, { @@ -300740,7 +312750,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Application*" }, { @@ -300759,7 +312771,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -300771,7 +312785,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -300785,6 +312801,7 @@ "condition_keys": [], "dependent_actions": [ "iam:CreateServiceLinkedRole", + "identitystore:CreateIdentityStore", "organizations:DescribeOrganization" ], "resource_type": "Instance*" @@ -300816,7 +312833,8 @@ "iam:ListAttachedRolePolicies", "iam:ListRolePolicies", "iam:PutRolePolicy", - "iam:UpdateAssumeRolePolicy" + "iam:UpdateAssumeRolePolicy", + "kms:Decrypt" ], "resource_type": "Instance*" } @@ -300829,7 +312847,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -300841,7 +312861,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Instance*" }, { @@ -300866,7 +312888,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -300878,7 +312902,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -300890,7 +312916,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Instance*" }, { @@ -300910,7 +312938,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Account*" }, { @@ -300932,7 +312962,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Application*" }, { @@ -300951,7 +312983,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Application*" }, { @@ -300970,7 +313004,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Application*" }, { @@ -300989,7 +313025,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Application*" }, { @@ -301008,7 +313046,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Application*" }, { @@ -301027,7 +313067,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -301039,7 +313081,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -301051,7 +313095,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Instance*" }, { @@ -301068,7 +313114,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "identitystore:DeleteIdentityStore" + ], "resource_type": "Instance*" } ] @@ -301080,7 +313128,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Instance*" } ] @@ -301092,7 +313142,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -301104,7 +313156,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Instance*" }, { @@ -301121,7 +313175,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Instance*" }, { @@ -301131,18 +313187,6 @@ } ] }, - { - "access_level": "Permissions management", - "description": "Grants permission to delete the permission policy associated with a permission set", - "privilege": "DeletePermissionsPolicy", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, { "access_level": "Write", "description": "Grants permission to delete the profile for an application instance", @@ -301150,7 +313194,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -301162,7 +313208,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "TrustedTokenIssuer*" } ] @@ -301174,7 +313222,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Instance*" } ] @@ -301186,7 +313236,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Instance*" } ] @@ -301198,7 +313250,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Application*" }, { @@ -301217,7 +313271,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Application*" }, { @@ -301241,18 +313297,6 @@ } ] }, - { - "access_level": "Read", - "description": "Grants permission to obtain information about the directories for this account", - "privilege": "DescribeDirectories", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, { "access_level": "Read", "description": "Grants permission to obtain information about an identity center instance", @@ -301272,7 +313316,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Instance*" } ] @@ -301284,7 +313330,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Instance*" }, { @@ -301301,23 +313349,13 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Instance*" } ] }, - { - "access_level": "Read", - "description": "Grants permission to retrieve all the permissions policies associated with a permission set", - "privilege": "DescribePermissionsPolicies", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, { "access_level": "Read", "description": "Grants permission to obtain the regions where your organization has enabled AWS IAM Identity Center", @@ -301337,23 +313375,13 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "TrustedTokenIssuer*" } ] }, - { - "access_level": "Read", - "description": "Grants permission to obtain information about the trust relationships for this account", - "privilege": "DescribeTrusts", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, { "access_level": "Permissions management", "description": "Grants permission to detach a customer managed policy reference from a permission set", @@ -301361,7 +313389,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Instance*" }, { @@ -301378,7 +313408,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Instance*" }, { @@ -301396,7 +313428,9 @@ { "condition_keys": [], "dependent_actions": [ - "ds:UnauthorizeApplication" + "ds:UnauthorizeApplication", + "identitystore:DeleteIdentityStore", + "kms:Decrypt" ], "resource_type": "" } @@ -301409,7 +313443,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -301421,7 +313457,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Application*" }, { @@ -301440,7 +313478,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Application*" }, { @@ -301459,7 +313499,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Application*" }, { @@ -301478,7 +313520,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Application*" }, { @@ -301497,6 +313541,29 @@ "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "kms:Decrypt" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get session configuration for an application", + "privilege": "GetApplicationSessionConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "kms:Decrypt" + ], + "resource_type": "Application*" + }, + { + "condition_keys": [ + "sso:ApplicationAccount" + ], "dependent_actions": [], "resource_type": "" } @@ -301521,7 +313588,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Instance*" }, { @@ -301538,7 +313607,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -301550,7 +313621,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -301562,7 +313635,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -301574,7 +313649,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Instance*" }, { @@ -301584,20 +313661,6 @@ } ] }, - { - "access_level": "Read", - "description": "Grants permission to retrieve all permission policies associated with a permission set", - "privilege": "GetPermissionsPolicy", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "sso:DescribePermissionsPolicies" - ], - "resource_type": "" - } - ] - }, { "access_level": "Read", "description": "Grants permission to retrieve a profile for an application instance", @@ -301605,7 +313668,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -301629,7 +313694,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -301641,7 +313708,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -301653,7 +313722,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -301665,7 +313736,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -301677,7 +313750,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Instance*" } ] @@ -301689,7 +313764,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Instance*" } ] @@ -301701,7 +313778,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Account*" }, { @@ -301723,7 +313802,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Instance*" } ] @@ -301735,7 +313816,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Instance*" }, { @@ -301752,7 +313835,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Application*" }, { @@ -301771,7 +313856,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Application*" }, { @@ -301790,7 +313877,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Instance*" }, { @@ -301809,7 +313898,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Application*" }, { @@ -301828,7 +313919,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Application*" }, { @@ -301847,7 +313940,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -301860,6 +313955,7 @@ { "condition_keys": [], "dependent_actions": [ + "kms:Decrypt", "sso:GetApplicationInstance" ], "resource_type": "" @@ -301899,7 +313995,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -301911,7 +314009,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Instance*" }, { @@ -301928,7 +314028,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -301952,7 +314054,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Instance*" }, { @@ -301969,7 +314073,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Instance*" } ] @@ -301981,7 +314087,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Instance*" } ] @@ -301993,7 +314101,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Account*" }, { @@ -302010,7 +314120,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -302023,6 +314135,7 @@ { "condition_keys": [], "dependent_actions": [ + "kms:Decrypt", "sso:GetProfile" ], "resource_type": "" @@ -302036,7 +314149,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Application" }, { @@ -302063,7 +314178,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Instance*" } ] @@ -302075,7 +314192,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Account*" }, { @@ -302097,7 +314216,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Application*" }, { @@ -302116,7 +314237,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Application*" }, { @@ -302135,7 +314258,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Application*" }, { @@ -302154,7 +314279,30 @@ "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "kms:Decrypt" + ], + "resource_type": "Application*" + }, + { + "condition_keys": [ + "sso:ApplicationAccount" + ], "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to put session configuration for an application", + "privilege": "PutApplicationSessionConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Application*" }, { @@ -302173,7 +314321,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Instance*" }, { @@ -302190,7 +314340,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -302202,7 +314354,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Instance*" }, { @@ -302219,7 +314373,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -302232,7 +314388,8 @@ { "condition_keys": [], "dependent_actions": [ - "ds:DescribeDirectories" + "ds:DescribeDirectories", + "kms:Decrypt" ], "resource_type": "" } @@ -302246,7 +314403,8 @@ { "condition_keys": [], "dependent_actions": [ - "ds:DescribeDirectories" + "ds:DescribeDirectories", + "kms:Decrypt" ], "resource_type": "" } @@ -302260,6 +314418,10 @@ { "condition_keys": [], "dependent_actions": [ + "kms:Decrypt", + "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKeyWithoutPlaintext", "organizations:DescribeOrganization", "organizations:EnableAWSServiceAccess" ], @@ -302274,7 +314436,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Application" }, { @@ -302309,7 +314473,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Application" }, { @@ -302343,7 +314509,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Application*" }, { @@ -302362,7 +314530,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -302374,7 +314544,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -302386,7 +314558,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -302398,7 +314572,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -302410,7 +314586,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -302422,7 +314600,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -302434,19 +314614,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update the user attribute mappings for your connected directory", - "privilege": "UpdateDirectoryAssociation", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -302458,7 +314628,13 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "identitystore:UpdateIdentityStore", + "kms:Decrypt", + "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKeyWithoutPlaintext" + ], "resource_type": "Instance*" } ] @@ -302470,7 +314646,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Instance*" } ] @@ -302482,7 +314660,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -302494,7 +314674,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Instance*" }, { @@ -302511,7 +314693,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -302523,7 +314707,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -302535,7 +314721,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -302547,7 +314735,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "TrustedTokenIssuer*" } ] @@ -302594,7 +314784,7 @@ "resource": "ApplicationProvider" } ], - "service_name": "AWS IAM Identity Center (successor to AWS Single Sign-On)" + "service_name": "AWS IAM Identity Center" }, { "conditions": [], @@ -302607,7 +314797,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -302655,7 +314847,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -302679,7 +314873,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -302691,7 +314887,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -302703,7 +314901,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -302715,7 +314915,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -302751,7 +314953,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -302775,7 +314979,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -302787,7 +314993,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -302811,7 +315019,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -302823,7 +315033,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -302835,7 +315047,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -302847,7 +315061,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -302859,7 +315075,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -302871,7 +315089,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -302895,7 +315115,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -302919,7 +315141,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -302943,7 +315167,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -302955,7 +315181,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -302991,7 +315219,23 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to check if a member is a part of multiple groups in the directory that AWS IAM Identity Center provides by default", + "privilege": "IsMemberInGroups", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -303003,7 +315247,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -303039,7 +315285,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -303051,7 +315299,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -303063,7 +315313,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -303075,7 +315327,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -303099,7 +315353,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -303111,7 +315367,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -303123,7 +315381,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -303135,7 +315395,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -303147,7 +315409,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -303195,7 +315459,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -303207,7 +315473,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -303231,7 +315499,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -303243,7 +315513,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -303255,7 +315527,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "" } ] @@ -303274,7 +315548,7 @@ } ], "resources": [], - "service_name": "AWS IAM Identity Center (successor to AWS Single Sign-On) directory" + "service_name": "AWS IAM Identity Center directory" }, { "conditions": [], @@ -303282,12 +315556,42 @@ "privileges": [ { "access_level": "Write", - "description": "Grants permission to create OAuth/OIDC tokens to access IAM Identity Center integrated applications", + "description": "Grants permission to create and return OAuth 2.0 access tokens and refresh tokens for authorized client applications. These tokens might contain defined scopes that specify permissions such as `read:profile` or `write:data`", "privilege": "CreateTokenWithIAM", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "kms:Decrypt" + ], + "resource_type": "Application*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to validate and retrieve information about active OAuth 2.0 access tokens and refresh tokens, including their associated scopes and permissions. This permission is used only by AWS managed applications and is not documented in the IAM Identity Center OIDC API Reference", + "privilege": "IntrospectTokenWithIAM", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "kms:Decrypt" + ], + "resource_type": "Application*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to revoke OAuth 2.0 access tokens and refresh tokens, invalidating them before their normal expiration. This permission is used only by AWS managed applications and is not documented in the IAM Identity Center OIDC API Reference", + "privilege": "RevokeTokenWithIAM", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "kms:Decrypt" + ], "resource_type": "Application*" } ] @@ -303977,12 +316281,16 @@ }, { "arn": "arn:${Partition}:states:${Region}:${Account}:stateMachine:${StateMachineName}:${StateMachineVersionId}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "statemachineversion" }, { "arn": "arn:${Partition}:states:${Region}:${Account}:stateMachine:${StateMachineName}:${StateMachineAliasName}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "statemachinealias" }, { @@ -304060,6 +316368,11 @@ "dependent_actions": [], "resource_type": "cache-report" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "fs-association" + }, { "condition_keys": [], "dependent_actions": [], @@ -304075,6 +316388,11 @@ "dependent_actions": [], "resource_type": "tape" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "tapepool" + }, { "condition_keys": [], "dependent_actions": [], @@ -304850,6 +317168,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to clean a share's cache of file entries that are failing upload to Amazon S3", + "privilege": "EvictFilesFailingUpload", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "share*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to enable you to join an Active Directory Domain", @@ -305055,6 +317385,11 @@ "dependent_actions": [], "resource_type": "cache-report" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "fs-association" + }, { "condition_keys": [], "dependent_actions": [], @@ -305070,6 +317405,11 @@ "dependent_actions": [], "resource_type": "tape" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "tapepool" + }, { "condition_keys": [], "dependent_actions": [], @@ -305710,6 +318050,11 @@ "description": "Filters access by the unique identifier required when you assume a role in another account", "type": "String" }, + { + "condition": "sts:IdentityTokenAudience", + "description": "Filters access by the audience that is passed in the request", + "type": "String" + }, { "condition": "sts:RequestContext/${ContextKey}", "description": "Filters access by the session context key-value pairs embedded in the signed context assertion retrieved from a trusted context provider", @@ -305725,6 +318070,11 @@ "description": "Filters access by the role session name required when you assume a role", "type": "String" }, + { + "condition": "sts:SigningAlgorithm", + "description": "Filters access by the signing algorithm that is passed in the request", + "type": "String" + }, { "condition": "sts:SourceIdentity", "description": "Filters access by the source identity that is passed in the request", @@ -305933,11 +318283,28 @@ } ] }, + { + "access_level": "Write", + "description": "Returns temporary security credentials for accessing an AWS account after temporary delegation request approval. This API requires the tradeInToken provided upon request delegation approval and is intended to be used only by Amazon or AWS Partners", + "privilege": "GetDelegatedAccessToken", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to obtain a set of temporary security credentials (consisting of an access key ID, a secret access key, and a security token) for a federated user", "privilege": "GetFederationToken", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "federated-user" + }, { "condition_keys": [], "dependent_actions": [], @@ -305980,6 +318347,24 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to obtain a short-lived, publicly verifiable JSON Web Token (JWT) that represents the calling IAM principal's identity", + "privilege": "GetWebIdentityToken", + "resource_types": [ + { + "condition_keys": [ + "sts:DurationSeconds", + "sts:IdentityTokenAudience", + "sts:SigningAlgorithm", + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to set context keys on a STS session", @@ -306029,6 +318414,21 @@ } ] }, + { + "access_level": "Tagging", + "description": "Grants permission to add tags to the JSON Web Token (JWT) generated by the GetWebIdentityToken API", + "privilege": "TagGetWebIdentityToken", + "resource_types": [ + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Tagging", "description": "Grants permission to add tags to a STS session", @@ -306080,6 +318480,16 @@ "arn": "arn:${Partition}:sts::${Account}:self", "condition_keys": [], "resource": "self-session" + }, + { + "arn": "arn:${Partition}:iam::aws:contextProvider/${ContextProviderName}", + "condition_keys": [], + "resource": "context-provider" + }, + { + "arn": "arn:${Partition}:sts::${Account}:federated-user/${FederatedUserName}", + "condition_keys": [], + "resource": "federated-user" } ], "service_name": "AWS Security Token Service" @@ -306148,6 +318558,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to describe the available options for a single AWS Support case. This is an internally managed function", + "privilege": "DescribeCaseOptions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to list AWS Support cases that matches the given inputs", @@ -306304,6 +318726,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve personalized troubleshooting assistance for account and technical issues for a specific interaction", + "privilege": "GetInteraction", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to initiate a call on AWS Support Center. This is an internally managed function", @@ -306328,6 +318762,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to initiate a live contact on AWS Support Center. This is an internally managed function", + "privilege": "InitiateLiveContactForCase", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to allow secondary services to attach attributes to AWS Support cases. This is an internally managed function", @@ -306387,11 +318833,211 @@ "resource_type": "" } ] + }, + { + "access_level": "Write", + "description": "Grants permission to start a specific interaction to receive personalized troubleshooting assistance for account and technical issues", + "privilege": "StartInteraction", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the severity for a single AWS Support case. This is an internally managed function", + "privilege": "UpdateCaseSeverity", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a specific interaction to receive personalized troubleshooting assistance for account and technical issues", + "privilege": "UpdateInteraction", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] } ], "resources": [], "service_name": "AWS Support" }, + { + "conditions": [], + "prefix": "support-console", + "privileges": [ + { + "access_level": "Read", + "description": "Grants permission to check whether the account has access to given product", + "privilege": "CheckSubscription", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create or update case draft for the given case type", + "privilege": "CreateCaseDraft", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an authenticated contact for the given contact type", + "privilege": "CreateContact", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a case draft for the given case type", + "privilege": "DeleteCaseDraft", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get dynamic help resources for given service and category", + "privilege": "DescribeDynamicHelp", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to determines whether the calling account is GovCloud enabled", + "privilege": "GetAccountGovCloudEnabled", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the state of the calling account", + "privilege": "GetAccountState", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the support banner information", + "privilege": "GetBanner", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a case draft for given case type", + "privilege": "GetCaseDraft", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get classification predictions of an issue", + "privilege": "GetIssueClassificationPredictions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a generated text summary of an issue", + "privilege": "GetIssueTextSummary", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a feedback questionnaire", + "privilege": "GetQuestionnaire", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to save questionnaire feedback", + "privilege": "SaveFeedback", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + } + ], + "resources": [], + "service_name": "AWS Support Console" + }, { "conditions": [], "prefix": "supportapp", @@ -306624,38 +319270,6 @@ "resources": [], "service_name": "AWS Support Plans" }, - { - "conditions": [], - "prefix": "supportrecommendations", - "privileges": [ - { - "access_level": "Read", - "description": "Grants permission to the GetSupportTroubleshootingResponse API which lists troubleshooting responses for users' issues", - "privilege": "GetSupportTroubleshootingResponse", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to the StartSupportTroubleshooting API which starts troubleshooting for users' issues", - "privilege": "StartSupportTroubleshooting", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - } - ], - "resources": [], - "service_name": "AWS Support Recommendations" - }, { "conditions": [], "prefix": "sustainability", @@ -307918,6 +320532,26 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to start a canary dry run, so that Amazon CloudWatch Synthetics can execute a test execution of a canary with provided parameters", + "privilege": "StartCanaryDryRun", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "canary*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to stop a canary", @@ -308159,6 +320793,30 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to cancel documents such as withholding slips", + "privilege": "CancelDocument", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to upload new documents such as withholding slips", + "privilege": "CreateDocument", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete supplemental tax registration data", @@ -308183,6 +320841,30 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve documents such as withholding slips", + "privilege": "GetDocument", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a generated URL to upload documents", + "privilege": "GetDocumentUploadUrl", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to view tax exemptions data", @@ -308255,6 +320937,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to view documents such as withholding slips", + "privilege": "ListDocuments", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to view supplemental tax registrations", @@ -308279,6 +320973,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to view eligible withholding invoices", + "privilege": "ListWithholdingEligibleInvoices", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update supplemental tax registrations data", @@ -308772,6 +321478,7 @@ ], "dependent_actions": [ "appstream:DescribeStacks", + "iam:CreateServiceLinkedRole", "workspaces-web:GetPortal", "workspaces-web:GetUserSettings", "workspaces:DescribeWorkspaceDirectories" @@ -310878,7 +323585,7 @@ }, { "condition": "transcribe:OutputEncryptionKMSKeyId", - "description": "Filters access based on the KMS key id included in the request", + "description": "Filters access based on the KMS key id included in the request, provided in the form of a KMS key ARN", "type": "String" }, { @@ -310902,6 +323609,7 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -310917,6 +323625,7 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [ @@ -310935,6 +323644,7 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [ @@ -310952,6 +323662,7 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [ @@ -310969,6 +323680,7 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [ @@ -311379,6 +324091,7 @@ "transcribe:OutputBucketName", "transcribe:OutputEncryptionKMSKeyId", "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [ @@ -311435,6 +324148,7 @@ "transcribe:OutputEncryptionKMSKeyId", "transcribe:OutputKey", "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [ @@ -311479,6 +324193,7 @@ "transcribe:OutputEncryptionKMSKeyId", "transcribe:OutputKey", "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [ @@ -311496,6 +324211,10 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "transcribe:OutputBucketName", + "transcribe:OutputEncryptionKMSKeyId", + "transcribe:OutputKey", "aws:TagKeys" ], "dependent_actions": [], @@ -311616,7 +324335,7 @@ "resource": "medicalvocabulary" }, { - "arn": "arn:${Partition}:transcribe:${Region}:${Account}:analytics-job/${JobName}", + "arn": "arn:${Partition}:transcribe:${Region}:${Account}:analytics/${JobName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], @@ -311655,6 +324374,26 @@ "condition": "aws:TagKeys", "description": "Filters access by the tag keys that are passed in the request", "type": "ArrayOfString" + }, + { + "condition": "transfer:RequestConnectorProtocol", + "description": "Filters access by the connector protocol that is passed in the request", + "type": "String" + }, + { + "condition": "transfer:RequestServerDomain", + "description": "Filters access by the storage domain that is passed in the request", + "type": "String" + }, + { + "condition": "transfer:RequestServerEndpointType", + "description": "Filters access by the endpoint type that is passed in the request", + "type": "String" + }, + { + "condition": "transfer:RequestServerProtocols", + "description": "Filters access by the server protocols that are passed in the request", + "type": "ArrayOfString" } ], "prefix": "transfer", @@ -311688,7 +324427,8 @@ { "condition_keys": [ "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -311703,7 +324443,9 @@ { "condition_keys": [ "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "transfer:RequestConnectorProtocol" ], "dependent_actions": [ "iam:PassRole" @@ -311720,7 +324462,8 @@ { "condition_keys": [ "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -311735,7 +324478,11 @@ { "condition_keys": [ "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "transfer:RequestServerEndpointType", + "transfer:RequestServerDomain", + "transfer:RequestServerProtocols" ], "dependent_actions": [ "iam:PassRole" @@ -311759,7 +324506,8 @@ { "condition_keys": [ "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -311774,7 +324522,8 @@ { "condition_keys": [ "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [ "iam:PassRole" @@ -311791,7 +324540,8 @@ { "condition_keys": [ "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -312106,7 +324856,8 @@ { "condition_keys": [ "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -312126,7 +324877,8 @@ { "condition_keys": [ "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -312384,6 +325136,30 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to initiate a connector delete operation on remote server", + "privilege": "StartRemoteDelete", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connector*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to initiate a connector move operation on remote server", + "privilege": "StartRemoteMove", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connector*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to start a server", @@ -312640,6 +325416,14 @@ "iam:PassRole" ], "resource_type": "server*" + }, + { + "condition_keys": [ + "transfer:RequestServerEndpointType", + "transfer:RequestServerProtocols" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -312753,6 +325537,195 @@ ], "service_name": "AWS Transfer Family" }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "transform", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to invoke AssociateConnectorResource on AWS Transform", + "privilege": "AssociateConnectorResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connector*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to invoke CreateProfile on AWS Transform", + "privilege": "CreateProfile", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "profile*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to invoke DeleteConnector on AWS Transform", + "privilege": "DeleteConnector", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connector*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to invoke DeleteProfile on AWS Transform", + "privilege": "DeleteProfile", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "profile*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to invoke GetConnector on AWS Transform", + "privilege": "GetConnector", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connector*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to invoke ListConnectors on AWS Transform", + "privilege": "ListConnectors", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to invoke ListProfiles on AWS Transform", + "privilege": "ListProfiles", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to invoke ListTagsForResource on AWS Transform", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connector*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to invoke RejectConnector on AWS Transform", + "privilege": "RejectConnector", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connector*" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to invoke TagResource on AWS Transform", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connector*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to invoke UntagResource on AWS Transform", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connector*" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to invoke UpdateProfile on AWS Transform", + "privilege": "UpdateProfile", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "profile*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:transform:${Region}:${Account}:profile/${Identifier}", + "condition_keys": [], + "resource": "profile" + }, + { + "arn": "arn:${Partition}:transform:${Region}:${Account}:connector/${WorkspaceId}/${ConnectorId}", + "condition_keys": [], + "resource": "connector" + } + ], + "service_name": "AWS Transform" + }, { "conditions": [ { @@ -313009,6 +325982,11 @@ "description": "Grants permission to translate text from a source language to a target language", "privilege": "TranslateText", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "parallel-data" + }, { "condition_keys": [], "dependent_actions": [], @@ -313883,7 +326861,13 @@ "service_name": "AWS Diagnostic tools" }, { - "conditions": [], + "conditions": [ + { + "condition": "user-subscriptions:CreateForSelf", + "description": "Filters access by only allowing creation of User subscription Claims for the caller", + "type": "Bool" + } + ], "prefix": "user-subscriptions", "privileges": [ { @@ -313892,7 +326876,9 @@ "privilege": "CreateClaim", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "user-subscriptions:CreateForSelf" + ], "dependent_actions": [], "resource_type": "" } @@ -313946,6 +326932,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to set a User subscription overage configuration", + "privilege": "SetOverageConfig", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update a User subscription Claim", @@ -313962,6 +326960,50 @@ "resources": [], "service_name": "AWS User Subscriptions" }, + { + "conditions": [], + "prefix": "uxc", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to delete the color associated with the account", + "privilege": "DeleteAccountColor", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the color associated with the account", + "privilege": "GetAccountColor", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to sets the color associated with an account", + "privilege": "PutAccountColor", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + } + ], + "resources": [], + "service_name": "AWS Service for managing AWS Management Console user experience capabilities." + }, { "conditions": [ { @@ -314460,7 +327502,23 @@ "service_name": "AWS Verified Access" }, { - "conditions": [], + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by a tag key and value pair that is allowed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by a tag key and value pair of a resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by a list of tag keys that are allowed in the request", + "type": "ArrayOfString" + } + ], "prefix": "verifiedpermissions", "privileges": [ { @@ -314493,7 +327551,11 @@ "privilege": "CreatePolicyStore", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -314590,7 +327652,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "verifiedpermissions:ListTagsForResource" + ], "resource_type": "policy-store*" } ] @@ -314691,6 +327755,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to view a list of resource tags for the specified policy store", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "policy-store*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create or update the policy schema in the specified policy store", @@ -314703,6 +327779,45 @@ } ] }, + { + "access_level": "Tagging", + "description": "Grants permission to add tags to the specified policy store", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "policy-store*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to remove tags from the specified policy store", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "policy-store*" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update the specified identity source to use a new identity provider (IdP) source, or to change the mapping of identities from the IdP to a different principal entity type", @@ -314755,7 +327870,9 @@ "resources": [ { "arn": "arn:${Partition}:verifiedpermissions::${Account}:policy-store/${PolicyStoreId}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "policy-store" } ], @@ -315205,6 +328322,21 @@ "description": "Filters access by the auth type specified in the request", "type": "String" }, + { + "condition": "vpc-lattice:DomainName", + "description": "Filters access by the domain name", + "type": "String" + }, + { + "condition": "vpc-lattice:PrivateDnsPreference", + "description": "Filters access by the private dns preference", + "type": "String" + }, + { + "condition": "vpc-lattice:PrivateDnsSpecifiedDomains", + "description": "Filters access by the private dns domains", + "type": "ArrayOfString" + }, { "condition": "vpc-lattice:Protocol", "description": "Filters access by the protocol specified in the request", @@ -315248,6 +328380,18 @@ ], "prefix": "vpc-lattice", "privileges": [ + { + "access_level": "Permissions management", + "description": "Grants permission to associate a resource configuration through any AWS service managed networks", + "privilege": "AssociateViaAWSService", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Permissions management", "description": "Grants permission to associate a resource configuration through Amazon EventBridge and AWS Step Functions service networks", @@ -315325,6 +328469,11 @@ "description": "Grants permission to create a resource configuration", "privilege": "CreateResourceConfiguration", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "DomainVerification" + }, { "condition_keys": [], "dependent_actions": [], @@ -315522,6 +328671,8 @@ "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", + "vpc-lattice:PrivateDnsPreference", + "vpc-lattice:PrivateDnsSpecifiedDomains", "vpc-lattice:SecurityGroupIds", "vpc-lattice:ServiceNetworkArn", "vpc-lattice:VpcId" @@ -315605,6 +328756,25 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a domain verification", + "privilege": "DeleteDomainVerification", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "DomainVerification*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a listener", @@ -315890,6 +329060,25 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get information about a domain verification", + "privilege": "GetDomainVerification", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "DomainVerification*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get information about a listener", @@ -316118,6 +329307,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list some or all domain verifications", + "privilege": "ListDomainVerifications", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list some or all listeners", @@ -316346,6 +329547,27 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to start a domain verification", + "privilege": "StartDomainVerification", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "DomainVerification*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "vpc-lattice:DomainName" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Tagging", "description": "Grants permission to tag a vpc-lattice resource", @@ -316356,6 +329578,11 @@ "dependent_actions": [], "resource_type": "AccessLogSubscription" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "DomainVerification" + }, { "condition_keys": [], "dependent_actions": [], @@ -316432,6 +329659,11 @@ "dependent_actions": [], "resource_type": "AccessLogSubscription" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "DomainVerification" + }, { "condition_keys": [], "dependent_actions": [], @@ -316693,6 +329925,16 @@ ], "resource": "AccessLogSubscription" }, + { + "arn": "arn:${Partition}:vpc-lattice:${Region}:${Account}:domainverification/${DomainVerificationId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "vpc-lattice:DomainName" + ], + "resource": "DomainVerification" + }, { "arn": "arn:${Partition}:vpc-lattice:${Region}:${Account}:service/${ServiceId}/listener/${ListenerId}", "condition_keys": [ @@ -316792,6 +330034,8 @@ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", + "vpc-lattice:PrivateDnsPreference", + "vpc-lattice:PrivateDnsSpecifiedDomains", "vpc-lattice:SecurityGroupIds", "vpc-lattice:ServiceNetworkArn", "vpc-lattice:VpcId" @@ -316828,6 +330072,11 @@ "description": "Filters access by the method of the request", "type": "String" }, + { + "condition": "vpc-lattice-svcs:RequestPath", + "description": "Filters access by the path portion of the request URL", + "type": "String" + }, { "condition": "vpc-lattice-svcs:RequestQueryString/${QueryStringKey}", "description": "Filters access by the query string key-value pairs in the request URL", @@ -316896,6 +330145,8 @@ "vpc-lattice-svcs:ServiceArn", "vpc-lattice-svcs:SourceVpc", "vpc-lattice-svcs:SourceVpcOwnerAccount", + "vpc-lattice-svcs:RequestMethod", + "vpc-lattice-svcs:RequestPath", "vpc-lattice-svcs:RequestHeader/${HeaderName}", "vpc-lattice-svcs:RequestQueryString/${QueryStringKey}" ], @@ -319261,15 +332512,23 @@ { "condition_keys": [], "dependent_actions": [ + "amplify:AssociateWebACL", "apigateway:SetWebACL", "apprunner:AssociateWebAcl", "appsync:SetWebACL", "cognito-idp:AssociateWebACL", "ec2:AssociateVerifiedAccessInstanceWebAcl", - "elasticloadbalancing:SetWebAcl" + "elasticloadbalancing:SetWebAcl", + "wafv2:GetPermissionPolicy", + "wafv2:PutPermissionPolicy" ], "resource_type": "webacl*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "amplify-app" + }, { "condition_keys": [], "dependent_actions": [], @@ -319333,7 +332592,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "wafv2:TagResource" + ], "resource_type": "ipset*" }, { @@ -319353,7 +332614,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "wafv2:TagResource" + ], "resource_type": "regexpatternset*" }, { @@ -319373,7 +332636,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "wafv2:TagResource" + ], "resource_type": "rulegroup*" }, { @@ -319403,7 +332668,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "wafv2:TagResource" + ], "resource_type": "webacl*" }, { @@ -319595,13 +332862,20 @@ { "condition_keys": [], "dependent_actions": [ + "amplify:DisassociateWebACL", "apigateway:SetWebACL", "apprunner:DisassociateWebAcl", "appsync:SetWebACL", "cognito-idp:DisassociateWebACL", "ec2:DisassociateVerifiedAccessInstanceWebAcl", - "elasticloadbalancing:SetWebAcl" + "elasticloadbalancing:SetWebAcl", + "wafv2:PutPermissionPolicy" ], + "resource_type": "amplify-app" + }, + { + "condition_keys": [], + "dependent_actions": [], "resource_type": "apigateway" }, { @@ -319826,6 +333100,7 @@ { "condition_keys": [], "dependent_actions": [ + "amplify:GetWebACLForResource", "apprunner:DescribeWebAclForService", "cognito-idp:GetWebACLForResource", "ec2:GetVerifiedAccessInstanceWebAcl", @@ -319833,6 +333108,11 @@ ], "resource_type": "webacl*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "amplify-app" + }, { "condition_keys": [], "dependent_actions": [], @@ -319971,12 +333251,18 @@ { "condition_keys": [], "dependent_actions": [ + "amplify:ListResourcesForWebACL", "apprunner:ListAssociatedServicesForWebAcl", "cognito-idp:ListResourcesForWebACL", "ec2:DescribeVerifiedAccessInstanceWebAclAssociations" ], "resource_type": "webacl*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "amplify-app" + }, { "condition_keys": [], "dependent_actions": [], @@ -320367,6 +333653,11 @@ "arn": "arn:${Partition}:ec2:${Region}:${Account}:verified-access-instance/${VerifiedAccessInstanceId}", "condition_keys": [], "resource": "verified-access-instance" + }, + { + "arn": "arn:${Partition}:amplify:${Region}:${Account}:apps/${AppId}", + "condition_keys": [], + "resource": "amplify-app" } ], "service_name": "AWS WAF V2" @@ -321928,508 +335219,6 @@ ], "service_name": "AWS Wickr" }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the tags that are passed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on the tags associated with the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters actions based on the tag keys that are passed in the request", - "type": "String" - } - ], - "prefix": "wisdom", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to create an assistant", - "privilege": "CreateAssistant", - "resource_types": [ - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create an association between an assistant and another resource", - "privilege": "CreateAssistantAssociation", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Assistant*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create content", - "privilege": "CreateContent", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "KnowledgeBase*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a knowledge base", - "privilege": "CreateKnowledgeBase", - "resource_types": [ - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a session", - "privilege": "CreateSession", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Assistant*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete an assistant", - "privilege": "DeleteAssistant", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Assistant*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete an assistant association", - "privilege": "DeleteAssistantAssociation", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Assistant*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "AssistantAssociation*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete content", - "privilege": "DeleteContent", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Content*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "KnowledgeBase*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a knowledge base", - "privilege": "DeleteKnowledgeBase", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "KnowledgeBase*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve information about an assistant", - "privilege": "GetAssistant", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Assistant*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve information about an assistant association", - "privilege": "GetAssistantAssociation", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Assistant*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "AssistantAssociation*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve content, including a pre-signed URL to download the content", - "privilege": "GetContent", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Content*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "KnowledgeBase*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve summary information about the content", - "privilege": "GetContentSummary", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Content*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "KnowledgeBase*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve information about the knowledge base", - "privilege": "GetKnowledgeBase", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "KnowledgeBase*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve recommendations for the specified session", - "privilege": "GetRecommendations", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Assistant*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve information for a specified session", - "privilege": "GetSession", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Assistant*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Session*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list information about assistant associations", - "privilege": "ListAssistantAssociations", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Assistant*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list information about assistants", - "privilege": "ListAssistants", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list the content with a knowledge base", - "privilege": "ListContents", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "KnowledgeBase*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list information about knowledge bases", - "privilege": "ListKnowledgeBases", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list the tags for the specified resource", - "privilege": "ListTagsForResource", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to remove the specified recommendations from the specified assistant's queue of newly available recommendations", - "privilege": "NotifyRecommendationsReceived", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Assistant*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to perform a manual search against the specified assistant", - "privilege": "QueryAssistant", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Assistant*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to remove a URI template from a knowledge base", - "privilege": "RemoveKnowledgeBaseTemplateUri", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "KnowledgeBase*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to search for content referencing a specified knowledge base. Can be used to get a specific content resource by its name", - "privilege": "SearchContent", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "KnowledgeBase*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to search for sessions referencing a specified assistant. Can be used to et a specific session resource by its name", - "privilege": "SearchSessions", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Assistant*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to get a URL to upload content to a knowledge base", - "privilege": "StartContentUpload", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "KnowledgeBase*" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to add the specified tags to the specified resource", - "privilege": "TagResource", - "resource_types": [ - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to remove the specified tags from the specified resource", - "privilege": "UntagResource", - "resource_types": [ - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update information about the content", - "privilege": "UpdateContent", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Content*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "KnowledgeBase*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update the template URI of a knowledge base", - "privilege": "UpdateKnowledgeBaseTemplateUri", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "KnowledgeBase*" - } - ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:wisdom:${Region}:${Account}:assistant/${AssistantId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Assistant" - }, - { - "arn": "arn:${Partition}:wisdom:${Region}:${Account}:association/${AssistantId}/${AssistantAssociationId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "AssistantAssociation" - }, - { - "arn": "arn:${Partition}:wisdom:${Region}:${Account}:content/${KnowledgeBaseId}/${ContentId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Content" - }, - { - "arn": "arn:${Partition}:wisdom:${Region}:${Account}:knowledge-base/${KnowledgeBaseId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "KnowledgeBase" - }, - { - "arn": "arn:${Partition}:wisdom:${Region}:${Account}:session/${AssistantId}/${SessionId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Session" - } - ], - "service_name": "Amazon Connect Wisdom" - }, { "conditions": [ { @@ -322499,11 +335288,6 @@ "description": "Grants permission to create an ai agent", "privilege": "CreateAIAgent", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Assistant*" - }, { "condition_keys": [ "aws:TagKeys", @@ -322524,11 +335308,6 @@ "dependent_actions": [], "resource_type": "AIAgent*" }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Assistant*" - }, { "condition_keys": [ "aws:TagKeys", @@ -322544,11 +335323,6 @@ "description": "Grants permission to create an ai guardrail", "privilege": "CreateAIGuardrail", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Assistant*" - }, { "condition_keys": [ "aws:TagKeys", @@ -322569,11 +335343,6 @@ "dependent_actions": [], "resource_type": "AIGuardrail*" }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Assistant*" - }, { "condition_keys": [ "aws:TagKeys", @@ -322589,11 +335358,6 @@ "description": "Grants permission to create an ai prompt", "privilege": "CreateAIPrompt", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Assistant*" - }, { "condition_keys": [ "aws:TagKeys", @@ -322614,11 +335378,6 @@ "dependent_actions": [], "resource_type": "AIPrompt*" }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Assistant*" - }, { "condition_keys": [ "aws:TagKeys", @@ -322649,11 +335408,6 @@ "description": "Grants permission to create an association between an assistant and another resource", "privilege": "CreateAssistantAssociation", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Assistant*" - }, { "condition_keys": [ "aws:TagKeys", @@ -322834,11 +335588,6 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "AIAgent*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Assistant*" } ] }, @@ -322851,11 +335600,6 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "AIAgent*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Assistant*" } ] }, @@ -322868,11 +335612,6 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "AIGuardrail*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Assistant*" } ] }, @@ -322885,11 +335624,6 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "AIGuardrail*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Assistant*" } ] }, @@ -322902,11 +335636,6 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "AIPrompt*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Assistant*" } ] }, @@ -322919,11 +335648,6 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "AIPrompt*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Assistant*" } ] }, @@ -322944,11 +335668,6 @@ "description": "Grants permission to delete an assistant association", "privilege": "DeleteAssistantAssociation", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Assistant*" - }, { "condition_keys": [], "dependent_actions": [], @@ -323079,11 +335798,6 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "AIAgent*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Assistant*" } ] }, @@ -323096,11 +335810,6 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "AIGuardrail*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Assistant*" } ] }, @@ -323113,11 +335822,6 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "AIPrompt*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Assistant*" } ] }, @@ -323138,11 +335842,6 @@ "description": "Grants permission to retrieve information about an assistant association", "privilege": "GetAssistantAssociation", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Assistant*" - }, { "condition_keys": [], "dependent_actions": [], @@ -323259,11 +335958,6 @@ "description": "Grants permission to retrieve for next message in a session", "privilege": "GetNextMessage", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Assistant*" - }, { "condition_keys": [], "dependent_actions": [], @@ -323296,7 +335990,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Assistant*" + "resource_type": "Session*" } ] }, @@ -323305,11 +335999,6 @@ "description": "Grants permission to retrieve information for a specified session", "privilege": "GetSession", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Assistant*" - }, { "condition_keys": [], "dependent_actions": [], @@ -323326,11 +336015,6 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "AIAgent*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Assistant*" } ] }, @@ -323342,7 +336026,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Assistant*" + "resource_type": "" } ] }, @@ -323355,11 +336039,6 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "AIGuardrail*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Assistant*" } ] }, @@ -323371,7 +336050,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Assistant*" + "resource_type": "" } ] }, @@ -323384,11 +336063,6 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "AIPrompt*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Assistant*" } ] }, @@ -323400,7 +336074,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Assistant*" + "resource_type": "" } ] }, @@ -323515,11 +336189,6 @@ "description": "Grants permission to list messages in a session", "privilege": "ListMessages", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Assistant*" - }, { "condition_keys": [], "dependent_actions": [], @@ -323559,7 +336228,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Session*" } ] }, @@ -323637,6 +336306,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve knowledge content from specified assistant associations", + "privilege": "Retrieve", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Assistant*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to search for content referencing a specified knowledge base. Can be used to get a specific content resource by its name", @@ -323707,11 +336388,6 @@ "description": "Grants permission to send a message", "privilege": "SendMessage", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Assistant*" - }, { "condition_keys": [], "dependent_actions": [], @@ -323871,11 +336547,6 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "AIAgent*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Assistant*" } ] }, @@ -323888,11 +336559,6 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "AIGuardrail*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Assistant*" } ] }, @@ -323905,11 +336571,6 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "AIPrompt*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Assistant*" } ] }, @@ -324010,11 +336671,6 @@ "description": "Grants permission to update a session", "privilege": "UpdateSession", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Assistant*" - }, { "condition_keys": [], "dependent_actions": [], @@ -324027,11 +336683,6 @@ "description": "Grants permission to update data stored in a session", "privilege": "UpdateSessionData", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Assistant*" - }, { "condition_keys": [], "dependent_actions": [], @@ -327132,6 +339783,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a root client certificate", + "privilege": "CreateRootClientCertificate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "certificateid*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create one or more Standby WorkSpaces", @@ -327359,6 +340022,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete root client certificate", + "privilege": "DeleteRootClientCertificate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "certificateid*" + } + ] + }, { "access_level": "Tagging", "description": "Grants permission to delete tags from WorkSpaces resources", @@ -327563,6 +340238,30 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about consent agreement to BYOL minimum requirements", + "privilege": "DescribeConsent", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about WorkSpace BYOL image import task", + "privilege": "DescribeCustomWorkspaceImageImport", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to retrieve information about resources associated with a WorkSpace image", @@ -327733,6 +340432,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to directory management actions while managing and provisioning workspaces", + "privilege": "DirectoryAccessManagement", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directoryid*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to disassociate connection aliases from directories", @@ -327810,6 +340521,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to import Bring Your Own License (BYOL) images into Amazon WorkSpaces", + "privilege": "ImportCustomWorkspaceImage", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to import Bring Your Own License (BYOL) images into Amazon WorkSpaces", @@ -327902,6 +340625,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to configure the specified directory between Standard TLS and FIPS 140-2 validated mode", + "privilege": "ModifyEndpointEncryptionMode", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directoryid*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to modify the SAML properties of a directory", @@ -328195,6 +340930,30 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update the consent agreement to BYOL minimum requirements", + "privilege": "UpdateConsent", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a root client certificate", + "privilege": "UpdateRootClientCertificate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "certificateid*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to replace rules for IP access control groups", @@ -328253,6 +341012,11 @@ } ], "resources": [ + { + "arn": "arn:${Partition}:workspaces:${Region}:${Account}:workspacecertificate/${CertificateId}", + "condition_keys": [], + "resource": "certificateid" + }, { "arn": "arn:${Partition}:workspaces:${Region}:${Account}:directory/${DirectoryId}", "condition_keys": [ @@ -328316,132 +341080,64 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", + "description": "Filters access based on the tags that are passed in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", + "description": "Filters access based on the tags associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", + "description": "Filters access based on the tag keys that are passed in the request", "type": "ArrayOfString" } ], - "prefix": "workspaces-web", + "prefix": "workspaces-instances", "privileges": [ { "access_level": "Write", - "description": "Grants permission to associate browser settings to web portals", - "privilege": "AssociateBrowserSettings", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "browserSettings*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "portal*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to associate network settings to web portals", - "privilege": "AssociateNetworkSettings", + "description": "Grants permission to associate a workspace managed volume to a workspace managed instance in your account", + "privilege": "AssociateVolume", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "ec2:CreateNetworkInterface", - "ec2:CreateNetworkInterfacePermission", - "ec2:CreateTags", - "ec2:DeleteNetworkInterface", - "ec2:DeleteNetworkInterfacePermission", - "ec2:ModifyNetworkInterfaceAttribute" + "ec2:AttachVolume", + "ec2:DescribeVolumes" ], - "resource_type": "networkSettings*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "portal*" + "resource_type": "WorkspaceInstanceId*" } ] }, { "access_level": "Write", - "description": "Grants permission to associate trust stores with web portals", - "privilege": "AssociateTrustStore", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "portal*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "trustStore*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to associate user access logging settings with web portals", - "privilege": "AssociateUserAccessLoggingSettings", + "description": "Grants permission to create a workspace managed volume in your account", + "privilege": "CreateVolume", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "kinesis:PutRecord", - "kinesis:PutRecords" + "ec2:CreateVolume" ], - "resource_type": "portal*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "userAccessLoggingSettings*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to associate user settings with web portals", - "privilege": "AssociateUserSettings", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "portal*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "userSettings*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create browser settings", - "privilege": "CreateBrowserSettings", + "description": "Grants permission to create a workspace managed instance in your account", + "privilege": "CreateWorkspaceInstance", "resource_types": [ { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [ - "kms:CreateGrant", - "kms:Decrypt", - "kms:DescribeKey", - "kms:GenerateDataKey" + "ec2:DescribeInstances", + "ec2:RunInstances" ], "resource_type": "" } @@ -328449,379 +341145,64 @@ }, { "access_level": "Write", - "description": "Grants permission to create identity providers", - "privilege": "CreateIdentityProvider", + "description": "Grants permission to delete a workspace managed volume in your account", + "privilege": "DeleteVolume", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "portal*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create network settings", - "privilege": "CreateNetworkSettings", - "resource_types": [ - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], "dependent_actions": [ - "iam:CreateServiceLinkedRole" + "ec2:DeleteVolume", + "ec2:DescribeVolumes" ], - "resource_type": "" + "resource_type": "VolumeId*" } ] }, { "access_level": "Write", - "description": "Grants permission to create web portals", - "privilege": "CreatePortal", + "description": "Grants permission to delete a workspace managed instance in your account", + "privilege": "DeleteWorkspaceInstance", "resource_types": [ { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ - "iam:CreateServiceLinkedRole", - "kms:CreateGrant", - "kms:Decrypt", - "kms:DescribeKey", - "kms:GenerateDataKey" - ], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create trust stores", - "privilege": "CreateTrustStore", - "resource_types": [ - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create user access logging settings", - "privilege": "CreateUserAccessLoggingSettings", - "resource_types": [ - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create user settings", - "privilege": "CreateUserSettings", - "resource_types": [ - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "ec2:TerminateInstances" ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete browser settings", - "privilege": "DeleteBrowserSettings", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "browserSettings*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete identity providers", - "privilege": "DeleteIdentityProvider", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete network settings", - "privilege": "DeleteNetworkSettings", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "networkSettings*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete web portals", - "privilege": "DeletePortal", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "portal*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete trust stores", - "privilege": "DeleteTrustStore", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "trustStore*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete user access logging settings", - "privilege": "DeleteUserAccessLoggingSettings", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "userAccessLoggingSettings*" + "resource_type": "WorkspaceInstanceId*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete user settings", - "privilege": "DeleteUserSettings", + "description": "Grants permission to disassociate a workspace managed volume from a workspace managed instance in your account", + "privilege": "DisassociateVolume", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "userSettings*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to disassociate browser settings from web portals", - "privilege": "DisassociateBrowserSettings", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "portal*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to disassociate network settings from web portals", - "privilege": "DisassociateNetworkSettings", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "portal*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to disassociate trust stores from web portals", - "privilege": "DisassociateTrustStore", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "portal*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to disassociate user access logging settings from web portals", - "privilege": "DisassociateUserAccessLoggingSettings", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "portal*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to disassociate user settings from web portals", - "privilege": "DisassociateUserSettings", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "portal*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get details on browser settings", - "privilege": "GetBrowserSettings", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "browserSettings*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get details on identity providers", - "privilege": "GetIdentityProvider", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get details on network settings", - "privilege": "GetNetworkSettings", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "networkSettings*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get details on web portals", - "privilege": "GetPortal", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "portal*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get service provider metadata information for web portals", - "privilege": "GetPortalServiceProviderMetadata", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "portal*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get details on trust stores", - "privilege": "GetTrustStore", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "trustStore*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get certificates from trust stores", - "privilege": "GetTrustStoreCertificate", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "trustStore*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get details on user access logging settings", - "privilege": "GetUserAccessLoggingSettings", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "userAccessLoggingSettings*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get details on user settings", - "privilege": "GetUserSettings", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "userSettings*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list browser settings", - "privilege": "ListBrowserSettings", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "ec2:DescribeVolumes", + "ec2:DetachVolume" + ], + "resource_type": "WorkspaceInstanceId*" } ] }, { "access_level": "Read", - "description": "Grants permission to list identity providers", - "privilege": "ListIdentityProviders", + "description": "Grants permission to get details for a specific workspace managed instance in your account", + "privilege": "GetWorkspaceInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "WorkspaceInstanceId*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list network settings", - "privilege": "ListNetworkSettings", + "access_level": "List", + "description": "Grants permission to list all supported instance types", + "privilege": "ListInstanceTypes", "resource_types": [ { "condition_keys": [], @@ -328831,9 +341212,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list web portals", - "privilege": "ListPortals", + "access_level": "List", + "description": "Grants permission to list all supported AWS regions", + "privilege": "ListRegions", "resource_types": [ { "condition_keys": [], @@ -328843,57 +341224,21 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list tags for a resource", + "access_level": "List", + "description": "Grants permission to list user tags for resources in your account", "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "WorkspaceInstanceId*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list certificates in a trust store", - "privilege": "ListTrustStoreCertificates", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list trust stores", - "privilege": "ListTrustStores", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list user access logging settings", - "privilege": "ListUserAccessLoggingSettings", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list user settings", - "privilege": "ListUserSettings", + "access_level": "List", + "description": "Grants permission to list workspace managed instances in your account", + "privilege": "ListWorkspaceInstances", "resource_types": [ { "condition_keys": [], @@ -328904,43 +341249,18 @@ }, { "access_level": "Tagging", - "description": "Grants permission to add one or more tags to a resource", + "description": "Grants permission to add user tags to resources in your account", "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "browserSettings" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "networkSettings" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "portal" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "trustStore" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "userAccessLoggingSettings" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "userSettings" + "resource_type": "WorkspaceInstanceId*" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -328949,189 +341269,41 @@ }, { "access_level": "Tagging", - "description": "Grants permission to remove one or more tags from a resource", + "description": "Grants permission to remove user tags from resources in your account", "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "browserSettings" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "networkSettings" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "portal" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "trustStore" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "userAccessLoggingSettings" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "userSettings" + "resource_type": "WorkspaceInstanceId*" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" } ] - }, - { - "access_level": "Write", - "description": "Grants permission to update browser settings", - "privilege": "UpdateBrowserSettings", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "browserSettings*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update identity provider", - "privilege": "UpdateIdentityProvider", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update network settings", - "privilege": "UpdateNetworkSettings", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "ec2:CreateNetworkInterface", - "ec2:CreateNetworkInterfacePermission", - "ec2:CreateTags", - "ec2:DeleteNetworkInterface", - "ec2:DeleteNetworkInterfacePermission", - "ec2:ModifyNetworkInterfaceAttribute" - ], - "resource_type": "networkSettings*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update web portals", - "privilege": "UpdatePortal", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "portal*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update trust stores", - "privilege": "UpdateTrustStore", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "trustStore*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update user access logging settings", - "privilege": "UpdateUserAccessLoggingSettings", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "kinesis:PutRecord", - "kinesis:PutRecords" - ], - "resource_type": "userAccessLoggingSettings*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update user settings", - "privilege": "UpdateUserSettings", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "userSettings*" - } - ] } ], "resources": [ { - "arn": "arn:${Partition}:workspaces-web:${Region}:${Account}:browserSettings/${BrowserSettingsId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "browserSettings" - }, - { - "arn": "arn:${Partition}:workspaces-web:${Region}:${Account}:networkSettings/${NetworkSettingsId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "networkSettings" - }, - { - "arn": "arn:${Partition}:workspaces-web:${Region}:${Account}:portal/${PortalId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "portal" - }, - { - "arn": "arn:${Partition}:workspaces-web:${Region}:${Account}:trustStore/${TrustStoreId}", + "arn": "arn:${Partition}:workspaces-instances:${Region}:${Account}:workspaceinstance/${WorkspaceInstanceId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "trustStore" - }, - { - "arn": "arn:${Partition}:workspaces-web:${Region}:${Account}:userSettings/${UserSettingsId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "userSettings" + "resource": "WorkspaceInstanceId" }, { - "arn": "arn:${Partition}:workspaces-web:${Region}:${Account}:userAccessLoggingSettings/${UserAccessLoggingSettingsId}", + "arn": "arn:${Partition}:ec2:${Region}:${Account}:volume/${VolumeId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "userAccessLoggingSettings" + "resource": "VolumeId" } ], - "service_name": "Amazon WorkSpaces Web" + "service_name": "AWS WorkSpaces Managed Instances" }, { "conditions": [ @@ -329228,6 +341400,23 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to associate session logger with web portals", + "privilege": "AssociateSessionLogger", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "portal*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "sessionLogger*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to associate trust stores with web portals", @@ -329296,7 +341485,8 @@ "kms:CreateGrant", "kms:Decrypt", "kms:DescribeKey", - "kms:GenerateDataKey" + "kms:GenerateDataKey", + "workspaces-web:TagResource" ], "resource_type": "" } @@ -329312,7 +341502,9 @@ "aws:TagKeys", "aws:RequestTag/${TagKey}" ], - "dependent_actions": [], + "dependent_actions": [ + "workspaces-web:TagResource" + ], "resource_type": "" } ] @@ -329352,7 +341544,9 @@ "aws:TagKeys", "aws:RequestTag/${TagKey}" ], - "dependent_actions": [], + "dependent_actions": [ + "workspaces-web:TagResource" + ], "resource_type": "" } ] @@ -329368,7 +341562,8 @@ "aws:RequestTag/${TagKey}" ], "dependent_actions": [ - "iam:CreateServiceLinkedRole" + "iam:CreateServiceLinkedRole", + "workspaces-web:TagResource" ], "resource_type": "" } @@ -329389,7 +341584,26 @@ "kms:CreateGrant", "kms:Decrypt", "kms:DescribeKey", - "kms:GenerateDataKey" + "kms:GenerateDataKey", + "workspaces-web:TagResource" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create session logger", + "privilege": "CreateSessionLogger", + "resource_types": [ + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [ + "s3:PutObject", + "workspaces-web:TagResource" ], "resource_type": "" } @@ -329405,7 +341619,9 @@ "aws:TagKeys", "aws:RequestTag/${TagKey}" ], - "dependent_actions": [], + "dependent_actions": [ + "workspaces-web:TagResource" + ], "resource_type": "" } ] @@ -329420,7 +341636,9 @@ "aws:TagKeys", "aws:RequestTag/${TagKey}" ], - "dependent_actions": [], + "dependent_actions": [ + "workspaces-web:TagResource" + ], "resource_type": "" } ] @@ -329435,7 +341653,9 @@ "aws:TagKeys", "aws:RequestTag/${TagKey}" ], - "dependent_actions": [], + "dependent_actions": [ + "workspaces-web:TagResource" + ], "resource_type": "" } ] @@ -329517,6 +341737,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete session logger", + "privilege": "DeleteSessionLogger", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "sessionLogger*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete trust stores", @@ -329601,6 +341833,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to disassociate session logger from web portals", + "privilege": "DisassociateSessionLogger", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "portal*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to disassociate trust stores from web portals", @@ -329745,6 +341989,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get details on session logger", + "privilege": "GetSessionLogger", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "sessionLogger*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get details on trust stores", @@ -329865,6 +342121,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to list session loggers", + "privilege": "ListSessionLoggers", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to list sessions for a Portal using optional filters", @@ -329972,6 +342240,11 @@ "dependent_actions": [], "resource_type": "portal" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "sessionLogger" + }, { "condition_keys": [], "dependent_actions": [], @@ -330032,6 +342305,11 @@ "dependent_actions": [], "resource_type": "portal" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "sessionLogger" + }, { "condition_keys": [], "dependent_actions": [], @@ -330140,6 +342418,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update session logger", + "privilege": "UpdateSessionLogger", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "sessionLogger*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update trust stores", @@ -330243,6 +342533,13 @@ "aws:ResourceTag/${TagKey}" ], "resource": "dataProtectionSettings" + }, + { + "arn": "arn:${Partition}:workspaces-web:${Region}:${Account}:sessionLogger/${SessionLoggerId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "sessionLogger" } ], "service_name": "Amazon WorkSpaces Secure Browser" @@ -330263,6 +342560,21 @@ "condition": "aws:TagKeys", "description": "Filters access by the tag keys that are passed in the request", "type": "ArrayOfString" + }, + { + "condition": "logs:LogGeneratingResourceArns", + "description": "Filters access by LogGeneratingResourceArn in the request", + "type": "ArrayOfARN" + }, + { + "condition": "xray:ResourcePolicyName", + "description": "Filters access by PolicyName in the request", + "type": "String" + }, + { + "condition": "xray:TraceSegmentDestination", + "description": "Filters access by TraceSegmentDestination type in the request", + "type": "String" } ], "prefix": "xray", @@ -330368,7 +342680,9 @@ "privilege": "DeleteResourcePolicy", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "xray:ResourcePolicyName" + ], "dependent_actions": [], "resource_type": "" } @@ -330687,7 +343001,9 @@ "privilege": "PutResourcePolicy", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "xray:ResourcePolicyName" + ], "dependent_actions": [], "resource_type": "" } @@ -330699,7 +343015,9 @@ "privilege": "PutSpans", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "logs:LogGeneratingResourceArns" + ], "dependent_actions": [], "resource_type": "" } @@ -330735,7 +343053,9 @@ "privilege": "PutTraceSegments", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "logs:LogGeneratingResourceArns" + ], "dependent_actions": [], "resource_type": "" } @@ -330858,7 +343178,9 @@ "privilege": "UpdateTraceSegmentDestination", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "xray:TraceSegmentDestination" + ], "dependent_actions": [], "resource_type": "" } diff --git a/parliament/statement.py b/parliament/statement.py index dbf8766..da961a7 100644 --- a/parliament/statement.py +++ b/parliament/statement.py @@ -369,10 +369,14 @@ def get_resources_for_privilege(self, privilege_prefix, privilege_name): for resource_type in privilege_info["resource_types"]: resource_type = resource_type["resource_type"] - # Only check the required resources which have a "*" at the end - if "*" not in resource_type: + # Only check the required resources (non-empty resource types) + # Empty string means the action doesn't require a specific resource type + if not resource_type: continue + # Remove trailing asterisk if present (old format compatibility) + resource_type = resource_type.rstrip("*") + arn_format = get_arn_format( resource_type, privilege_info["service_resources"] ) diff --git a/pyproject.toml b/pyproject.toml new file mode 100644 index 0000000..a321158 --- /dev/null +++ b/pyproject.toml @@ -0,0 +1,65 @@ +[project] +name = "parliament" +version = "1.7.0" +description = "parliament audits your AWS IAM policies" +authors = [{ name = "Duo Security", email = "scott@summitroute.com" }] +requires-python = ">=3.10,<3.15" +readme = "README.md" +license = "BSD-3-Clause" +keywords = [ + "audit", + "aws", + "iam", + "lint", + "parliament", +] +classifiers = [ + "Development Status :: 5 - Production/Stable", + "License :: OSI Approved :: BSD License", + "Programming Language :: Python :: 3", + "Programming Language :: Python :: 3 :: Only", + "Programming Language :: Python :: 3.13", + "Programming Language :: Python :: 3.14", + "Programming Language :: Python :: 3.10", + "Programming Language :: Python :: 3.11", + "Programming Language :: Python :: 3.12", +] +dependencies = [ + "boto3", + "jmespath", + "json-cfg", + "pyyaml", +] + +[dependency-groups] +dev = [ + "autoflake", + "autopep8", + "coverage", + "pylint", + "pytest", + "beautifulsoup4", + "requests", + "pytest-cov>=7.0.0", +] + +[project.urls] +Homepage = "https://github.com/duo-labs/parliament" + +[project.scripts] +parliament = "parliament.cli:cli" + +[tool.uv] +package = true + +[build-system] +requires = ["hatchling"] +build-backend = "hatchling.build" + +[tool.hatch.version] +path = "parliament/__init__.py" + +[tool.hatch.build.targets.sdist] +include = [ + "/parliament", +] diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..7af7369 --- /dev/null +++ b/renovate.json @@ -0,0 +1,6 @@ +{ + $schema: 'https://docs.renovatebot.com/renovate-schema.json', + extends: [ + 'local>mitodl/.github:renovate-config', + ] +} diff --git a/requirements.txt b/requirements.txt deleted file mode 100644 index 3fd5bb2..0000000 --- a/requirements.txt +++ /dev/null @@ -1,28 +0,0 @@ -attrs==22.1.0 -beautifulsoup4==4.11.1 -boto3==1.24.66 -botocore==1.27.66 -certifi==2024.7.4 -chardet==5.0.0 -charset-normalizer==2.1.1 -coverage==6.4.4 -docutils==0.19 -idna==3.7 -iniconfig==1.1.1 -jmespath==1.0.1 -json-cfg==0.4.2 -kwonly-args==1.0.10 -packaging==21.3 -pluggy==1.0.0 -py==1.11.0 -pyparsing==3.0.9 -pytest==7.1.3 -pytest-cov==3.0.0 -python-dateutil==2.8.2 -PyYAML==6.0 -requests==2.32.2 -s3transfer==0.6.0 -six==1.16.0 -soupsieve==2.3.2.post1 -tomli==2.0.1 -urllib3==1.26.19 diff --git a/setup.cfg b/setup.cfg deleted file mode 100644 index 49f821b..0000000 --- a/setup.cfg +++ /dev/null @@ -1,9 +0,0 @@ -[nosetests] -with-coverage=1 -cover-erase=1 -cover-package=parliament -cover-html=1 -cover-html-dir=htmlcov - -[aliases] -test=nosetests \ No newline at end of file diff --git a/setup.py b/setup.py deleted file mode 100644 index 9042d9d..0000000 --- a/setup.py +++ /dev/null @@ -1,57 +0,0 @@ -"""Setup script for parliament""" -import os -import re - -from setuptools import find_packages, setup - - -HERE = os.path.dirname(__file__) -VERSION_RE = re.compile(r"""__version__ = ['"]([0-9.]+)['"]""") -TESTS_REQUIRE = ["coverage", "nose"] - - -def get_version(): - init = open(os.path.join(HERE, "parliament", "__init__.py")).read() - return VERSION_RE.search(init).group(1) - - -def get_description(): - return open( - os.path.join(os.path.abspath(HERE), "README.md"), encoding="utf-8" - ).read() - - -setup( - name="parliament", - version=get_version(), - author="Duo Security", - author_email="scott@summitroute.com", - description=("parliament audits your AWS IAM policies"), - long_description=get_description(), - long_description_content_type="text/markdown", - url="https://github.com/duo-labs/parliament", - entry_points={"console_scripts": "parliament=parliament.cli:cli"}, - test_suite="tests/unit", - tests_require=TESTS_REQUIRE, - extras_require={"dev": TESTS_REQUIRE + ["autoflake", "autopep8", "pylint"]}, - install_requires=["boto3", "jmespath", "pyyaml", "json-cfg"], - setup_requires=["nose"], - packages=find_packages(exclude=["tests*"]), - package_data={ - "parliament": ["iam_definition.json", "config.yaml"], - "parliament.community_auditors": ["config_override.yaml"], - }, - zip_safe=True, - license="BSD 3", - keywords="aws parliament iam lint audit", - python_requires=">=3.6", - classifiers=[ - "License :: OSI Approved :: BSD License", - "Programming Language :: Python :: 3", - "Programming Language :: Python :: 3.6", - "Programming Language :: Python :: 3.7", - "Programming Language :: Python :: 3.8", - "Programming Language :: Python :: 3 :: Only", - "Development Status :: 5 - Production/Stable", - ], -) diff --git a/uv.lock b/uv.lock new file mode 100644 index 0000000..12314d8 --- /dev/null +++ b/uv.lock @@ -0,0 +1,730 @@ +version = 1 +revision = 3 +requires-python = ">=3.10, <3.15" +resolution-markers = [ + "python_full_version >= '3.12'", + "python_full_version == '3.11.*'", + "python_full_version < '3.11'", +] + +[[package]] +name = "astroid" +version = "4.0.2" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "typing-extensions", marker = "python_full_version < '3.11'" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/b7/22/97df040e15d964e592d3a180598ace67e91b7c559d8298bdb3c949dc6e42/astroid-4.0.2.tar.gz", hash = "sha256:ac8fb7ca1c08eb9afec91ccc23edbd8ac73bb22cbdd7da1d488d9fb8d6579070", size = 405714, upload-time = "2025-11-09T21:21:18.373Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/93/ac/a85b4bfb4cf53221513e27f33cc37ad158fce02ac291d18bee6b49ab477d/astroid-4.0.2-py3-none-any.whl", hash = "sha256:d7546c00a12efc32650b19a2bb66a153883185d3179ab0d4868086f807338b9b", size = 276354, upload-time = "2025-11-09T21:21:16.54Z" }, +] + +[[package]] +name = "autoflake" +version = "2.3.1" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "pyflakes" }, + { name = "tomli", marker = "python_full_version < '3.11'" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/2a/cb/486f912d6171bc5748c311a2984a301f4e2d054833a1da78485866c71522/autoflake-2.3.1.tar.gz", hash = "sha256:c98b75dc5b0a86459c4f01a1d32ac7eb4338ec4317a4469515ff1e687ecd909e", size = 27642, upload-time = "2024-03-13T03:41:28.977Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/a2/ee/3fd29bf416eb4f1c5579cf12bf393ae954099258abd7bde03c4f9716ef6b/autoflake-2.3.1-py3-none-any.whl", hash = "sha256:3ae7495db9084b7b32818b4140e6dc4fc280b712fb414f5b8fe57b0a8e85a840", size = 32483, upload-time = "2024-03-13T03:41:26.969Z" }, +] + +[[package]] +name = "autopep8" +version = "2.3.2" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "pycodestyle" }, + { name = "tomli", marker = "python_full_version < '3.11'" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/50/d8/30873d2b7b57dee9263e53d142da044c4600a46f2d28374b3e38b023df16/autopep8-2.3.2.tar.gz", hash = "sha256:89440a4f969197b69a995e4ce0661b031f455a9f776d2c5ba3dbd83466931758", size = 92210, upload-time = "2025-01-14T14:46:18.454Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/9e/43/53afb8ba17218f19b77c7834128566c5bbb100a0ad9ba2e8e89d089d7079/autopep8-2.3.2-py2.py3-none-any.whl", hash = "sha256:ce8ad498672c845a0c3de2629c15b635ec2b05ef8177a6e7c91c74f3e9b51128", size = 45807, upload-time = "2025-01-14T14:46:15.466Z" }, +] + +[[package]] +name = "beautifulsoup4" +version = "4.14.2" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "soupsieve" }, + { name = "typing-extensions" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/77/e9/df2358efd7659577435e2177bfa69cba6c33216681af51a707193dec162a/beautifulsoup4-4.14.2.tar.gz", hash = "sha256:2a98ab9f944a11acee9cc848508ec28d9228abfd522ef0fad6a02a72e0ded69e", size = 625822, upload-time = "2025-09-29T10:05:42.613Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/94/fe/3aed5d0be4d404d12d36ab97e2f1791424d9ca39c2f754a6285d59a3b01d/beautifulsoup4-4.14.2-py3-none-any.whl", hash = "sha256:5ef6fa3a8cbece8488d66985560f97ed091e22bbc4e9c2338508a9d5de6d4515", size = 106392, upload-time = "2025-09-29T10:05:43.771Z" }, +] + +[[package]] +name = "boto3" +version = "1.40.69" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "botocore" }, + { name = "jmespath" }, + { name = "s3transfer" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/56/36/65d292d14261aedbb9a22e5bf194d84c119c889135b42448db646d06d76b/boto3-1.40.69.tar.gz", hash = "sha256:5273f6bac347331a87db809dff97d8736c50c3be19f2bb36ad08c5131c408976", size = 111628, upload-time = "2025-11-07T20:26:26.949Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/4d/2f/65009a8d274cd9c7211807c1a07cce17203ffe76368e3ebc4ca03a7b79de/boto3-1.40.69-py3-none-any.whl", hash = "sha256:c3f710a1990c4be1c0db43b938743d4e404c7f1f06d5f1fa0c8e9b1cea4290b2", size = 139361, upload-time = "2025-11-07T20:26:24.522Z" }, +] + +[[package]] +name = "botocore" +version = "1.40.69" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "jmespath" }, + { name = "python-dateutil" }, + { name = "urllib3" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/e2/73/42499b183ca5cef25c35338ad2636368b0ae2193654642756492e96ee906/botocore-1.40.69.tar.gz", hash = "sha256:df310ddc4d2de5543ba3df4e4b5f9907a2951896d63a9fbae115c26ca0976951", size = 14440352, upload-time = "2025-11-07T20:26:14.276Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/61/d6/bf2b91d4a92af6ee70e0689913414463a48cf51c0fc855c98b94bde8e7f3/botocore-1.40.69-py3-none-any.whl", hash = "sha256:5d810efeb9e18f91f32690642fa81ae60e482eefeea0d35ec72da2e3d924c1a5", size = 14103454, upload-time = "2025-11-07T20:26:09.486Z" }, +] + +[[package]] +name = "certifi" +version = "2025.10.5" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/4c/5b/b6ce21586237c77ce67d01dc5507039d444b630dd76611bbca2d8e5dcd91/certifi-2025.10.5.tar.gz", hash = "sha256:47c09d31ccf2acf0be3f701ea53595ee7e0b8fa08801c6624be771df09ae7b43", size = 164519, upload-time = "2025-10-05T04:12:15.808Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/e4/37/af0d2ef3967ac0d6113837b44a4f0bfe1328c2b9763bd5b1744520e5cfed/certifi-2025.10.5-py3-none-any.whl", hash = "sha256:0f212c2744a9bb6de0c56639a6f68afe01ecd92d91f14ae897c4fe7bbeeef0de", size = 163286, upload-time = "2025-10-05T04:12:14.03Z" }, +] + +[[package]] +name = "charset-normalizer" +version = "3.4.4" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/13/69/33ddede1939fdd074bce5434295f38fae7136463422fe4fd3e0e89b98062/charset_normalizer-3.4.4.tar.gz", hash = "sha256:94537985111c35f28720e43603b8e7b43a6ecfb2ce1d3058bbe955b73404e21a", size = 129418, upload-time = "2025-10-14T04:42:32.879Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/1f/b8/6d51fc1d52cbd52cd4ccedd5b5b2f0f6a11bbf6765c782298b0f3e808541/charset_normalizer-3.4.4-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:e824f1492727fa856dd6eda4f7cee25f8518a12f3c4a56a74e8095695089cf6d", size = 209709, upload-time = "2025-10-14T04:40:11.385Z" }, + { url = "https://files.pythonhosted.org/packages/5c/af/1f9d7f7faafe2ddfb6f72a2e07a548a629c61ad510fe60f9630309908fef/charset_normalizer-3.4.4-cp310-cp310-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:4bd5d4137d500351a30687c2d3971758aac9a19208fc110ccb9d7188fbe709e8", size = 148814, upload-time = "2025-10-14T04:40:13.135Z" }, + { url = "https://files.pythonhosted.org/packages/79/3d/f2e3ac2bbc056ca0c204298ea4e3d9db9b4afe437812638759db2c976b5f/charset_normalizer-3.4.4-cp310-cp310-manylinux2014_armv7l.manylinux_2_17_armv7l.manylinux_2_31_armv7l.whl", hash = "sha256:027f6de494925c0ab2a55eab46ae5129951638a49a34d87f4c3eda90f696b4ad", size = 144467, upload-time = "2025-10-14T04:40:14.728Z" }, + { url = "https://files.pythonhosted.org/packages/ec/85/1bf997003815e60d57de7bd972c57dc6950446a3e4ccac43bc3070721856/charset_normalizer-3.4.4-cp310-cp310-manylinux2014_ppc64le.manylinux_2_17_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:f820802628d2694cb7e56db99213f930856014862f3fd943d290ea8438d07ca8", size = 162280, upload-time = "2025-10-14T04:40:16.14Z" }, + { url = "https://files.pythonhosted.org/packages/3e/8e/6aa1952f56b192f54921c436b87f2aaf7c7a7c3d0d1a765547d64fd83c13/charset_normalizer-3.4.4-cp310-cp310-manylinux2014_s390x.manylinux_2_17_s390x.manylinux_2_28_s390x.whl", hash = "sha256:798d75d81754988d2565bff1b97ba5a44411867c0cf32b77a7e8f8d84796b10d", size = 159454, upload-time = "2025-10-14T04:40:17.567Z" }, + { url = "https://files.pythonhosted.org/packages/36/3b/60cbd1f8e93aa25d1c669c649b7a655b0b5fb4c571858910ea9332678558/charset_normalizer-3.4.4-cp310-cp310-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:9d1bb833febdff5c8927f922386db610b49db6e0d4f4ee29601d71e7c2694313", size = 153609, upload-time = "2025-10-14T04:40:19.08Z" }, + { url = "https://files.pythonhosted.org/packages/64/91/6a13396948b8fd3c4b4fd5bc74d045f5637d78c9675585e8e9fbe5636554/charset_normalizer-3.4.4-cp310-cp310-manylinux_2_31_riscv64.manylinux_2_39_riscv64.whl", hash = "sha256:9cd98cdc06614a2f768d2b7286d66805f94c48cde050acdbbb7db2600ab3197e", size = 151849, upload-time = "2025-10-14T04:40:20.607Z" }, + { url = "https://files.pythonhosted.org/packages/b7/7a/59482e28b9981d105691e968c544cc0df3b7d6133152fb3dcdc8f135da7a/charset_normalizer-3.4.4-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:077fbb858e903c73f6c9db43374fd213b0b6a778106bc7032446a8e8b5b38b93", size = 151586, upload-time = "2025-10-14T04:40:21.719Z" }, + { url = "https://files.pythonhosted.org/packages/92/59/f64ef6a1c4bdd2baf892b04cd78792ed8684fbc48d4c2afe467d96b4df57/charset_normalizer-3.4.4-cp310-cp310-musllinux_1_2_armv7l.whl", hash = "sha256:244bfb999c71b35de57821b8ea746b24e863398194a4014e4c76adc2bbdfeff0", size = 145290, upload-time = "2025-10-14T04:40:23.069Z" }, + { url = "https://files.pythonhosted.org/packages/6b/63/3bf9f279ddfa641ffa1962b0db6a57a9c294361cc2f5fcac997049a00e9c/charset_normalizer-3.4.4-cp310-cp310-musllinux_1_2_ppc64le.whl", hash = "sha256:64b55f9dce520635f018f907ff1b0df1fdc31f2795a922fb49dd14fbcdf48c84", size = 163663, upload-time = "2025-10-14T04:40:24.17Z" }, + { url = "https://files.pythonhosted.org/packages/ed/09/c9e38fc8fa9e0849b172b581fd9803bdf6e694041127933934184e19f8c3/charset_normalizer-3.4.4-cp310-cp310-musllinux_1_2_riscv64.whl", hash = "sha256:faa3a41b2b66b6e50f84ae4a68c64fcd0c44355741c6374813a800cd6695db9e", size = 151964, upload-time = "2025-10-14T04:40:25.368Z" }, + { url = "https://files.pythonhosted.org/packages/d2/d1/d28b747e512d0da79d8b6a1ac18b7ab2ecfd81b2944c4c710e166d8dd09c/charset_normalizer-3.4.4-cp310-cp310-musllinux_1_2_s390x.whl", hash = "sha256:6515f3182dbe4ea06ced2d9e8666d97b46ef4c75e326b79bb624110f122551db", size = 161064, upload-time = "2025-10-14T04:40:26.806Z" }, + { url = "https://files.pythonhosted.org/packages/bb/9a/31d62b611d901c3b9e5500c36aab0ff5eb442043fb3a1c254200d3d397d9/charset_normalizer-3.4.4-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:cc00f04ed596e9dc0da42ed17ac5e596c6ccba999ba6bd92b0e0aef2f170f2d6", size = 155015, upload-time = "2025-10-14T04:40:28.284Z" }, + { url = "https://files.pythonhosted.org/packages/1f/f3/107e008fa2bff0c8b9319584174418e5e5285fef32f79d8ee6a430d0039c/charset_normalizer-3.4.4-cp310-cp310-win32.whl", hash = "sha256:f34be2938726fc13801220747472850852fe6b1ea75869a048d6f896838c896f", size = 99792, upload-time = "2025-10-14T04:40:29.613Z" }, + { url = "https://files.pythonhosted.org/packages/eb/66/e396e8a408843337d7315bab30dbf106c38966f1819f123257f5520f8a96/charset_normalizer-3.4.4-cp310-cp310-win_amd64.whl", hash = "sha256:a61900df84c667873b292c3de315a786dd8dac506704dea57bc957bd31e22c7d", size = 107198, upload-time = "2025-10-14T04:40:30.644Z" }, + { url = "https://files.pythonhosted.org/packages/b5/58/01b4f815bf0312704c267f2ccb6e5d42bcc7752340cd487bc9f8c3710597/charset_normalizer-3.4.4-cp310-cp310-win_arm64.whl", hash = "sha256:cead0978fc57397645f12578bfd2d5ea9138ea0fac82b2f63f7f7c6877986a69", size = 100262, upload-time = "2025-10-14T04:40:32.108Z" }, + { url = "https://files.pythonhosted.org/packages/ed/27/c6491ff4954e58a10f69ad90aca8a1b6fe9c5d3c6f380907af3c37435b59/charset_normalizer-3.4.4-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:6e1fcf0720908f200cd21aa4e6750a48ff6ce4afe7ff5a79a90d5ed8a08296f8", size = 206988, upload-time = "2025-10-14T04:40:33.79Z" }, + { url = "https://files.pythonhosted.org/packages/94/59/2e87300fe67ab820b5428580a53cad894272dbb97f38a7a814a2a1ac1011/charset_normalizer-3.4.4-cp311-cp311-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:5f819d5fe9234f9f82d75bdfa9aef3a3d72c4d24a6e57aeaebba32a704553aa0", size = 147324, upload-time = "2025-10-14T04:40:34.961Z" }, + { url = "https://files.pythonhosted.org/packages/07/fb/0cf61dc84b2b088391830f6274cb57c82e4da8bbc2efeac8c025edb88772/charset_normalizer-3.4.4-cp311-cp311-manylinux2014_armv7l.manylinux_2_17_armv7l.manylinux_2_31_armv7l.whl", hash = "sha256:a59cb51917aa591b1c4e6a43c132f0cdc3c76dbad6155df4e28ee626cc77a0a3", size = 142742, upload-time = "2025-10-14T04:40:36.105Z" }, + { url = "https://files.pythonhosted.org/packages/62/8b/171935adf2312cd745d290ed93cf16cf0dfe320863ab7cbeeae1dcd6535f/charset_normalizer-3.4.4-cp311-cp311-manylinux2014_ppc64le.manylinux_2_17_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:8ef3c867360f88ac904fd3f5e1f902f13307af9052646963ee08ff4f131adafc", size = 160863, upload-time = "2025-10-14T04:40:37.188Z" }, + { url = "https://files.pythonhosted.org/packages/09/73/ad875b192bda14f2173bfc1bc9a55e009808484a4b256748d931b6948442/charset_normalizer-3.4.4-cp311-cp311-manylinux2014_s390x.manylinux_2_17_s390x.manylinux_2_28_s390x.whl", hash = "sha256:d9e45d7faa48ee908174d8fe84854479ef838fc6a705c9315372eacbc2f02897", size = 157837, upload-time = "2025-10-14T04:40:38.435Z" }, + { url = "https://files.pythonhosted.org/packages/6d/fc/de9cce525b2c5b94b47c70a4b4fb19f871b24995c728e957ee68ab1671ea/charset_normalizer-3.4.4-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:840c25fb618a231545cbab0564a799f101b63b9901f2569faecd6b222ac72381", size = 151550, upload-time = "2025-10-14T04:40:40.053Z" }, + { url = "https://files.pythonhosted.org/packages/55/c2/43edd615fdfba8c6f2dfbd459b25a6b3b551f24ea21981e23fb768503ce1/charset_normalizer-3.4.4-cp311-cp311-manylinux_2_31_riscv64.manylinux_2_39_riscv64.whl", hash = "sha256:ca5862d5b3928c4940729dacc329aa9102900382fea192fc5e52eb69d6093815", size = 149162, upload-time = "2025-10-14T04:40:41.163Z" }, + { url = "https://files.pythonhosted.org/packages/03/86/bde4ad8b4d0e9429a4e82c1e8f5c659993a9a863ad62c7df05cf7b678d75/charset_normalizer-3.4.4-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:d9c7f57c3d666a53421049053eaacdd14bbd0a528e2186fcb2e672effd053bb0", size = 150019, upload-time = "2025-10-14T04:40:42.276Z" }, + { url = "https://files.pythonhosted.org/packages/1f/86/a151eb2af293a7e7bac3a739b81072585ce36ccfb4493039f49f1d3cae8c/charset_normalizer-3.4.4-cp311-cp311-musllinux_1_2_armv7l.whl", hash = "sha256:277e970e750505ed74c832b4bf75dac7476262ee2a013f5574dd49075879e161", size = 143310, upload-time = "2025-10-14T04:40:43.439Z" }, + { url = "https://files.pythonhosted.org/packages/b5/fe/43dae6144a7e07b87478fdfc4dbe9efd5defb0e7ec29f5f58a55aeef7bf7/charset_normalizer-3.4.4-cp311-cp311-musllinux_1_2_ppc64le.whl", hash = "sha256:31fd66405eaf47bb62e8cd575dc621c56c668f27d46a61d975a249930dd5e2a4", size = 162022, upload-time = "2025-10-14T04:40:44.547Z" }, + { url = "https://files.pythonhosted.org/packages/80/e6/7aab83774f5d2bca81f42ac58d04caf44f0cc2b65fc6db2b3b2e8a05f3b3/charset_normalizer-3.4.4-cp311-cp311-musllinux_1_2_riscv64.whl", hash = "sha256:0d3d8f15c07f86e9ff82319b3d9ef6f4bf907608f53fe9d92b28ea9ae3d1fd89", size = 149383, upload-time = "2025-10-14T04:40:46.018Z" }, + { url = "https://files.pythonhosted.org/packages/4f/e8/b289173b4edae05c0dde07f69f8db476a0b511eac556dfe0d6bda3c43384/charset_normalizer-3.4.4-cp311-cp311-musllinux_1_2_s390x.whl", hash = "sha256:9f7fcd74d410a36883701fafa2482a6af2ff5ba96b9a620e9e0721e28ead5569", size = 159098, upload-time = "2025-10-14T04:40:47.081Z" }, + { url = "https://files.pythonhosted.org/packages/d8/df/fe699727754cae3f8478493c7f45f777b17c3ef0600e28abfec8619eb49c/charset_normalizer-3.4.4-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:ebf3e58c7ec8a8bed6d66a75d7fb37b55e5015b03ceae72a8e7c74495551e224", size = 152991, upload-time = "2025-10-14T04:40:48.246Z" }, + { url = "https://files.pythonhosted.org/packages/1a/86/584869fe4ddb6ffa3bd9f491b87a01568797fb9bd8933f557dba9771beaf/charset_normalizer-3.4.4-cp311-cp311-win32.whl", hash = "sha256:eecbc200c7fd5ddb9a7f16c7decb07b566c29fa2161a16cf67b8d068bd21690a", size = 99456, upload-time = "2025-10-14T04:40:49.376Z" }, + { url = "https://files.pythonhosted.org/packages/65/f6/62fdd5feb60530f50f7e38b4f6a1d5203f4d16ff4f9f0952962c044e919a/charset_normalizer-3.4.4-cp311-cp311-win_amd64.whl", hash = "sha256:5ae497466c7901d54b639cf42d5b8c1b6a4fead55215500d2f486d34db48d016", size = 106978, upload-time = "2025-10-14T04:40:50.844Z" }, + { url = "https://files.pythonhosted.org/packages/7a/9d/0710916e6c82948b3be62d9d398cb4fcf4e97b56d6a6aeccd66c4b2f2bd5/charset_normalizer-3.4.4-cp311-cp311-win_arm64.whl", hash = "sha256:65e2befcd84bc6f37095f5961e68a6f077bf44946771354a28ad434c2cce0ae1", size = 99969, upload-time = "2025-10-14T04:40:52.272Z" }, + { url = "https://files.pythonhosted.org/packages/f3/85/1637cd4af66fa687396e757dec650f28025f2a2f5a5531a3208dc0ec43f2/charset_normalizer-3.4.4-cp312-cp312-macosx_10_13_universal2.whl", hash = "sha256:0a98e6759f854bd25a58a73fa88833fba3b7c491169f86ce1180c948ab3fd394", size = 208425, upload-time = "2025-10-14T04:40:53.353Z" }, + { url = "https://files.pythonhosted.org/packages/9d/6a/04130023fef2a0d9c62d0bae2649b69f7b7d8d24ea5536feef50551029df/charset_normalizer-3.4.4-cp312-cp312-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:b5b290ccc2a263e8d185130284f8501e3e36c5e02750fc6b6bdeb2e9e96f1e25", size = 148162, upload-time = "2025-10-14T04:40:54.558Z" }, + { url = "https://files.pythonhosted.org/packages/78/29/62328d79aa60da22c9e0b9a66539feae06ca0f5a4171ac4f7dc285b83688/charset_normalizer-3.4.4-cp312-cp312-manylinux2014_armv7l.manylinux_2_17_armv7l.manylinux_2_31_armv7l.whl", hash = "sha256:74bb723680f9f7a6234dcf67aea57e708ec1fbdf5699fb91dfd6f511b0a320ef", size = 144558, upload-time = "2025-10-14T04:40:55.677Z" }, + { url = "https://files.pythonhosted.org/packages/86/bb/b32194a4bf15b88403537c2e120b817c61cd4ecffa9b6876e941c3ee38fe/charset_normalizer-3.4.4-cp312-cp312-manylinux2014_ppc64le.manylinux_2_17_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:f1e34719c6ed0b92f418c7c780480b26b5d9c50349e9a9af7d76bf757530350d", size = 161497, upload-time = "2025-10-14T04:40:57.217Z" }, + { url = "https://files.pythonhosted.org/packages/19/89/a54c82b253d5b9b111dc74aca196ba5ccfcca8242d0fb64146d4d3183ff1/charset_normalizer-3.4.4-cp312-cp312-manylinux2014_s390x.manylinux_2_17_s390x.manylinux_2_28_s390x.whl", hash = "sha256:2437418e20515acec67d86e12bf70056a33abdacb5cb1655042f6538d6b085a8", size = 159240, upload-time = "2025-10-14T04:40:58.358Z" }, + { url = "https://files.pythonhosted.org/packages/c0/10/d20b513afe03acc89ec33948320a5544d31f21b05368436d580dec4e234d/charset_normalizer-3.4.4-cp312-cp312-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:11d694519d7f29d6cd09f6ac70028dba10f92f6cdd059096db198c283794ac86", size = 153471, upload-time = "2025-10-14T04:40:59.468Z" }, + { url = "https://files.pythonhosted.org/packages/61/fa/fbf177b55bdd727010f9c0a3c49eefa1d10f960e5f09d1d887bf93c2e698/charset_normalizer-3.4.4-cp312-cp312-manylinux_2_31_riscv64.manylinux_2_39_riscv64.whl", hash = "sha256:ac1c4a689edcc530fc9d9aa11f5774b9e2f33f9a0c6a57864e90908f5208d30a", size = 150864, upload-time = "2025-10-14T04:41:00.623Z" }, + { url = "https://files.pythonhosted.org/packages/05/12/9fbc6a4d39c0198adeebbde20b619790e9236557ca59fc40e0e3cebe6f40/charset_normalizer-3.4.4-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:21d142cc6c0ec30d2efee5068ca36c128a30b0f2c53c1c07bd78cb6bc1d3be5f", size = 150647, upload-time = "2025-10-14T04:41:01.754Z" }, + { url = "https://files.pythonhosted.org/packages/ad/1f/6a9a593d52e3e8c5d2b167daf8c6b968808efb57ef4c210acb907c365bc4/charset_normalizer-3.4.4-cp312-cp312-musllinux_1_2_armv7l.whl", hash = "sha256:5dbe56a36425d26d6cfb40ce79c314a2e4dd6211d51d6d2191c00bed34f354cc", size = 145110, upload-time = "2025-10-14T04:41:03.231Z" }, + { url = "https://files.pythonhosted.org/packages/30/42/9a52c609e72471b0fc54386dc63c3781a387bb4fe61c20231a4ebcd58bdd/charset_normalizer-3.4.4-cp312-cp312-musllinux_1_2_ppc64le.whl", hash = "sha256:5bfbb1b9acf3334612667b61bd3002196fe2a1eb4dd74d247e0f2a4d50ec9bbf", size = 162839, upload-time = "2025-10-14T04:41:04.715Z" }, + { url = "https://files.pythonhosted.org/packages/c4/5b/c0682bbf9f11597073052628ddd38344a3d673fda35a36773f7d19344b23/charset_normalizer-3.4.4-cp312-cp312-musllinux_1_2_riscv64.whl", hash = "sha256:d055ec1e26e441f6187acf818b73564e6e6282709e9bcb5b63f5b23068356a15", size = 150667, upload-time = "2025-10-14T04:41:05.827Z" }, + { url = "https://files.pythonhosted.org/packages/e4/24/a41afeab6f990cf2daf6cb8c67419b63b48cf518e4f56022230840c9bfb2/charset_normalizer-3.4.4-cp312-cp312-musllinux_1_2_s390x.whl", hash = "sha256:af2d8c67d8e573d6de5bc30cdb27e9b95e49115cd9baad5ddbd1a6207aaa82a9", size = 160535, upload-time = "2025-10-14T04:41:06.938Z" }, + { url = "https://files.pythonhosted.org/packages/2a/e5/6a4ce77ed243c4a50a1fecca6aaaab419628c818a49434be428fe24c9957/charset_normalizer-3.4.4-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:780236ac706e66881f3b7f2f32dfe90507a09e67d1d454c762cf642e6e1586e0", size = 154816, upload-time = "2025-10-14T04:41:08.101Z" }, + { url = "https://files.pythonhosted.org/packages/a8/ef/89297262b8092b312d29cdb2517cb1237e51db8ecef2e9af5edbe7b683b1/charset_normalizer-3.4.4-cp312-cp312-win32.whl", hash = "sha256:5833d2c39d8896e4e19b689ffc198f08ea58116bee26dea51e362ecc7cd3ed26", size = 99694, upload-time = "2025-10-14T04:41:09.23Z" }, + { url = "https://files.pythonhosted.org/packages/3d/2d/1e5ed9dd3b3803994c155cd9aacb60c82c331bad84daf75bcb9c91b3295e/charset_normalizer-3.4.4-cp312-cp312-win_amd64.whl", hash = "sha256:a79cfe37875f822425b89a82333404539ae63dbdddf97f84dcbc3d339aae9525", size = 107131, upload-time = "2025-10-14T04:41:10.467Z" }, + { url = "https://files.pythonhosted.org/packages/d0/d9/0ed4c7098a861482a7b6a95603edce4c0d9db2311af23da1fb2b75ec26fc/charset_normalizer-3.4.4-cp312-cp312-win_arm64.whl", hash = "sha256:376bec83a63b8021bb5c8ea75e21c4ccb86e7e45ca4eb81146091b56599b80c3", size = 100390, upload-time = "2025-10-14T04:41:11.915Z" }, + { url = "https://files.pythonhosted.org/packages/97/45/4b3a1239bbacd321068ea6e7ac28875b03ab8bc0aa0966452db17cd36714/charset_normalizer-3.4.4-cp313-cp313-macosx_10_13_universal2.whl", hash = "sha256:e1f185f86a6f3403aa2420e815904c67b2f9ebc443f045edd0de921108345794", size = 208091, upload-time = "2025-10-14T04:41:13.346Z" }, + { url = "https://files.pythonhosted.org/packages/7d/62/73a6d7450829655a35bb88a88fca7d736f9882a27eacdca2c6d505b57e2e/charset_normalizer-3.4.4-cp313-cp313-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:6b39f987ae8ccdf0d2642338faf2abb1862340facc796048b604ef14919e55ed", size = 147936, upload-time = "2025-10-14T04:41:14.461Z" }, + { url = "https://files.pythonhosted.org/packages/89/c5/adb8c8b3d6625bef6d88b251bbb0d95f8205831b987631ab0c8bb5d937c2/charset_normalizer-3.4.4-cp313-cp313-manylinux2014_armv7l.manylinux_2_17_armv7l.manylinux_2_31_armv7l.whl", hash = "sha256:3162d5d8ce1bb98dd51af660f2121c55d0fa541b46dff7bb9b9f86ea1d87de72", size = 144180, upload-time = "2025-10-14T04:41:15.588Z" }, + { url = "https://files.pythonhosted.org/packages/91/ed/9706e4070682d1cc219050b6048bfd293ccf67b3d4f5a4f39207453d4b99/charset_normalizer-3.4.4-cp313-cp313-manylinux2014_ppc64le.manylinux_2_17_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:81d5eb2a312700f4ecaa977a8235b634ce853200e828fbadf3a9c50bab278328", size = 161346, upload-time = "2025-10-14T04:41:16.738Z" }, + { url = "https://files.pythonhosted.org/packages/d5/0d/031f0d95e4972901a2f6f09ef055751805ff541511dc1252ba3ca1f80cf5/charset_normalizer-3.4.4-cp313-cp313-manylinux2014_s390x.manylinux_2_17_s390x.manylinux_2_28_s390x.whl", hash = "sha256:5bd2293095d766545ec1a8f612559f6b40abc0eb18bb2f5d1171872d34036ede", size = 158874, upload-time = "2025-10-14T04:41:17.923Z" }, + { url = "https://files.pythonhosted.org/packages/f5/83/6ab5883f57c9c801ce5e5677242328aa45592be8a00644310a008d04f922/charset_normalizer-3.4.4-cp313-cp313-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:a8a8b89589086a25749f471e6a900d3f662d1d3b6e2e59dcecf787b1cc3a1894", size = 153076, upload-time = "2025-10-14T04:41:19.106Z" }, + { url = "https://files.pythonhosted.org/packages/75/1e/5ff781ddf5260e387d6419959ee89ef13878229732732ee73cdae01800f2/charset_normalizer-3.4.4-cp313-cp313-manylinux_2_31_riscv64.manylinux_2_39_riscv64.whl", hash = "sha256:bc7637e2f80d8530ee4a78e878bce464f70087ce73cf7c1caf142416923b98f1", size = 150601, upload-time = "2025-10-14T04:41:20.245Z" }, + { url = "https://files.pythonhosted.org/packages/d7/57/71be810965493d3510a6ca79b90c19e48696fb1ff964da319334b12677f0/charset_normalizer-3.4.4-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:f8bf04158c6b607d747e93949aa60618b61312fe647a6369f88ce2ff16043490", size = 150376, upload-time = "2025-10-14T04:41:21.398Z" }, + { url = "https://files.pythonhosted.org/packages/e5/d5/c3d057a78c181d007014feb7e9f2e65905a6c4ef182c0ddf0de2924edd65/charset_normalizer-3.4.4-cp313-cp313-musllinux_1_2_armv7l.whl", hash = "sha256:554af85e960429cf30784dd47447d5125aaa3b99a6f0683589dbd27e2f45da44", size = 144825, upload-time = "2025-10-14T04:41:22.583Z" }, + { url = "https://files.pythonhosted.org/packages/e6/8c/d0406294828d4976f275ffbe66f00266c4b3136b7506941d87c00cab5272/charset_normalizer-3.4.4-cp313-cp313-musllinux_1_2_ppc64le.whl", hash = "sha256:74018750915ee7ad843a774364e13a3db91682f26142baddf775342c3f5b1133", size = 162583, upload-time = "2025-10-14T04:41:23.754Z" }, + { url = "https://files.pythonhosted.org/packages/d7/24/e2aa1f18c8f15c4c0e932d9287b8609dd30ad56dbe41d926bd846e22fb8d/charset_normalizer-3.4.4-cp313-cp313-musllinux_1_2_riscv64.whl", hash = "sha256:c0463276121fdee9c49b98908b3a89c39be45d86d1dbaa22957e38f6321d4ce3", size = 150366, upload-time = "2025-10-14T04:41:25.27Z" }, + { url = "https://files.pythonhosted.org/packages/e4/5b/1e6160c7739aad1e2df054300cc618b06bf784a7a164b0f238360721ab86/charset_normalizer-3.4.4-cp313-cp313-musllinux_1_2_s390x.whl", hash = "sha256:362d61fd13843997c1c446760ef36f240cf81d3ebf74ac62652aebaf7838561e", size = 160300, upload-time = "2025-10-14T04:41:26.725Z" }, + { url = "https://files.pythonhosted.org/packages/7a/10/f882167cd207fbdd743e55534d5d9620e095089d176d55cb22d5322f2afd/charset_normalizer-3.4.4-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:9a26f18905b8dd5d685d6d07b0cdf98a79f3c7a918906af7cc143ea2e164c8bc", size = 154465, upload-time = "2025-10-14T04:41:28.322Z" }, + { url = "https://files.pythonhosted.org/packages/89/66/c7a9e1b7429be72123441bfdbaf2bc13faab3f90b933f664db506dea5915/charset_normalizer-3.4.4-cp313-cp313-win32.whl", hash = "sha256:9b35f4c90079ff2e2edc5b26c0c77925e5d2d255c42c74fdb70fb49b172726ac", size = 99404, upload-time = "2025-10-14T04:41:29.95Z" }, + { url = "https://files.pythonhosted.org/packages/c4/26/b9924fa27db384bdcd97ab83b4f0a8058d96ad9626ead570674d5e737d90/charset_normalizer-3.4.4-cp313-cp313-win_amd64.whl", hash = "sha256:b435cba5f4f750aa6c0a0d92c541fb79f69a387c91e61f1795227e4ed9cece14", size = 107092, upload-time = "2025-10-14T04:41:31.188Z" }, + { url = "https://files.pythonhosted.org/packages/af/8f/3ed4bfa0c0c72a7ca17f0380cd9e4dd842b09f664e780c13cff1dcf2ef1b/charset_normalizer-3.4.4-cp313-cp313-win_arm64.whl", hash = "sha256:542d2cee80be6f80247095cc36c418f7bddd14f4a6de45af91dfad36d817bba2", size = 100408, upload-time = "2025-10-14T04:41:32.624Z" }, + { url = "https://files.pythonhosted.org/packages/2a/35/7051599bd493e62411d6ede36fd5af83a38f37c4767b92884df7301db25d/charset_normalizer-3.4.4-cp314-cp314-macosx_10_13_universal2.whl", hash = "sha256:da3326d9e65ef63a817ecbcc0df6e94463713b754fe293eaa03da99befb9a5bd", size = 207746, upload-time = "2025-10-14T04:41:33.773Z" }, + { url = "https://files.pythonhosted.org/packages/10/9a/97c8d48ef10d6cd4fcead2415523221624bf58bcf68a802721a6bc807c8f/charset_normalizer-3.4.4-cp314-cp314-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:8af65f14dc14a79b924524b1e7fffe304517b2bff5a58bf64f30b98bbc5079eb", size = 147889, upload-time = "2025-10-14T04:41:34.897Z" }, + { url = "https://files.pythonhosted.org/packages/10/bf/979224a919a1b606c82bd2c5fa49b5c6d5727aa47b4312bb27b1734f53cd/charset_normalizer-3.4.4-cp314-cp314-manylinux2014_armv7l.manylinux_2_17_armv7l.manylinux_2_31_armv7l.whl", hash = "sha256:74664978bb272435107de04e36db5a9735e78232b85b77d45cfb38f758efd33e", size = 143641, upload-time = "2025-10-14T04:41:36.116Z" }, + { url = "https://files.pythonhosted.org/packages/ba/33/0ad65587441fc730dc7bd90e9716b30b4702dc7b617e6ba4997dc8651495/charset_normalizer-3.4.4-cp314-cp314-manylinux2014_ppc64le.manylinux_2_17_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:752944c7ffbfdd10c074dc58ec2d5a8a4cd9493b314d367c14d24c17684ddd14", size = 160779, upload-time = "2025-10-14T04:41:37.229Z" }, + { url = "https://files.pythonhosted.org/packages/67/ed/331d6b249259ee71ddea93f6f2f0a56cfebd46938bde6fcc6f7b9a3d0e09/charset_normalizer-3.4.4-cp314-cp314-manylinux2014_s390x.manylinux_2_17_s390x.manylinux_2_28_s390x.whl", hash = "sha256:d1f13550535ad8cff21b8d757a3257963e951d96e20ec82ab44bc64aeb62a191", size = 159035, upload-time = "2025-10-14T04:41:38.368Z" }, + { url = "https://files.pythonhosted.org/packages/67/ff/f6b948ca32e4f2a4576aa129d8bed61f2e0543bf9f5f2b7fc3758ed005c9/charset_normalizer-3.4.4-cp314-cp314-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:ecaae4149d99b1c9e7b88bb03e3221956f68fd6d50be2ef061b2381b61d20838", size = 152542, upload-time = "2025-10-14T04:41:39.862Z" }, + { url = "https://files.pythonhosted.org/packages/16/85/276033dcbcc369eb176594de22728541a925b2632f9716428c851b149e83/charset_normalizer-3.4.4-cp314-cp314-manylinux_2_31_riscv64.manylinux_2_39_riscv64.whl", hash = "sha256:cb6254dc36b47a990e59e1068afacdcd02958bdcce30bb50cc1700a8b9d624a6", size = 149524, upload-time = "2025-10-14T04:41:41.319Z" }, + { url = "https://files.pythonhosted.org/packages/9e/f2/6a2a1f722b6aba37050e626530a46a68f74e63683947a8acff92569f979a/charset_normalizer-3.4.4-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:c8ae8a0f02f57a6e61203a31428fa1d677cbe50c93622b4149d5c0f319c1d19e", size = 150395, upload-time = "2025-10-14T04:41:42.539Z" }, + { url = "https://files.pythonhosted.org/packages/60/bb/2186cb2f2bbaea6338cad15ce23a67f9b0672929744381e28b0592676824/charset_normalizer-3.4.4-cp314-cp314-musllinux_1_2_armv7l.whl", hash = "sha256:47cc91b2f4dd2833fddaedd2893006b0106129d4b94fdb6af1f4ce5a9965577c", size = 143680, upload-time = "2025-10-14T04:41:43.661Z" }, + { url = "https://files.pythonhosted.org/packages/7d/a5/bf6f13b772fbb2a90360eb620d52ed8f796f3c5caee8398c3b2eb7b1c60d/charset_normalizer-3.4.4-cp314-cp314-musllinux_1_2_ppc64le.whl", hash = "sha256:82004af6c302b5d3ab2cfc4cc5f29db16123b1a8417f2e25f9066f91d4411090", size = 162045, upload-time = "2025-10-14T04:41:44.821Z" }, + { url = "https://files.pythonhosted.org/packages/df/c5/d1be898bf0dc3ef9030c3825e5d3b83f2c528d207d246cbabe245966808d/charset_normalizer-3.4.4-cp314-cp314-musllinux_1_2_riscv64.whl", hash = "sha256:2b7d8f6c26245217bd2ad053761201e9f9680f8ce52f0fcd8d0755aeae5b2152", size = 149687, upload-time = "2025-10-14T04:41:46.442Z" }, + { url = "https://files.pythonhosted.org/packages/a5/42/90c1f7b9341eef50c8a1cb3f098ac43b0508413f33affd762855f67a410e/charset_normalizer-3.4.4-cp314-cp314-musllinux_1_2_s390x.whl", hash = "sha256:799a7a5e4fb2d5898c60b640fd4981d6a25f1c11790935a44ce38c54e985f828", size = 160014, upload-time = "2025-10-14T04:41:47.631Z" }, + { url = "https://files.pythonhosted.org/packages/76/be/4d3ee471e8145d12795ab655ece37baed0929462a86e72372fd25859047c/charset_normalizer-3.4.4-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:99ae2cffebb06e6c22bdc25801d7b30f503cc87dbd283479e7b606f70aff57ec", size = 154044, upload-time = "2025-10-14T04:41:48.81Z" }, + { url = "https://files.pythonhosted.org/packages/b0/6f/8f7af07237c34a1defe7defc565a9bc1807762f672c0fde711a4b22bf9c0/charset_normalizer-3.4.4-cp314-cp314-win32.whl", hash = "sha256:f9d332f8c2a2fcbffe1378594431458ddbef721c1769d78e2cbc06280d8155f9", size = 99940, upload-time = "2025-10-14T04:41:49.946Z" }, + { url = "https://files.pythonhosted.org/packages/4b/51/8ade005e5ca5b0d80fb4aff72a3775b325bdc3d27408c8113811a7cbe640/charset_normalizer-3.4.4-cp314-cp314-win_amd64.whl", hash = "sha256:8a6562c3700cce886c5be75ade4a5db4214fda19fede41d9792d100288d8f94c", size = 107104, upload-time = "2025-10-14T04:41:51.051Z" }, + { url = "https://files.pythonhosted.org/packages/da/5f/6b8f83a55bb8278772c5ae54a577f3099025f9ade59d0136ac24a0df4bde/charset_normalizer-3.4.4-cp314-cp314-win_arm64.whl", hash = "sha256:de00632ca48df9daf77a2c65a484531649261ec9f25489917f09e455cb09ddb2", size = 100743, upload-time = "2025-10-14T04:41:52.122Z" }, + { url = "https://files.pythonhosted.org/packages/0a/4c/925909008ed5a988ccbb72dcc897407e5d6d3bd72410d69e051fc0c14647/charset_normalizer-3.4.4-py3-none-any.whl", hash = "sha256:7a32c560861a02ff789ad905a2fe94e3f840803362c84fecf1851cb4cf3dc37f", size = 53402, upload-time = "2025-10-14T04:42:31.76Z" }, +] + +[[package]] +name = "colorama" +version = "0.4.6" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/d8/53/6f443c9a4a8358a93a6792e2acffb9d9d5cb0a5cfd8802644b7b1c9a02e4/colorama-0.4.6.tar.gz", hash = "sha256:08695f5cb7ed6e0531a20572697297273c47b8cae5a63ffc6d6ed5c201be6e44", size = 27697, upload-time = "2022-10-25T02:36:22.414Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/d1/d6/3965ed04c63042e047cb6a3e6ed1a63a35087b6a609aa3a15ed8ac56c221/colorama-0.4.6-py2.py3-none-any.whl", hash = "sha256:4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6", size = 25335, upload-time = "2022-10-25T02:36:20.889Z" }, +] + +[[package]] +name = "coverage" +version = "7.11.3" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/d2/59/9698d57a3b11704c7b89b21d69e9d23ecf80d538cabb536c8b63f4a12322/coverage-7.11.3.tar.gz", hash = "sha256:0f59387f5e6edbbffec2281affb71cdc85e0776c1745150a3ab9b6c1d016106b", size = 815210, upload-time = "2025-11-10T00:13:17.18Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/fd/68/b53157115ef76d50d1d916d6240e5cd5b3c14dba8ba1b984632b8221fc2e/coverage-7.11.3-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:0c986537abca9b064510f3fd104ba33e98d3036608c7f2f5537f869bc10e1ee5", size = 216377, upload-time = "2025-11-10T00:10:27.317Z" }, + { url = "https://files.pythonhosted.org/packages/14/c1/d2f9d8e37123fe6e7ab8afcaab8195f13bc84a8b2f449a533fd4812ac724/coverage-7.11.3-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:28c5251b3ab1d23e66f1130ca0c419747edfbcb4690de19467cd616861507af7", size = 216892, upload-time = "2025-11-10T00:10:30.624Z" }, + { url = "https://files.pythonhosted.org/packages/83/73/18f05d8010149b650ed97ee5c9f7e4ae68c05c7d913391523281e41c2495/coverage-7.11.3-cp310-cp310-manylinux1_i686.manylinux_2_28_i686.manylinux_2_5_i686.whl", hash = "sha256:4f2bb4ee8dd40f9b2a80bb4adb2aecece9480ba1fa60d9382e8c8e0bd558e2eb", size = 243650, upload-time = "2025-11-10T00:10:32.392Z" }, + { url = "https://files.pythonhosted.org/packages/63/3c/c0cbb296c0ecc6dcbd70f4b473fcd7fe4517bbef8b09f4326d78f38adb87/coverage-7.11.3-cp310-cp310-manylinux1_x86_64.manylinux_2_28_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:e5f4bfac975a2138215a38bda599ef00162e4143541cf7dd186da10a7f8e69f1", size = 245478, upload-time = "2025-11-10T00:10:34.157Z" }, + { url = "https://files.pythonhosted.org/packages/b9/9a/dad288cf9faa142a14e75e39dc646d968b93d74e15c83e9b13fd628f2cb3/coverage-7.11.3-cp310-cp310-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:8f4cbfff5cf01fa07464439a8510affc9df281535f41a1f5312fbd2b59b4ab5c", size = 247337, upload-time = "2025-11-10T00:10:35.655Z" }, + { url = "https://files.pythonhosted.org/packages/e3/ba/f6148ebf5547b3502013175e41bf3107a4e34b7dd19f9793a6ce0e1cd61f/coverage-7.11.3-cp310-cp310-manylinux_2_31_riscv64.manylinux_2_39_riscv64.whl", hash = "sha256:31663572f20bf3406d7ac00d6981c7bbbcec302539d26b5ac596ca499664de31", size = 244328, upload-time = "2025-11-10T00:10:37.459Z" }, + { url = "https://files.pythonhosted.org/packages/e6/4d/b93784d0b593c5df89a0d48cbbd2d0963e0ca089eaf877405849792e46d3/coverage-7.11.3-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:9799bd6a910961cb666196b8583ed0ee125fa225c6fdee2cbf00232b861f29d2", size = 245381, upload-time = "2025-11-10T00:10:39.229Z" }, + { url = "https://files.pythonhosted.org/packages/3a/8d/6735bfd4f0f736d457642ee056a570d704c9d57fdcd5c91ea5d6b15c944e/coverage-7.11.3-cp310-cp310-musllinux_1_2_i686.whl", hash = "sha256:097acc18bedf2c6e3144eaf09b5f6034926c3c9bb9e10574ffd0942717232507", size = 243390, upload-time = "2025-11-10T00:10:40.984Z" }, + { url = "https://files.pythonhosted.org/packages/db/3d/7ba68ed52d1873d450aefd8d2f5a353e67b421915cb6c174e4222c7b918c/coverage-7.11.3-cp310-cp310-musllinux_1_2_riscv64.whl", hash = "sha256:6f033dec603eea88204589175782290a038b436105a8f3637a81c4359df27832", size = 243654, upload-time = "2025-11-10T00:10:42.496Z" }, + { url = "https://files.pythonhosted.org/packages/14/26/be2720c4c7bf73c6591ae4ab503a7b5a31c7a60ced6dba855cfcb4a5af7e/coverage-7.11.3-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:dd9ca2d44ed8018c90efb72f237a2a140325a4c3339971364d758e78b175f58e", size = 244272, upload-time = "2025-11-10T00:10:44.39Z" }, + { url = "https://files.pythonhosted.org/packages/90/20/086f5697780df146dbc0df4ae9b6db2b23ddf5aa550f977b2825137728e9/coverage-7.11.3-cp310-cp310-win32.whl", hash = "sha256:900580bc99c145e2561ea91a2d207e639171870d8a18756eb57db944a017d4bb", size = 218969, upload-time = "2025-11-10T00:10:45.863Z" }, + { url = "https://files.pythonhosted.org/packages/98/5c/cc6faba945ede5088156da7770e30d06c38b8591785ac99bcfb2074f9ef6/coverage-7.11.3-cp310-cp310-win_amd64.whl", hash = "sha256:c8be5bfcdc7832011b2652db29ed7672ce9d353dd19bce5272ca33dbcf60aaa8", size = 219903, upload-time = "2025-11-10T00:10:47.676Z" }, + { url = "https://files.pythonhosted.org/packages/92/92/43a961c0f57b666d01c92bcd960c7f93677de5e4ee7ca722564ad6dee0fa/coverage-7.11.3-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:200bb89fd2a8a07780eafcdff6463104dec459f3c838d980455cfa84f5e5e6e1", size = 216504, upload-time = "2025-11-10T00:10:49.524Z" }, + { url = "https://files.pythonhosted.org/packages/5d/5c/dbfc73329726aef26dbf7fefef81b8a2afd1789343a579ea6d99bf15d26e/coverage-7.11.3-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:8d264402fc179776d43e557e1ca4a7d953020d3ee95f7ec19cc2c9d769277f06", size = 217006, upload-time = "2025-11-10T00:10:51.32Z" }, + { url = "https://files.pythonhosted.org/packages/a5/e0/878c84fb6661964bc435beb1e28c050650aa30e4c1cdc12341e298700bda/coverage-7.11.3-cp311-cp311-manylinux1_i686.manylinux_2_28_i686.manylinux_2_5_i686.whl", hash = "sha256:385977d94fc155f8731c895accdfcc3dd0d9dd9ef90d102969df95d3c637ab80", size = 247415, upload-time = "2025-11-10T00:10:52.805Z" }, + { url = "https://files.pythonhosted.org/packages/56/9e/0677e78b1e6a13527f39c4b39c767b351e256b333050539861c63f98bd61/coverage-7.11.3-cp311-cp311-manylinux1_x86_64.manylinux_2_28_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:0542ddf6107adbd2592f29da9f59f5d9cff7947b5bb4f734805085c327dcffaa", size = 249332, upload-time = "2025-11-10T00:10:54.35Z" }, + { url = "https://files.pythonhosted.org/packages/54/90/25fc343e4ce35514262451456de0953bcae5b37dda248aed50ee51234cee/coverage-7.11.3-cp311-cp311-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:d60bf4d7f886989ddf80e121a7f4d140d9eac91f1d2385ce8eb6bda93d563297", size = 251443, upload-time = "2025-11-10T00:10:55.832Z" }, + { url = "https://files.pythonhosted.org/packages/13/56/bc02bbc890fd8b155a64285c93e2ab38647486701ac9c980d457cdae857a/coverage-7.11.3-cp311-cp311-manylinux_2_31_riscv64.manylinux_2_39_riscv64.whl", hash = "sha256:c0a3b6e32457535df0d41d2d895da46434706dd85dbaf53fbc0d3bd7d914b362", size = 247554, upload-time = "2025-11-10T00:10:57.829Z" }, + { url = "https://files.pythonhosted.org/packages/0f/ab/0318888d091d799a82d788c1e8d8bd280f1d5c41662bbb6e11187efe33e8/coverage-7.11.3-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:876a3ee7fd2613eb79602e4cdb39deb6b28c186e76124c3f29e580099ec21a87", size = 249139, upload-time = "2025-11-10T00:10:59.465Z" }, + { url = "https://files.pythonhosted.org/packages/79/d8/3ee50929c4cd36fcfcc0f45d753337001001116c8a5b8dd18d27ea645737/coverage-7.11.3-cp311-cp311-musllinux_1_2_i686.whl", hash = "sha256:a730cd0824e8083989f304e97b3f884189efb48e2151e07f57e9e138ab104200", size = 247209, upload-time = "2025-11-10T00:11:01.432Z" }, + { url = "https://files.pythonhosted.org/packages/94/7c/3cf06e327401c293e60c962b4b8a2ceb7167c1a428a02be3adbd1d7c7e4c/coverage-7.11.3-cp311-cp311-musllinux_1_2_riscv64.whl", hash = "sha256:b5cd111d3ab7390be0c07ad839235d5ad54d2ca497b5f5db86896098a77180a4", size = 246936, upload-time = "2025-11-10T00:11:02.964Z" }, + { url = "https://files.pythonhosted.org/packages/99/0b/ffc03dc8f4083817900fd367110015ef4dd227b37284104a5eb5edc9c106/coverage-7.11.3-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:074e6a5cd38e06671580b4d872c1a67955d4e69639e4b04e87fc03b494c1f060", size = 247835, upload-time = "2025-11-10T00:11:04.405Z" }, + { url = "https://files.pythonhosted.org/packages/17/4d/dbe54609ee066553d0bcdcdf108b177c78dab836292bee43f96d6a5674d1/coverage-7.11.3-cp311-cp311-win32.whl", hash = "sha256:86d27d2dd7c7c5a44710565933c7dc9cd70e65ef97142e260d16d555667deef7", size = 218994, upload-time = "2025-11-10T00:11:05.966Z" }, + { url = "https://files.pythonhosted.org/packages/94/11/8e7155df53f99553ad8114054806c01a2c0b08f303ea7e38b9831652d83d/coverage-7.11.3-cp311-cp311-win_amd64.whl", hash = "sha256:ca90ef33a152205fb6f2f0c1f3e55c50df4ef049bb0940ebba666edd4cdebc55", size = 219926, upload-time = "2025-11-10T00:11:07.936Z" }, + { url = "https://files.pythonhosted.org/packages/1f/93/bea91b6a9e35d89c89a1cd5824bc72e45151a9c2a9ca0b50d9e9a85e3ae3/coverage-7.11.3-cp311-cp311-win_arm64.whl", hash = "sha256:56f909a40d68947ef726ce6a34eb38f0ed241ffbe55c5007c64e616663bcbafc", size = 218599, upload-time = "2025-11-10T00:11:09.578Z" }, + { url = "https://files.pythonhosted.org/packages/c2/39/af056ec7a27c487e25c7f6b6e51d2ee9821dba1863173ddf4dc2eebef4f7/coverage-7.11.3-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:5b771b59ac0dfb7f139f70c85b42717ef400a6790abb6475ebac1ecee8de782f", size = 216676, upload-time = "2025-11-10T00:11:11.566Z" }, + { url = "https://files.pythonhosted.org/packages/3c/f8/21126d34b174d037b5d01bea39077725cbb9a0da94a95c5f96929c695433/coverage-7.11.3-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:603c4414125fc9ae9000f17912dcfd3d3eb677d4e360b85206539240c96ea76e", size = 217034, upload-time = "2025-11-10T00:11:13.12Z" }, + { url = "https://files.pythonhosted.org/packages/d5/3f/0fd35f35658cdd11f7686303214bd5908225838f374db47f9e457c8d6df8/coverage-7.11.3-cp312-cp312-manylinux1_i686.manylinux_2_28_i686.manylinux_2_5_i686.whl", hash = "sha256:77ffb3b7704eb7b9b3298a01fe4509cef70117a52d50bcba29cffc5f53dd326a", size = 248531, upload-time = "2025-11-10T00:11:15.023Z" }, + { url = "https://files.pythonhosted.org/packages/8f/59/0bfc5900fc15ce4fd186e092451de776bef244565c840c9c026fd50857e1/coverage-7.11.3-cp312-cp312-manylinux1_x86_64.manylinux_2_28_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:4d4ca49f5ba432b0755ebb0fc3a56be944a19a16bb33802264bbc7311622c0d1", size = 251290, upload-time = "2025-11-10T00:11:16.628Z" }, + { url = "https://files.pythonhosted.org/packages/71/88/d5c184001fa2ac82edf1b8f2cd91894d2230d7c309e937c54c796176e35b/coverage-7.11.3-cp312-cp312-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:05fd3fb6edff0c98874d752013588836f458261e5eba587afe4c547bba544afd", size = 252375, upload-time = "2025-11-10T00:11:18.249Z" }, + { url = "https://files.pythonhosted.org/packages/5c/29/f60af9f823bf62c7a00ce1ac88441b9a9a467e499493e5cc65028c8b8dd2/coverage-7.11.3-cp312-cp312-manylinux_2_31_riscv64.manylinux_2_39_riscv64.whl", hash = "sha256:0e920567f8c3a3ce68ae5a42cf7c2dc4bb6cc389f18bff2235dd8c03fa405de5", size = 248946, upload-time = "2025-11-10T00:11:20.202Z" }, + { url = "https://files.pythonhosted.org/packages/67/16/4662790f3b1e03fce5280cad93fd18711c35980beb3c6f28dca41b5230c6/coverage-7.11.3-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:4bec8c7160688bd5a34e65c82984b25409563134d63285d8943d0599efbc448e", size = 250310, upload-time = "2025-11-10T00:11:21.689Z" }, + { url = "https://files.pythonhosted.org/packages/8f/75/dd6c2e28308a83e5fc1ee602f8204bd3aa5af685c104cb54499230cf56db/coverage-7.11.3-cp312-cp312-musllinux_1_2_i686.whl", hash = "sha256:adb9b7b42c802bd8cb3927de8c1c26368ce50c8fdaa83a9d8551384d77537044", size = 248461, upload-time = "2025-11-10T00:11:23.384Z" }, + { url = "https://files.pythonhosted.org/packages/16/fe/b71af12be9f59dc9eb060688fa19a95bf3223f56c5af1e9861dfa2275d2c/coverage-7.11.3-cp312-cp312-musllinux_1_2_riscv64.whl", hash = "sha256:c8f563b245b4ddb591e99f28e3cd140b85f114b38b7f95b2e42542f0603eb7d7", size = 248039, upload-time = "2025-11-10T00:11:25.07Z" }, + { url = "https://files.pythonhosted.org/packages/11/b8/023b2003a2cd96bdf607afe03d9b96c763cab6d76e024abe4473707c4eb8/coverage-7.11.3-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:e2a96fdc7643c9517a317553aca13b5cae9bad9a5f32f4654ce247ae4d321405", size = 249903, upload-time = "2025-11-10T00:11:26.992Z" }, + { url = "https://files.pythonhosted.org/packages/d6/ee/5f1076311aa67b1fa4687a724cc044346380e90ce7d94fec09fd384aa5fd/coverage-7.11.3-cp312-cp312-win32.whl", hash = "sha256:e8feeb5e8705835f0622af0fe7ff8d5cb388948454647086494d6c41ec142c2e", size = 219201, upload-time = "2025-11-10T00:11:28.619Z" }, + { url = "https://files.pythonhosted.org/packages/4f/24/d21688f48fe9fcc778956680fd5aaf69f4e23b245b7c7a4755cbd421d25b/coverage-7.11.3-cp312-cp312-win_amd64.whl", hash = "sha256:abb903ffe46bd319d99979cdba350ae7016759bb69f47882242f7b93f3356055", size = 220012, upload-time = "2025-11-10T00:11:30.234Z" }, + { url = "https://files.pythonhosted.org/packages/4f/9e/d5eb508065f291456378aa9b16698b8417d87cb084c2b597f3beb00a8084/coverage-7.11.3-cp312-cp312-win_arm64.whl", hash = "sha256:1451464fd855d9bd000c19b71bb7dafea9ab815741fb0bd9e813d9b671462d6f", size = 218652, upload-time = "2025-11-10T00:11:32.165Z" }, + { url = "https://files.pythonhosted.org/packages/6d/f6/d8572c058211c7d976f24dab71999a565501fb5b3cdcb59cf782f19c4acb/coverage-7.11.3-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:84b892e968164b7a0498ddc5746cdf4e985700b902128421bb5cec1080a6ee36", size = 216694, upload-time = "2025-11-10T00:11:34.296Z" }, + { url = "https://files.pythonhosted.org/packages/4a/f6/b6f9764d90c0ce1bce8d995649fa307fff21f4727b8d950fa2843b7b0de5/coverage-7.11.3-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:f761dbcf45e9416ec4698e1a7649248005f0064ce3523a47402d1bff4af2779e", size = 217065, upload-time = "2025-11-10T00:11:36.281Z" }, + { url = "https://files.pythonhosted.org/packages/a5/8d/a12cb424063019fd077b5be474258a0ed8369b92b6d0058e673f0a945982/coverage-7.11.3-cp313-cp313-manylinux1_i686.manylinux_2_28_i686.manylinux_2_5_i686.whl", hash = "sha256:1410bac9e98afd9623f53876fae7d8a5db9f5a0ac1c9e7c5188463cb4b3212e2", size = 248062, upload-time = "2025-11-10T00:11:37.903Z" }, + { url = "https://files.pythonhosted.org/packages/7f/9c/dab1a4e8e75ce053d14259d3d7485d68528a662e286e184685ea49e71156/coverage-7.11.3-cp313-cp313-manylinux1_x86_64.manylinux_2_28_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:004cdcea3457c0ea3233622cd3464c1e32ebba9b41578421097402bee6461b63", size = 250657, upload-time = "2025-11-10T00:11:39.509Z" }, + { url = "https://files.pythonhosted.org/packages/3f/89/a14f256438324f33bae36f9a1a7137729bf26b0a43f5eda60b147ec7c8c7/coverage-7.11.3-cp313-cp313-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:8f067ada2c333609b52835ca4d4868645d3b63ac04fb2b9a658c55bba7f667d3", size = 251900, upload-time = "2025-11-10T00:11:41.372Z" }, + { url = "https://files.pythonhosted.org/packages/04/07/75b0d476eb349f1296486b1418b44f2d8780cc8db47493de3755e5340076/coverage-7.11.3-cp313-cp313-manylinux_2_31_riscv64.manylinux_2_39_riscv64.whl", hash = "sha256:07bc7745c945a6d95676953e86ba7cebb9f11de7773951c387f4c07dc76d03f5", size = 248254, upload-time = "2025-11-10T00:11:43.27Z" }, + { url = "https://files.pythonhosted.org/packages/5a/4b/0c486581fa72873489ca092c52792d008a17954aa352809a7cbe6cf0bf07/coverage-7.11.3-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:8bba7e4743e37484ae17d5c3b8eb1ce78b564cb91b7ace2e2182b25f0f764cb5", size = 250041, upload-time = "2025-11-10T00:11:45.274Z" }, + { url = "https://files.pythonhosted.org/packages/af/a3/0059dafb240ae3e3291f81b8de00e9c511d3dd41d687a227dd4b529be591/coverage-7.11.3-cp313-cp313-musllinux_1_2_i686.whl", hash = "sha256:fbffc22d80d86fbe456af9abb17f7a7766e7b2101f7edaacc3535501691563f7", size = 248004, upload-time = "2025-11-10T00:11:46.93Z" }, + { url = "https://files.pythonhosted.org/packages/83/93/967d9662b1eb8c7c46917dcc7e4c1875724ac3e73c3cb78e86d7a0ac719d/coverage-7.11.3-cp313-cp313-musllinux_1_2_riscv64.whl", hash = "sha256:0dba4da36730e384669e05b765a2c49f39514dd3012fcc0398dd66fba8d746d5", size = 247828, upload-time = "2025-11-10T00:11:48.563Z" }, + { url = "https://files.pythonhosted.org/packages/4c/1c/5077493c03215701e212767e470b794548d817dfc6247a4718832cc71fac/coverage-7.11.3-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:ae12fe90b00b71a71b69f513773310782ce01d5f58d2ceb2b7c595ab9d222094", size = 249588, upload-time = "2025-11-10T00:11:50.581Z" }, + { url = "https://files.pythonhosted.org/packages/7f/a5/77f64de461016e7da3e05d7d07975c89756fe672753e4cf74417fc9b9052/coverage-7.11.3-cp313-cp313-win32.whl", hash = "sha256:12d821de7408292530b0d241468b698bce18dd12ecaf45316149f53877885f8c", size = 219223, upload-time = "2025-11-10T00:11:52.184Z" }, + { url = "https://files.pythonhosted.org/packages/ed/1c/ec51a3c1a59d225b44bdd3a4d463135b3159a535c2686fac965b698524f4/coverage-7.11.3-cp313-cp313-win_amd64.whl", hash = "sha256:6bb599052a974bb6cedfa114f9778fedfad66854107cf81397ec87cb9b8fbcf2", size = 220033, upload-time = "2025-11-10T00:11:53.871Z" }, + { url = "https://files.pythonhosted.org/packages/01/ec/e0ce39746ed558564c16f2cc25fa95ce6fc9fa8bfb3b9e62855d4386b886/coverage-7.11.3-cp313-cp313-win_arm64.whl", hash = "sha256:bb9d7efdb063903b3fdf77caec7b77c3066885068bdc0d44bc1b0c171033f944", size = 218661, upload-time = "2025-11-10T00:11:55.597Z" }, + { url = "https://files.pythonhosted.org/packages/46/cb/483f130bc56cbbad2638248915d97b185374d58b19e3cc3107359715949f/coverage-7.11.3-cp313-cp313t-macosx_10_13_x86_64.whl", hash = "sha256:fb58da65e3339b3dbe266b607bb936efb983d86b00b03eb04c4ad5b442c58428", size = 217389, upload-time = "2025-11-10T00:11:57.59Z" }, + { url = "https://files.pythonhosted.org/packages/cb/ae/81f89bae3afef75553cf10e62feb57551535d16fd5859b9ee5a2a97ddd27/coverage-7.11.3-cp313-cp313t-macosx_11_0_arm64.whl", hash = "sha256:8d16bbe566e16a71d123cd66382c1315fcd520c7573652a8074a8fe281b38c6a", size = 217742, upload-time = "2025-11-10T00:11:59.519Z" }, + { url = "https://files.pythonhosted.org/packages/db/6e/a0fb897041949888191a49c36afd5c6f5d9f5fd757e0b0cd99ec198a324b/coverage-7.11.3-cp313-cp313t-manylinux1_i686.manylinux_2_28_i686.manylinux_2_5_i686.whl", hash = "sha256:a8258f10059b5ac837232c589a350a2df4a96406d6d5f2a09ec587cbdd539655", size = 259049, upload-time = "2025-11-10T00:12:01.592Z" }, + { url = "https://files.pythonhosted.org/packages/d9/b6/d13acc67eb402d91eb94b9bd60593411799aed09ce176ee8d8c0e39c94ca/coverage-7.11.3-cp313-cp313t-manylinux1_x86_64.manylinux_2_28_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:4c5627429f7fbff4f4131cfdd6abd530734ef7761116811a707b88b7e205afd7", size = 261113, upload-time = "2025-11-10T00:12:03.639Z" }, + { url = "https://files.pythonhosted.org/packages/ea/07/a6868893c48191d60406df4356aa7f0f74e6de34ef1f03af0d49183e0fa1/coverage-7.11.3-cp313-cp313t-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:465695268414e149bab754c54b0c45c8ceda73dd4a5c3ba255500da13984b16d", size = 263546, upload-time = "2025-11-10T00:12:05.485Z" }, + { url = "https://files.pythonhosted.org/packages/24/e5/28598f70b2c1098332bac47925806353b3313511d984841111e6e760c016/coverage-7.11.3-cp313-cp313t-manylinux_2_31_riscv64.manylinux_2_39_riscv64.whl", hash = "sha256:4ebcddfcdfb4c614233cff6e9a3967a09484114a8b2e4f2c7a62dc83676ba13f", size = 258260, upload-time = "2025-11-10T00:12:07.137Z" }, + { url = "https://files.pythonhosted.org/packages/0e/58/58e2d9e6455a4ed746a480c4b9cf96dc3cb2a6b8f3efbee5efd33ae24b06/coverage-7.11.3-cp313-cp313t-musllinux_1_2_aarch64.whl", hash = "sha256:13b2066303a1c1833c654d2af0455bb009b6e1727b3883c9964bc5c2f643c1d0", size = 261121, upload-time = "2025-11-10T00:12:09.138Z" }, + { url = "https://files.pythonhosted.org/packages/17/57/38803eefb9b0409934cbc5a14e3978f0c85cb251d2b6f6a369067a7105a0/coverage-7.11.3-cp313-cp313t-musllinux_1_2_i686.whl", hash = "sha256:d8750dd20362a1b80e3cf84f58013d4672f89663aee457ea59336df50fab6739", size = 258736, upload-time = "2025-11-10T00:12:11.195Z" }, + { url = "https://files.pythonhosted.org/packages/a8/f3/f94683167156e93677b3442be1d4ca70cb33718df32a2eea44a5898f04f6/coverage-7.11.3-cp313-cp313t-musllinux_1_2_riscv64.whl", hash = "sha256:ab6212e62ea0e1006531a2234e209607f360d98d18d532c2fa8e403c1afbdd71", size = 257625, upload-time = "2025-11-10T00:12:12.843Z" }, + { url = "https://files.pythonhosted.org/packages/87/ed/42d0bf1bc6bfa7d65f52299a31daaa866b4c11000855d753857fe78260ac/coverage-7.11.3-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:a6b17c2b5e0b9bb7702449200f93e2d04cb04b1414c41424c08aa1e5d352da76", size = 259827, upload-time = "2025-11-10T00:12:15.128Z" }, + { url = "https://files.pythonhosted.org/packages/d3/76/5682719f5d5fbedb0c624c9851ef847407cae23362deb941f185f489c54e/coverage-7.11.3-cp313-cp313t-win32.whl", hash = "sha256:426559f105f644b69290ea414e154a0d320c3ad8a2bb75e62884731f69cf8e2c", size = 219897, upload-time = "2025-11-10T00:12:17.274Z" }, + { url = "https://files.pythonhosted.org/packages/10/e0/1da511d0ac3d39e6676fa6cc5ec35320bbf1cebb9b24e9ee7548ee4e931a/coverage-7.11.3-cp313-cp313t-win_amd64.whl", hash = "sha256:90a96fcd824564eae6137ec2563bd061d49a32944858d4bdbae5c00fb10e76ac", size = 220959, upload-time = "2025-11-10T00:12:19.292Z" }, + { url = "https://files.pythonhosted.org/packages/e5/9d/e255da6a04e9ec5f7b633c54c0fdfa221a9e03550b67a9c83217de12e96c/coverage-7.11.3-cp313-cp313t-win_arm64.whl", hash = "sha256:1e33d0bebf895c7a0905fcfaff2b07ab900885fc78bba2a12291a2cfbab014cc", size = 219234, upload-time = "2025-11-10T00:12:21.251Z" }, + { url = "https://files.pythonhosted.org/packages/84/d6/634ec396e45aded1772dccf6c236e3e7c9604bc47b816e928f32ce7987d1/coverage-7.11.3-cp314-cp314-macosx_10_15_x86_64.whl", hash = "sha256:fdc5255eb4815babcdf236fa1a806ccb546724c8a9b129fd1ea4a5448a0bf07c", size = 216746, upload-time = "2025-11-10T00:12:23.089Z" }, + { url = "https://files.pythonhosted.org/packages/28/76/1079547f9d46f9c7c7d0dad35b6873c98bc5aa721eeabceafabd722cd5e7/coverage-7.11.3-cp314-cp314-macosx_11_0_arm64.whl", hash = "sha256:fe3425dc6021f906c6325d3c415e048e7cdb955505a94f1eb774dafc779ba203", size = 217077, upload-time = "2025-11-10T00:12:24.863Z" }, + { url = "https://files.pythonhosted.org/packages/2d/71/6ad80d6ae0d7cb743b9a98df8bb88b1ff3dc54491508a4a97549c2b83400/coverage-7.11.3-cp314-cp314-manylinux1_i686.manylinux_2_28_i686.manylinux_2_5_i686.whl", hash = "sha256:4ca5f876bf41b24378ee67c41d688155f0e54cdc720de8ef9ad6544005899240", size = 248122, upload-time = "2025-11-10T00:12:26.553Z" }, + { url = "https://files.pythonhosted.org/packages/20/1d/784b87270784b0b88e4beec9d028e8d58f73ae248032579c63ad2ac6f69a/coverage-7.11.3-cp314-cp314-manylinux1_x86_64.manylinux_2_28_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:9061a3e3c92b27fd8036dafa26f25d95695b6aa2e4514ab16a254f297e664f83", size = 250638, upload-time = "2025-11-10T00:12:28.555Z" }, + { url = "https://files.pythonhosted.org/packages/f5/26/b6dd31e23e004e9de84d1a8672cd3d73e50f5dae65dbd0f03fa2cdde6100/coverage-7.11.3-cp314-cp314-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:abcea3b5f0dc44e1d01c27090bc32ce6ffb7aa665f884f1890710454113ea902", size = 251972, upload-time = "2025-11-10T00:12:30.246Z" }, + { url = "https://files.pythonhosted.org/packages/c9/ef/f9c64d76faac56b82daa036b34d4fe9ab55eb37f22062e68e9470583e688/coverage-7.11.3-cp314-cp314-manylinux_2_31_riscv64.manylinux_2_39_riscv64.whl", hash = "sha256:68c4eb92997dbaaf839ea13527be463178ac0ddd37a7ac636b8bc11a51af2428", size = 248147, upload-time = "2025-11-10T00:12:32.195Z" }, + { url = "https://files.pythonhosted.org/packages/b6/eb/5b666f90a8f8053bd264a1ce693d2edef2368e518afe70680070fca13ecd/coverage-7.11.3-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:149eccc85d48c8f06547534068c41d69a1a35322deaa4d69ba1561e2e9127e75", size = 249995, upload-time = "2025-11-10T00:12:33.969Z" }, + { url = "https://files.pythonhosted.org/packages/eb/7b/871e991ffb5d067f8e67ffb635dabba65b231d6e0eb724a4a558f4a702a5/coverage-7.11.3-cp314-cp314-musllinux_1_2_i686.whl", hash = "sha256:08c0bcf932e47795c49f0406054824b9d45671362dfc4269e0bc6e4bff010704", size = 247948, upload-time = "2025-11-10T00:12:36.341Z" }, + { url = "https://files.pythonhosted.org/packages/0a/8b/ce454f0af9609431b06dbe5485fc9d1c35ddc387e32ae8e374f49005748b/coverage-7.11.3-cp314-cp314-musllinux_1_2_riscv64.whl", hash = "sha256:39764c6167c82d68a2d8c97c33dba45ec0ad9172570860e12191416f4f8e6e1b", size = 247770, upload-time = "2025-11-10T00:12:38.167Z" }, + { url = "https://files.pythonhosted.org/packages/61/8f/79002cb58a61dfbd2085de7d0a46311ef2476823e7938db80284cedd2428/coverage-7.11.3-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:3224c7baf34e923ffc78cb45e793925539d640d42c96646db62dbd61bbcfa131", size = 249431, upload-time = "2025-11-10T00:12:40.354Z" }, + { url = "https://files.pythonhosted.org/packages/58/cc/d06685dae97468ed22999440f2f2f5060940ab0e7952a7295f236d98cce7/coverage-7.11.3-cp314-cp314-win32.whl", hash = "sha256:c713c1c528284d636cd37723b0b4c35c11190da6f932794e145fc40f8210a14a", size = 219508, upload-time = "2025-11-10T00:12:42.231Z" }, + { url = "https://files.pythonhosted.org/packages/5f/ed/770cd07706a3598c545f62d75adf2e5bd3791bffccdcf708ec383ad42559/coverage-7.11.3-cp314-cp314-win_amd64.whl", hash = "sha256:c381a252317f63ca0179d2c7918e83b99a4ff3101e1b24849b999a00f9cd4f86", size = 220325, upload-time = "2025-11-10T00:12:44.065Z" }, + { url = "https://files.pythonhosted.org/packages/ee/ac/6a1c507899b6fb1b9a56069954365f655956bcc648e150ce64c2b0ecbed8/coverage-7.11.3-cp314-cp314-win_arm64.whl", hash = "sha256:3e33a968672be1394eded257ec10d4acbb9af2ae263ba05a99ff901bb863557e", size = 218899, upload-time = "2025-11-10T00:12:46.18Z" }, + { url = "https://files.pythonhosted.org/packages/9a/58/142cd838d960cd740654d094f7b0300d7b81534bb7304437d2439fb685fb/coverage-7.11.3-cp314-cp314t-macosx_10_15_x86_64.whl", hash = "sha256:f9c96a29c6d65bd36a91f5634fef800212dff69dacdb44345c4c9783943ab0df", size = 217471, upload-time = "2025-11-10T00:12:48.392Z" }, + { url = "https://files.pythonhosted.org/packages/bc/2c/2f44d39eb33e41ab3aba80571daad32e0f67076afcf27cb443f9e5b5a3ee/coverage-7.11.3-cp314-cp314t-macosx_11_0_arm64.whl", hash = "sha256:2ec27a7a991d229213c8070d31e3ecf44d005d96a9edc30c78eaeafaa421c001", size = 217742, upload-time = "2025-11-10T00:12:50.182Z" }, + { url = "https://files.pythonhosted.org/packages/32/76/8ebc66c3c699f4de3174a43424c34c086323cd93c4930ab0f835731c443a/coverage-7.11.3-cp314-cp314t-manylinux1_i686.manylinux_2_28_i686.manylinux_2_5_i686.whl", hash = "sha256:72c8b494bd20ae1c58528b97c4a67d5cfeafcb3845c73542875ecd43924296de", size = 259120, upload-time = "2025-11-10T00:12:52.451Z" }, + { url = "https://files.pythonhosted.org/packages/19/89/78a3302b9595f331b86e4f12dfbd9252c8e93d97b8631500888f9a3a2af7/coverage-7.11.3-cp314-cp314t-manylinux1_x86_64.manylinux_2_28_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:60ca149a446da255d56c2a7a813b51a80d9497a62250532598d249b3cdb1a926", size = 261229, upload-time = "2025-11-10T00:12:54.667Z" }, + { url = "https://files.pythonhosted.org/packages/07/59/1a9c0844dadef2a6efac07316d9781e6c5a3f3ea7e5e701411e99d619bfd/coverage-7.11.3-cp314-cp314t-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:eb5069074db19a534de3859c43eec78e962d6d119f637c41c8e028c5ab3f59dd", size = 263642, upload-time = "2025-11-10T00:12:56.841Z" }, + { url = "https://files.pythonhosted.org/packages/37/86/66c15d190a8e82eee777793cabde730640f555db3c020a179625a2ad5320/coverage-7.11.3-cp314-cp314t-manylinux_2_31_riscv64.manylinux_2_39_riscv64.whl", hash = "sha256:ac5d5329c9c942bbe6295f4251b135d860ed9f86acd912d418dce186de7c19ac", size = 258193, upload-time = "2025-11-10T00:12:58.687Z" }, + { url = "https://files.pythonhosted.org/packages/c7/c7/4a4aeb25cb6f83c3ec4763e5f7cc78da1c6d4ef9e22128562204b7f39390/coverage-7.11.3-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:e22539b676fafba17f0a90ac725f029a309eb6e483f364c86dcadee060429d46", size = 261107, upload-time = "2025-11-10T00:13:00.502Z" }, + { url = "https://files.pythonhosted.org/packages/ed/91/b986b5035f23cf0272446298967ecdd2c3c0105ee31f66f7e6b6948fd7f8/coverage-7.11.3-cp314-cp314t-musllinux_1_2_i686.whl", hash = "sha256:2376e8a9c889016f25472c452389e98bc6e54a19570b107e27cde9d47f387b64", size = 258717, upload-time = "2025-11-10T00:13:02.747Z" }, + { url = "https://files.pythonhosted.org/packages/f0/c7/6c084997f5a04d050c513545d3344bfa17bd3b67f143f388b5757d762b0b/coverage-7.11.3-cp314-cp314t-musllinux_1_2_riscv64.whl", hash = "sha256:4234914b8c67238a3c4af2bba648dc716aa029ca44d01f3d51536d44ac16854f", size = 257541, upload-time = "2025-11-10T00:13:04.689Z" }, + { url = "https://files.pythonhosted.org/packages/3b/c5/38e642917e406930cb67941210a366ccffa767365c8f8d9ec0f465a8b218/coverage-7.11.3-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:f0b4101e2b3c6c352ff1f70b3a6fcc7c17c1ab1a91ccb7a33013cb0782af9820", size = 259872, upload-time = "2025-11-10T00:13:06.559Z" }, + { url = "https://files.pythonhosted.org/packages/b7/67/5e812979d20c167f81dbf9374048e0193ebe64c59a3d93d7d947b07865fa/coverage-7.11.3-cp314-cp314t-win32.whl", hash = "sha256:305716afb19133762e8cf62745c46c4853ad6f9eeba54a593e373289e24ea237", size = 220289, upload-time = "2025-11-10T00:13:08.635Z" }, + { url = "https://files.pythonhosted.org/packages/24/3a/b72573802672b680703e0df071faadfab7dcd4d659aaaffc4626bc8bbde8/coverage-7.11.3-cp314-cp314t-win_amd64.whl", hash = "sha256:9245bd392572b9f799261c4c9e7216bafc9405537d0f4ce3ad93afe081a12dc9", size = 221398, upload-time = "2025-11-10T00:13:10.734Z" }, + { url = "https://files.pythonhosted.org/packages/f8/4e/649628f28d38bad81e4e8eb3f78759d20ac173e3c456ac629123815feb40/coverage-7.11.3-cp314-cp314t-win_arm64.whl", hash = "sha256:9a1d577c20b4334e5e814c3d5fe07fa4a8c3ae42a601945e8d7940bab811d0bd", size = 219435, upload-time = "2025-11-10T00:13:12.712Z" }, + { url = "https://files.pythonhosted.org/packages/19/8f/92bdd27b067204b99f396a1414d6342122f3e2663459baf787108a6b8b84/coverage-7.11.3-py3-none-any.whl", hash = "sha256:351511ae28e2509c8d8cae5311577ea7dd511ab8e746ffc8814a0896c3d33fbe", size = 208478, upload-time = "2025-11-10T00:13:14.908Z" }, +] + +[package.optional-dependencies] +toml = [ + { name = "tomli", marker = "python_full_version <= '3.11'" }, +] + +[[package]] +name = "dill" +version = "0.4.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/12/80/630b4b88364e9a8c8c5797f4602d0f76ef820909ee32f0bacb9f90654042/dill-0.4.0.tar.gz", hash = "sha256:0633f1d2df477324f53a895b02c901fb961bdbf65a17122586ea7019292cbcf0", size = 186976, upload-time = "2025-04-16T00:41:48.867Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/50/3d/9373ad9c56321fdab5b41197068e1d8c25883b3fea29dd361f9b55116869/dill-0.4.0-py3-none-any.whl", hash = "sha256:44f54bf6412c2c8464c14e8243eb163690a9800dbe2c367330883b19c7561049", size = 119668, upload-time = "2025-04-16T00:41:47.671Z" }, +] + +[[package]] +name = "exceptiongroup" +version = "1.3.0" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "typing-extensions", marker = "python_full_version < '3.11'" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/0b/9f/a65090624ecf468cdca03533906e7c69ed7588582240cfe7cc9e770b50eb/exceptiongroup-1.3.0.tar.gz", hash = "sha256:b241f5885f560bc56a59ee63ca4c6a8bfa46ae4ad651af316d4e81817bb9fd88", size = 29749, upload-time = "2025-05-10T17:42:51.123Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/36/f4/c6e662dade71f56cd2f3735141b265c3c79293c109549c1e6933b0651ffc/exceptiongroup-1.3.0-py3-none-any.whl", hash = "sha256:4d111e6e0c13d0644cad6ddaa7ed0261a0b36971f6d23e7ec9b4b9097da78a10", size = 16674, upload-time = "2025-05-10T17:42:49.33Z" }, +] + +[[package]] +name = "idna" +version = "3.11" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/6f/6d/0703ccc57f3a7233505399edb88de3cbd678da106337b9fcde432b65ed60/idna-3.11.tar.gz", hash = "sha256:795dafcc9c04ed0c1fb032c2aa73654d8e8c5023a7df64a53f39190ada629902", size = 194582, upload-time = "2025-10-12T14:55:20.501Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/0e/61/66938bbb5fc52dbdf84594873d5b51fb1f7c7794e9c0f5bd885f30bc507b/idna-3.11-py3-none-any.whl", hash = "sha256:771a87f49d9defaf64091e6e6fe9c18d4833f140bd19464795bc32d966ca37ea", size = 71008, upload-time = "2025-10-12T14:55:18.883Z" }, +] + +[[package]] +name = "iniconfig" +version = "2.3.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/72/34/14ca021ce8e5dfedc35312d08ba8bf51fdd999c576889fc2c24cb97f4f10/iniconfig-2.3.0.tar.gz", hash = "sha256:c76315c77db068650d49c5b56314774a7804df16fee4402c1f19d6d15d8c4730", size = 20503, upload-time = "2025-10-18T21:55:43.219Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/cb/b1/3846dd7f199d53cb17f49cba7e651e9ce294d8497c8c150530ed11865bb8/iniconfig-2.3.0-py3-none-any.whl", hash = "sha256:f631c04d2c48c52b84d0d0549c99ff3859c98df65b3101406327ecc7d53fbf12", size = 7484, upload-time = "2025-10-18T21:55:41.639Z" }, +] + +[[package]] +name = "isort" +version = "7.0.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/63/53/4f3c058e3bace40282876f9b553343376ee687f3c35a525dc79dbd450f88/isort-7.0.0.tar.gz", hash = "sha256:5513527951aadb3ac4292a41a16cbc50dd1642432f5e8c20057d414bdafb4187", size = 805049, upload-time = "2025-10-11T13:30:59.107Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/7f/ed/e3705d6d02b4f7aea715a353c8ce193efd0b5db13e204df895d38734c244/isort-7.0.0-py3-none-any.whl", hash = "sha256:1bcabac8bc3c36c7fb7b98a76c8abb18e0f841a3ba81decac7691008592499c1", size = 94672, upload-time = "2025-10-11T13:30:57.665Z" }, +] + +[[package]] +name = "jmespath" +version = "1.0.1" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/00/2a/e867e8531cf3e36b41201936b7fa7ba7b5702dbef42922193f05c8976cd6/jmespath-1.0.1.tar.gz", hash = "sha256:90261b206d6defd58fdd5e85f478bf633a2901798906be2ad389150c5c60edbe", size = 25843, upload-time = "2022-06-17T18:00:12.224Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/31/b4/b9b800c45527aadd64d5b442f9b932b00648617eb5d63d2c7a6587b7cafc/jmespath-1.0.1-py3-none-any.whl", hash = "sha256:02e2e4cc71b5bcab88332eebf907519190dd9e6e82107fa7f83b1003a6252980", size = 20256, upload-time = "2022-06-17T18:00:10.251Z" }, +] + +[[package]] +name = "json-cfg" +version = "0.4.2" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "kwonly-args" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/70/d8/34e37fb051be7c3b143bdb3cc5827cb52e60ee1014f4f18a190bb0237759/json-cfg-0.4.2.tar.gz", hash = "sha256:d3dd1ab30b16a3bb249b6eb35fcc42198f9656f33127e36a3fadb5e37f50d45b", size = 44930, upload-time = "2017-02-15T20:44:19.42Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/b7/f5/ecdfc00830bcbaf7743f0237cf4f3ced5511d57257408db01aa320e09458/json_cfg-0.4.2-py2.py3-none-any.whl", hash = "sha256:70c8d0a37a7133bdfa650760cc901172bffdb90cd9ac158fde70668d48b716c8", size = 36430, upload-time = "2017-02-15T20:44:17.011Z" }, +] + +[[package]] +name = "kwonly-args" +version = "1.0.10" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/ee/da/a7ba4f2153a536a895a9d29a222ee0f138d617862f9b982bd4ae33714308/kwonly-args-1.0.10.tar.gz", hash = "sha256:59c85e1fa626c0ead5438b64f10b53dda2459e0042ea24258c9dc2115979a598", size = 19947, upload-time = "2016-04-12T00:40:33.684Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/00/37/3251dc1c11f5e9c4b8fb1b3f433da4b55ec52e3fe5c14b13a2a558990260/kwonly_args-1.0.10-py2.py3-none-any.whl", hash = "sha256:3ece6ccf01113dc03fa72da3053b046fbe667d6a1277e16b1aa6397a4e72e1cb", size = 17894, upload-time = "2016-04-14T00:22:53.328Z" }, +] + +[[package]] +name = "mccabe" +version = "0.7.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/e7/ff/0ffefdcac38932a54d2b5eed4e0ba8a408f215002cd178ad1df0f2806ff8/mccabe-0.7.0.tar.gz", hash = "sha256:348e0240c33b60bbdf4e523192ef919f28cb2c3d7d5c7794f74009290f236325", size = 9658, upload-time = "2022-01-24T01:14:51.113Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/27/1a/1f68f9ba0c207934b35b86a8ca3aad8395a3d6dd7921c0686e23853ff5a9/mccabe-0.7.0-py2.py3-none-any.whl", hash = "sha256:6c2d30ab6be0e4a46919781807b4f0d834ebdd6c6e3dca0bda5a15f863427b6e", size = 7350, upload-time = "2022-01-24T01:14:49.62Z" }, +] + +[[package]] +name = "packaging" +version = "25.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/a1/d4/1fc4078c65507b51b96ca8f8c3ba19e6a61c8253c72794544580a7b6c24d/packaging-25.0.tar.gz", hash = "sha256:d443872c98d677bf60f6a1f2f8c1cb748e8fe762d2bf9d3148b5599295b0fc4f", size = 165727, upload-time = "2025-04-19T11:48:59.673Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/20/12/38679034af332785aac8774540895e234f4d07f7545804097de4b666afd8/packaging-25.0-py3-none-any.whl", hash = "sha256:29572ef2b1f17581046b3a2227d5c611fb25ec70ca1ba8554b24b0e69331a484", size = 66469, upload-time = "2025-04-19T11:48:57.875Z" }, +] + +[[package]] +name = "parliament" +version = "1.7.0" +source = { editable = "." } +dependencies = [ + { name = "boto3" }, + { name = "jmespath" }, + { name = "json-cfg" }, + { name = "pyyaml" }, +] + +[package.dev-dependencies] +dev = [ + { name = "autoflake" }, + { name = "autopep8" }, + { name = "beautifulsoup4" }, + { name = "coverage" }, + { name = "pylint" }, + { name = "pytest" }, + { name = "pytest-cov" }, + { name = "requests" }, +] + +[package.metadata] +requires-dist = [ + { name = "boto3" }, + { name = "jmespath" }, + { name = "json-cfg" }, + { name = "pyyaml" }, +] + +[package.metadata.requires-dev] +dev = [ + { name = "autoflake" }, + { name = "autopep8" }, + { name = "beautifulsoup4" }, + { name = "coverage" }, + { name = "pylint" }, + { name = "pytest" }, + { name = "pytest-cov", specifier = ">=7.0.0" }, + { name = "requests" }, +] + +[[package]] +name = "platformdirs" +version = "4.5.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/61/33/9611380c2bdb1225fdef633e2a9610622310fed35ab11dac9620972ee088/platformdirs-4.5.0.tar.gz", hash = "sha256:70ddccdd7c99fc5942e9fc25636a8b34d04c24b335100223152c2803e4063312", size = 21632, upload-time = "2025-10-08T17:44:48.791Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/73/cb/ac7874b3e5d58441674fb70742e6c374b28b0c7cb988d37d991cde47166c/platformdirs-4.5.0-py3-none-any.whl", hash = "sha256:e578a81bb873cbb89a41fcc904c7ef523cc18284b7e3b3ccf06aca1403b7ebd3", size = 18651, upload-time = "2025-10-08T17:44:47.223Z" }, +] + +[[package]] +name = "pluggy" +version = "1.6.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/f9/e2/3e91f31a7d2b083fe6ef3fa267035b518369d9511ffab804f839851d2779/pluggy-1.6.0.tar.gz", hash = "sha256:7dcc130b76258d33b90f61b658791dede3486c3e6bfb003ee5c9bfb396dd22f3", size = 69412, upload-time = "2025-05-15T12:30:07.975Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/54/20/4d324d65cc6d9205fabedc306948156824eb9f0ee1633355a8f7ec5c66bf/pluggy-1.6.0-py3-none-any.whl", hash = "sha256:e920276dd6813095e9377c0bc5566d94c932c33b27a3e3945d8389c374dd4746", size = 20538, upload-time = "2025-05-15T12:30:06.134Z" }, +] + +[[package]] +name = "pycodestyle" +version = "2.14.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/11/e0/abfd2a0d2efe47670df87f3e3a0e2edda42f055053c85361f19c0e2c1ca8/pycodestyle-2.14.0.tar.gz", hash = "sha256:c4b5b517d278089ff9d0abdec919cd97262a3367449ea1c8b49b91529167b783", size = 39472, upload-time = "2025-06-20T18:49:48.75Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/d7/27/a58ddaf8c588a3ef080db9d0b7e0b97215cee3a45df74f3a94dbbf5c893a/pycodestyle-2.14.0-py2.py3-none-any.whl", hash = "sha256:dd6bf7cb4ee77f8e016f9c8e74a35ddd9f67e1d5fd4184d86c3b98e07099f42d", size = 31594, upload-time = "2025-06-20T18:49:47.491Z" }, +] + +[[package]] +name = "pyflakes" +version = "3.4.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/45/dc/fd034dc20b4b264b3d015808458391acbf9df40b1e54750ef175d39180b1/pyflakes-3.4.0.tar.gz", hash = "sha256:b24f96fafb7d2ab0ec5075b7350b3d2d2218eab42003821c06344973d3ea2f58", size = 64669, upload-time = "2025-06-20T18:45:27.834Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/c2/2f/81d580a0fb83baeb066698975cb14a618bdbed7720678566f1b046a95fe8/pyflakes-3.4.0-py2.py3-none-any.whl", hash = "sha256:f742a7dbd0d9cb9ea41e9a24a918996e8170c799fa528688d40dd582c8265f4f", size = 63551, upload-time = "2025-06-20T18:45:26.937Z" }, +] + +[[package]] +name = "pygments" +version = "2.19.2" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/b0/77/a5b8c569bf593b0140bde72ea885a803b82086995367bf2037de0159d924/pygments-2.19.2.tar.gz", hash = "sha256:636cb2477cec7f8952536970bc533bc43743542f70392ae026374600add5b887", size = 4968631, upload-time = "2025-06-21T13:39:12.283Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/c7/21/705964c7812476f378728bdf590ca4b771ec72385c533964653c68e86bdc/pygments-2.19.2-py3-none-any.whl", hash = "sha256:86540386c03d588bb81d44bc3928634ff26449851e99741617ecb9037ee5ec0b", size = 1225217, upload-time = "2025-06-21T13:39:07.939Z" }, +] + +[[package]] +name = "pylint" +version = "4.0.2" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "astroid" }, + { name = "colorama", marker = "sys_platform == 'win32'" }, + { name = "dill" }, + { name = "isort" }, + { name = "mccabe" }, + { name = "platformdirs" }, + { name = "tomli", marker = "python_full_version < '3.11'" }, + { name = "tomlkit" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/b6/f8/2feda2bc72654811f2596e856c33c2a98225fba717df2b55c8d6a1f5cdad/pylint-4.0.2.tar.gz", hash = "sha256:9c22dfa52781d3b79ce86ab2463940f874921a3e5707bcfc98dd0c019945014e", size = 1572401, upload-time = "2025-10-20T13:02:34.975Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/1e/8b/2e814a255436fc6d604a60f1e8b8a186e05082aa3c0cabfd9330192496a2/pylint-4.0.2-py3-none-any.whl", hash = "sha256:9627ccd129893fb8ee8e8010261cb13485daca83e61a6f854a85528ee579502d", size = 536019, upload-time = "2025-10-20T13:02:32.778Z" }, +] + +[[package]] +name = "pytest" +version = "9.0.0" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "colorama", marker = "sys_platform == 'win32'" }, + { name = "exceptiongroup", marker = "python_full_version < '3.11'" }, + { name = "iniconfig" }, + { name = "packaging" }, + { name = "pluggy" }, + { name = "pygments" }, + { name = "tomli", marker = "python_full_version < '3.11'" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/da/1d/eb34f286b164c5e431a810a38697409cca1112cee04b287bb56ac486730b/pytest-9.0.0.tar.gz", hash = "sha256:8f44522eafe4137b0f35c9ce3072931a788a21ee40a2ed279e817d3cc16ed21e", size = 1562764, upload-time = "2025-11-08T17:25:33.34Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/72/99/cafef234114a3b6d9f3aaed0723b437c40c57bdb7b3e4c3a575bc4890052/pytest-9.0.0-py3-none-any.whl", hash = "sha256:e5ccdf10b0bac554970ee88fc1a4ad0ee5d221f8ef22321f9b7e4584e19d7f96", size = 373364, upload-time = "2025-11-08T17:25:31.811Z" }, +] + +[[package]] +name = "pytest-cov" +version = "7.0.0" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "coverage", extra = ["toml"] }, + { name = "pluggy" }, + { name = "pytest" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/5e/f7/c933acc76f5208b3b00089573cf6a2bc26dc80a8aece8f52bb7d6b1855ca/pytest_cov-7.0.0.tar.gz", hash = "sha256:33c97eda2e049a0c5298e91f519302a1334c26ac65c1a483d6206fd458361af1", size = 54328, upload-time = "2025-09-09T10:57:02.113Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/ee/49/1377b49de7d0c1ce41292161ea0f721913fa8722c19fb9c1e3aa0367eecb/pytest_cov-7.0.0-py3-none-any.whl", hash = "sha256:3b8e9558b16cc1479da72058bdecf8073661c7f57f7d3c5f22a1c23507f2d861", size = 22424, upload-time = "2025-09-09T10:57:00.695Z" }, +] + +[[package]] +name = "python-dateutil" +version = "2.9.0.post0" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "six" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/66/c0/0c8b6ad9f17a802ee498c46e004a0eb49bc148f2fd230864601a86dcf6db/python-dateutil-2.9.0.post0.tar.gz", hash = "sha256:37dd54208da7e1cd875388217d5e00ebd4179249f90fb72437e91a35459a0ad3", size = 342432, upload-time = "2024-03-01T18:36:20.211Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/ec/57/56b9bcc3c9c6a792fcbaf139543cee77261f3651ca9da0c93f5c1221264b/python_dateutil-2.9.0.post0-py2.py3-none-any.whl", hash = "sha256:a8b2bc7bffae282281c8140a97d3aa9c14da0b136dfe83f850eea9a5f7470427", size = 229892, upload-time = "2024-03-01T18:36:18.57Z" }, +] + +[[package]] +name = "pyyaml" +version = "6.0.3" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/05/8e/961c0007c59b8dd7729d542c61a4d537767a59645b82a0b521206e1e25c2/pyyaml-6.0.3.tar.gz", hash = "sha256:d76623373421df22fb4cf8817020cbb7ef15c725b9d5e45f17e189bfc384190f", size = 130960, upload-time = "2025-09-25T21:33:16.546Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/f4/a0/39350dd17dd6d6c6507025c0e53aef67a9293a6d37d3511f23ea510d5800/pyyaml-6.0.3-cp310-cp310-macosx_10_13_x86_64.whl", hash = "sha256:214ed4befebe12df36bcc8bc2b64b396ca31be9304b8f59e25c11cf94a4c033b", size = 184227, upload-time = "2025-09-25T21:31:46.04Z" }, + { url = "https://files.pythonhosted.org/packages/05/14/52d505b5c59ce73244f59c7a50ecf47093ce4765f116cdb98286a71eeca2/pyyaml-6.0.3-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:02ea2dfa234451bbb8772601d7b8e426c2bfa197136796224e50e35a78777956", size = 174019, upload-time = "2025-09-25T21:31:47.706Z" }, + { url = "https://files.pythonhosted.org/packages/43/f7/0e6a5ae5599c838c696adb4e6330a59f463265bfa1e116cfd1fbb0abaaae/pyyaml-6.0.3-cp310-cp310-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:b30236e45cf30d2b8e7b3e85881719e98507abed1011bf463a8fa23e9c3e98a8", size = 740646, upload-time = "2025-09-25T21:31:49.21Z" }, + { url = "https://files.pythonhosted.org/packages/2f/3a/61b9db1d28f00f8fd0ae760459a5c4bf1b941baf714e207b6eb0657d2578/pyyaml-6.0.3-cp310-cp310-manylinux2014_s390x.manylinux_2_17_s390x.manylinux_2_28_s390x.whl", hash = "sha256:66291b10affd76d76f54fad28e22e51719ef9ba22b29e1d7d03d6777a9174198", size = 840793, upload-time = "2025-09-25T21:31:50.735Z" }, + { url = "https://files.pythonhosted.org/packages/7a/1e/7acc4f0e74c4b3d9531e24739e0ab832a5edf40e64fbae1a9c01941cabd7/pyyaml-6.0.3-cp310-cp310-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:9c7708761fccb9397fe64bbc0395abcae8c4bf7b0eac081e12b809bf47700d0b", size = 770293, upload-time = "2025-09-25T21:31:51.828Z" }, + { url = "https://files.pythonhosted.org/packages/8b/ef/abd085f06853af0cd59fa5f913d61a8eab65d7639ff2a658d18a25d6a89d/pyyaml-6.0.3-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:418cf3f2111bc80e0933b2cd8cd04f286338bb88bdc7bc8e6dd775ebde60b5e0", size = 732872, upload-time = "2025-09-25T21:31:53.282Z" }, + { url = "https://files.pythonhosted.org/packages/1f/15/2bc9c8faf6450a8b3c9fc5448ed869c599c0a74ba2669772b1f3a0040180/pyyaml-6.0.3-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:5e0b74767e5f8c593e8c9b5912019159ed0533c70051e9cce3e8b6aa699fcd69", size = 758828, upload-time = "2025-09-25T21:31:54.807Z" }, + { url = "https://files.pythonhosted.org/packages/a3/00/531e92e88c00f4333ce359e50c19b8d1de9fe8d581b1534e35ccfbc5f393/pyyaml-6.0.3-cp310-cp310-win32.whl", hash = "sha256:28c8d926f98f432f88adc23edf2e6d4921ac26fb084b028c733d01868d19007e", size = 142415, upload-time = "2025-09-25T21:31:55.885Z" }, + { url = "https://files.pythonhosted.org/packages/2a/fa/926c003379b19fca39dd4634818b00dec6c62d87faf628d1394e137354d4/pyyaml-6.0.3-cp310-cp310-win_amd64.whl", hash = "sha256:bdb2c67c6c1390b63c6ff89f210c8fd09d9a1217a465701eac7316313c915e4c", size = 158561, upload-time = "2025-09-25T21:31:57.406Z" }, + { url = "https://files.pythonhosted.org/packages/6d/16/a95b6757765b7b031c9374925bb718d55e0a9ba8a1b6a12d25962ea44347/pyyaml-6.0.3-cp311-cp311-macosx_10_13_x86_64.whl", hash = "sha256:44edc647873928551a01e7a563d7452ccdebee747728c1080d881d68af7b997e", size = 185826, upload-time = "2025-09-25T21:31:58.655Z" }, + { url = "https://files.pythonhosted.org/packages/16/19/13de8e4377ed53079ee996e1ab0a9c33ec2faf808a4647b7b4c0d46dd239/pyyaml-6.0.3-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:652cb6edd41e718550aad172851962662ff2681490a8a711af6a4d288dd96824", size = 175577, upload-time = "2025-09-25T21:32:00.088Z" }, + { url = "https://files.pythonhosted.org/packages/0c/62/d2eb46264d4b157dae1275b573017abec435397aa59cbcdab6fc978a8af4/pyyaml-6.0.3-cp311-cp311-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:10892704fc220243f5305762e276552a0395f7beb4dbf9b14ec8fd43b57f126c", size = 775556, upload-time = "2025-09-25T21:32:01.31Z" }, + { url = "https://files.pythonhosted.org/packages/10/cb/16c3f2cf3266edd25aaa00d6c4350381c8b012ed6f5276675b9eba8d9ff4/pyyaml-6.0.3-cp311-cp311-manylinux2014_s390x.manylinux_2_17_s390x.manylinux_2_28_s390x.whl", hash = "sha256:850774a7879607d3a6f50d36d04f00ee69e7fc816450e5f7e58d7f17f1ae5c00", size = 882114, upload-time = "2025-09-25T21:32:03.376Z" }, + { url = "https://files.pythonhosted.org/packages/71/60/917329f640924b18ff085ab889a11c763e0b573da888e8404ff486657602/pyyaml-6.0.3-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:b8bb0864c5a28024fac8a632c443c87c5aa6f215c0b126c449ae1a150412f31d", size = 806638, upload-time = "2025-09-25T21:32:04.553Z" }, + { url = "https://files.pythonhosted.org/packages/dd/6f/529b0f316a9fd167281a6c3826b5583e6192dba792dd55e3203d3f8e655a/pyyaml-6.0.3-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:1d37d57ad971609cf3c53ba6a7e365e40660e3be0e5175fa9f2365a379d6095a", size = 767463, upload-time = "2025-09-25T21:32:06.152Z" }, + { url = "https://files.pythonhosted.org/packages/f2/6a/b627b4e0c1dd03718543519ffb2f1deea4a1e6d42fbab8021936a4d22589/pyyaml-6.0.3-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:37503bfbfc9d2c40b344d06b2199cf0e96e97957ab1c1b546fd4f87e53e5d3e4", size = 794986, upload-time = "2025-09-25T21:32:07.367Z" }, + { url = "https://files.pythonhosted.org/packages/45/91/47a6e1c42d9ee337c4839208f30d9f09caa9f720ec7582917b264defc875/pyyaml-6.0.3-cp311-cp311-win32.whl", hash = "sha256:8098f252adfa6c80ab48096053f512f2321f0b998f98150cea9bd23d83e1467b", size = 142543, upload-time = "2025-09-25T21:32:08.95Z" }, + { url = "https://files.pythonhosted.org/packages/da/e3/ea007450a105ae919a72393cb06f122f288ef60bba2dc64b26e2646fa315/pyyaml-6.0.3-cp311-cp311-win_amd64.whl", hash = "sha256:9f3bfb4965eb874431221a3ff3fdcddc7e74e3b07799e0e84ca4a0f867d449bf", size = 158763, upload-time = "2025-09-25T21:32:09.96Z" }, + { url = "https://files.pythonhosted.org/packages/d1/33/422b98d2195232ca1826284a76852ad5a86fe23e31b009c9886b2d0fb8b2/pyyaml-6.0.3-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:7f047e29dcae44602496db43be01ad42fc6f1cc0d8cd6c83d342306c32270196", size = 182063, upload-time = "2025-09-25T21:32:11.445Z" }, + { url = "https://files.pythonhosted.org/packages/89/a0/6cf41a19a1f2f3feab0e9c0b74134aa2ce6849093d5517a0c550fe37a648/pyyaml-6.0.3-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:fc09d0aa354569bc501d4e787133afc08552722d3ab34836a80547331bb5d4a0", size = 173973, upload-time = "2025-09-25T21:32:12.492Z" }, + { url = "https://files.pythonhosted.org/packages/ed/23/7a778b6bd0b9a8039df8b1b1d80e2e2ad78aa04171592c8a5c43a56a6af4/pyyaml-6.0.3-cp312-cp312-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:9149cad251584d5fb4981be1ecde53a1ca46c891a79788c0df828d2f166bda28", size = 775116, upload-time = "2025-09-25T21:32:13.652Z" }, + { url = "https://files.pythonhosted.org/packages/65/30/d7353c338e12baef4ecc1b09e877c1970bd3382789c159b4f89d6a70dc09/pyyaml-6.0.3-cp312-cp312-manylinux2014_s390x.manylinux_2_17_s390x.manylinux_2_28_s390x.whl", hash = "sha256:5fdec68f91a0c6739b380c83b951e2c72ac0197ace422360e6d5a959d8d97b2c", size = 844011, upload-time = "2025-09-25T21:32:15.21Z" }, + { url = "https://files.pythonhosted.org/packages/8b/9d/b3589d3877982d4f2329302ef98a8026e7f4443c765c46cfecc8858c6b4b/pyyaml-6.0.3-cp312-cp312-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:ba1cc08a7ccde2d2ec775841541641e4548226580ab850948cbfda66a1befcdc", size = 807870, upload-time = "2025-09-25T21:32:16.431Z" }, + { url = "https://files.pythonhosted.org/packages/05/c0/b3be26a015601b822b97d9149ff8cb5ead58c66f981e04fedf4e762f4bd4/pyyaml-6.0.3-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:8dc52c23056b9ddd46818a57b78404882310fb473d63f17b07d5c40421e47f8e", size = 761089, upload-time = "2025-09-25T21:32:17.56Z" }, + { url = "https://files.pythonhosted.org/packages/be/8e/98435a21d1d4b46590d5459a22d88128103f8da4c2d4cb8f14f2a96504e1/pyyaml-6.0.3-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:41715c910c881bc081f1e8872880d3c650acf13dfa8214bad49ed4cede7c34ea", size = 790181, upload-time = "2025-09-25T21:32:18.834Z" }, + { url = "https://files.pythonhosted.org/packages/74/93/7baea19427dcfbe1e5a372d81473250b379f04b1bd3c4c5ff825e2327202/pyyaml-6.0.3-cp312-cp312-win32.whl", hash = "sha256:96b533f0e99f6579b3d4d4995707cf36df9100d67e0c8303a0c55b27b5f99bc5", size = 137658, upload-time = "2025-09-25T21:32:20.209Z" }, + { url = "https://files.pythonhosted.org/packages/86/bf/899e81e4cce32febab4fb42bb97dcdf66bc135272882d1987881a4b519e9/pyyaml-6.0.3-cp312-cp312-win_amd64.whl", hash = "sha256:5fcd34e47f6e0b794d17de1b4ff496c00986e1c83f7ab2fb8fcfe9616ff7477b", size = 154003, upload-time = "2025-09-25T21:32:21.167Z" }, + { url = "https://files.pythonhosted.org/packages/1a/08/67bd04656199bbb51dbed1439b7f27601dfb576fb864099c7ef0c3e55531/pyyaml-6.0.3-cp312-cp312-win_arm64.whl", hash = "sha256:64386e5e707d03a7e172c0701abfb7e10f0fb753ee1d773128192742712a98fd", size = 140344, upload-time = "2025-09-25T21:32:22.617Z" }, + { url = "https://files.pythonhosted.org/packages/d1/11/0fd08f8192109f7169db964b5707a2f1e8b745d4e239b784a5a1dd80d1db/pyyaml-6.0.3-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:8da9669d359f02c0b91ccc01cac4a67f16afec0dac22c2ad09f46bee0697eba8", size = 181669, upload-time = "2025-09-25T21:32:23.673Z" }, + { url = "https://files.pythonhosted.org/packages/b1/16/95309993f1d3748cd644e02e38b75d50cbc0d9561d21f390a76242ce073f/pyyaml-6.0.3-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:2283a07e2c21a2aa78d9c4442724ec1eb15f5e42a723b99cb3d822d48f5f7ad1", size = 173252, upload-time = "2025-09-25T21:32:25.149Z" }, + { url = "https://files.pythonhosted.org/packages/50/31/b20f376d3f810b9b2371e72ef5adb33879b25edb7a6d072cb7ca0c486398/pyyaml-6.0.3-cp313-cp313-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:ee2922902c45ae8ccada2c5b501ab86c36525b883eff4255313a253a3160861c", size = 767081, upload-time = "2025-09-25T21:32:26.575Z" }, + { url = "https://files.pythonhosted.org/packages/49/1e/a55ca81e949270d5d4432fbbd19dfea5321eda7c41a849d443dc92fd1ff7/pyyaml-6.0.3-cp313-cp313-manylinux2014_s390x.manylinux_2_17_s390x.manylinux_2_28_s390x.whl", hash = "sha256:a33284e20b78bd4a18c8c2282d549d10bc8408a2a7ff57653c0cf0b9be0afce5", size = 841159, upload-time = "2025-09-25T21:32:27.727Z" }, + { url = "https://files.pythonhosted.org/packages/74/27/e5b8f34d02d9995b80abcef563ea1f8b56d20134d8f4e5e81733b1feceb2/pyyaml-6.0.3-cp313-cp313-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:0f29edc409a6392443abf94b9cf89ce99889a1dd5376d94316ae5145dfedd5d6", size = 801626, upload-time = "2025-09-25T21:32:28.878Z" }, + { url = "https://files.pythonhosted.org/packages/f9/11/ba845c23988798f40e52ba45f34849aa8a1f2d4af4b798588010792ebad6/pyyaml-6.0.3-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:f7057c9a337546edc7973c0d3ba84ddcdf0daa14533c2065749c9075001090e6", size = 753613, upload-time = "2025-09-25T21:32:30.178Z" }, + { url = "https://files.pythonhosted.org/packages/3d/e0/7966e1a7bfc0a45bf0a7fb6b98ea03fc9b8d84fa7f2229e9659680b69ee3/pyyaml-6.0.3-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:eda16858a3cab07b80edaf74336ece1f986ba330fdb8ee0d6c0d68fe82bc96be", size = 794115, upload-time = "2025-09-25T21:32:31.353Z" }, + { url = "https://files.pythonhosted.org/packages/de/94/980b50a6531b3019e45ddeada0626d45fa85cbe22300844a7983285bed3b/pyyaml-6.0.3-cp313-cp313-win32.whl", hash = "sha256:d0eae10f8159e8fdad514efdc92d74fd8d682c933a6dd088030f3834bc8e6b26", size = 137427, upload-time = "2025-09-25T21:32:32.58Z" }, + { url = "https://files.pythonhosted.org/packages/97/c9/39d5b874e8b28845e4ec2202b5da735d0199dbe5b8fb85f91398814a9a46/pyyaml-6.0.3-cp313-cp313-win_amd64.whl", hash = "sha256:79005a0d97d5ddabfeeea4cf676af11e647e41d81c9a7722a193022accdb6b7c", size = 154090, upload-time = "2025-09-25T21:32:33.659Z" }, + { url = "https://files.pythonhosted.org/packages/73/e8/2bdf3ca2090f68bb3d75b44da7bbc71843b19c9f2b9cb9b0f4ab7a5a4329/pyyaml-6.0.3-cp313-cp313-win_arm64.whl", hash = "sha256:5498cd1645aa724a7c71c8f378eb29ebe23da2fc0d7a08071d89469bf1d2defb", size = 140246, upload-time = "2025-09-25T21:32:34.663Z" }, + { url = "https://files.pythonhosted.org/packages/9d/8c/f4bd7f6465179953d3ac9bc44ac1a8a3e6122cf8ada906b4f96c60172d43/pyyaml-6.0.3-cp314-cp314-macosx_10_13_x86_64.whl", hash = "sha256:8d1fab6bb153a416f9aeb4b8763bc0f22a5586065f86f7664fc23339fc1c1fac", size = 181814, upload-time = "2025-09-25T21:32:35.712Z" }, + { url = "https://files.pythonhosted.org/packages/bd/9c/4d95bb87eb2063d20db7b60faa3840c1b18025517ae857371c4dd55a6b3a/pyyaml-6.0.3-cp314-cp314-macosx_11_0_arm64.whl", hash = "sha256:34d5fcd24b8445fadc33f9cf348c1047101756fd760b4dacb5c3e99755703310", size = 173809, upload-time = "2025-09-25T21:32:36.789Z" }, + { url = "https://files.pythonhosted.org/packages/92/b5/47e807c2623074914e29dabd16cbbdd4bf5e9b2db9f8090fa64411fc5382/pyyaml-6.0.3-cp314-cp314-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:501a031947e3a9025ed4405a168e6ef5ae3126c59f90ce0cd6f2bfc477be31b7", size = 766454, upload-time = "2025-09-25T21:32:37.966Z" }, + { url = "https://files.pythonhosted.org/packages/02/9e/e5e9b168be58564121efb3de6859c452fccde0ab093d8438905899a3a483/pyyaml-6.0.3-cp314-cp314-manylinux2014_s390x.manylinux_2_17_s390x.manylinux_2_28_s390x.whl", hash = "sha256:b3bc83488de33889877a0f2543ade9f70c67d66d9ebb4ac959502e12de895788", size = 836355, upload-time = "2025-09-25T21:32:39.178Z" }, + { url = "https://files.pythonhosted.org/packages/88/f9/16491d7ed2a919954993e48aa941b200f38040928474c9e85ea9e64222c3/pyyaml-6.0.3-cp314-cp314-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:c458b6d084f9b935061bc36216e8a69a7e293a2f1e68bf956dcd9e6cbcd143f5", size = 794175, upload-time = "2025-09-25T21:32:40.865Z" }, + { url = "https://files.pythonhosted.org/packages/dd/3f/5989debef34dc6397317802b527dbbafb2b4760878a53d4166579111411e/pyyaml-6.0.3-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:7c6610def4f163542a622a73fb39f534f8c101d690126992300bf3207eab9764", size = 755228, upload-time = "2025-09-25T21:32:42.084Z" }, + { url = "https://files.pythonhosted.org/packages/d7/ce/af88a49043cd2e265be63d083fc75b27b6ed062f5f9fd6cdc223ad62f03e/pyyaml-6.0.3-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:5190d403f121660ce8d1d2c1bb2ef1bd05b5f68533fc5c2ea899bd15f4399b35", size = 789194, upload-time = "2025-09-25T21:32:43.362Z" }, + { url = "https://files.pythonhosted.org/packages/23/20/bb6982b26a40bb43951265ba29d4c246ef0ff59c9fdcdf0ed04e0687de4d/pyyaml-6.0.3-cp314-cp314-win_amd64.whl", hash = "sha256:4a2e8cebe2ff6ab7d1050ecd59c25d4c8bd7e6f400f5f82b96557ac0abafd0ac", size = 156429, upload-time = "2025-09-25T21:32:57.844Z" }, + { url = "https://files.pythonhosted.org/packages/f4/f4/a4541072bb9422c8a883ab55255f918fa378ecf083f5b85e87fc2b4eda1b/pyyaml-6.0.3-cp314-cp314-win_arm64.whl", hash = "sha256:93dda82c9c22deb0a405ea4dc5f2d0cda384168e466364dec6255b293923b2f3", size = 143912, upload-time = "2025-09-25T21:32:59.247Z" }, + { url = "https://files.pythonhosted.org/packages/7c/f9/07dd09ae774e4616edf6cda684ee78f97777bdd15847253637a6f052a62f/pyyaml-6.0.3-cp314-cp314t-macosx_10_13_x86_64.whl", hash = "sha256:02893d100e99e03eda1c8fd5c441d8c60103fd175728e23e431db1b589cf5ab3", size = 189108, upload-time = "2025-09-25T21:32:44.377Z" }, + { url = "https://files.pythonhosted.org/packages/4e/78/8d08c9fb7ce09ad8c38ad533c1191cf27f7ae1effe5bb9400a46d9437fcf/pyyaml-6.0.3-cp314-cp314t-macosx_11_0_arm64.whl", hash = "sha256:c1ff362665ae507275af2853520967820d9124984e0f7466736aea23d8611fba", size = 183641, upload-time = "2025-09-25T21:32:45.407Z" }, + { url = "https://files.pythonhosted.org/packages/7b/5b/3babb19104a46945cf816d047db2788bcaf8c94527a805610b0289a01c6b/pyyaml-6.0.3-cp314-cp314t-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:6adc77889b628398debc7b65c073bcb99c4a0237b248cacaf3fe8a557563ef6c", size = 831901, upload-time = "2025-09-25T21:32:48.83Z" }, + { url = "https://files.pythonhosted.org/packages/8b/cc/dff0684d8dc44da4d22a13f35f073d558c268780ce3c6ba1b87055bb0b87/pyyaml-6.0.3-cp314-cp314t-manylinux2014_s390x.manylinux_2_17_s390x.manylinux_2_28_s390x.whl", hash = "sha256:a80cb027f6b349846a3bf6d73b5e95e782175e52f22108cfa17876aaeff93702", size = 861132, upload-time = "2025-09-25T21:32:50.149Z" }, + { url = "https://files.pythonhosted.org/packages/b1/5e/f77dc6b9036943e285ba76b49e118d9ea929885becb0a29ba8a7c75e29fe/pyyaml-6.0.3-cp314-cp314t-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:00c4bdeba853cc34e7dd471f16b4114f4162dc03e6b7afcc2128711f0eca823c", size = 839261, upload-time = "2025-09-25T21:32:51.808Z" }, + { url = "https://files.pythonhosted.org/packages/ce/88/a9db1376aa2a228197c58b37302f284b5617f56a5d959fd1763fb1675ce6/pyyaml-6.0.3-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:66e1674c3ef6f541c35191caae2d429b967b99e02040f5ba928632d9a7f0f065", size = 805272, upload-time = "2025-09-25T21:32:52.941Z" }, + { url = "https://files.pythonhosted.org/packages/da/92/1446574745d74df0c92e6aa4a7b0b3130706a4142b2d1a5869f2eaa423c6/pyyaml-6.0.3-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:16249ee61e95f858e83976573de0f5b2893b3677ba71c9dd36b9cf8be9ac6d65", size = 829923, upload-time = "2025-09-25T21:32:54.537Z" }, + { url = "https://files.pythonhosted.org/packages/f0/7a/1c7270340330e575b92f397352af856a8c06f230aa3e76f86b39d01b416a/pyyaml-6.0.3-cp314-cp314t-win_amd64.whl", hash = "sha256:4ad1906908f2f5ae4e5a8ddfce73c320c2a1429ec52eafd27138b7f1cbe341c9", size = 174062, upload-time = "2025-09-25T21:32:55.767Z" }, + { url = "https://files.pythonhosted.org/packages/f1/12/de94a39c2ef588c7e6455cfbe7343d3b2dc9d6b6b2f40c4c6565744c873d/pyyaml-6.0.3-cp314-cp314t-win_arm64.whl", hash = "sha256:ebc55a14a21cb14062aa4162f906cd962b28e2e9ea38f9b4391244cd8de4ae0b", size = 149341, upload-time = "2025-09-25T21:32:56.828Z" }, +] + +[[package]] +name = "requests" +version = "2.32.5" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "certifi" }, + { name = "charset-normalizer" }, + { name = "idna" }, + { name = "urllib3" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/c9/74/b3ff8e6c8446842c3f5c837e9c3dfcfe2018ea6ecef224c710c85ef728f4/requests-2.32.5.tar.gz", hash = "sha256:dbba0bac56e100853db0ea71b82b4dfd5fe2bf6d3754a8893c3af500cec7d7cf", size = 134517, upload-time = "2025-08-18T20:46:02.573Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/1e/db/4254e3eabe8020b458f1a747140d32277ec7a271daf1d235b70dc0b4e6e3/requests-2.32.5-py3-none-any.whl", hash = "sha256:2462f94637a34fd532264295e186976db0f5d453d1cdd31473c85a6a161affb6", size = 64738, upload-time = "2025-08-18T20:46:00.542Z" }, +] + +[[package]] +name = "s3transfer" +version = "0.14.0" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "botocore" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/62/74/8d69dcb7a9efe8baa2046891735e5dfe433ad558ae23d9e3c14c633d1d58/s3transfer-0.14.0.tar.gz", hash = "sha256:eff12264e7c8b4985074ccce27a3b38a485bb7f7422cc8046fee9be4983e4125", size = 151547, upload-time = "2025-09-09T19:23:31.089Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/48/f0/ae7ca09223a81a1d890b2557186ea015f6e0502e9b8cb8e1813f1d8cfa4e/s3transfer-0.14.0-py3-none-any.whl", hash = "sha256:ea3b790c7077558ed1f02a3072fb3cb992bbbd253392f4b6e9e8976941c7d456", size = 85712, upload-time = "2025-09-09T19:23:30.041Z" }, +] + +[[package]] +name = "six" +version = "1.17.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/94/e7/b2c673351809dca68a0e064b6af791aa332cf192da575fd474ed7d6f16a2/six-1.17.0.tar.gz", hash = "sha256:ff70335d468e7eb6ec65b95b99d3a2836546063f63acc5171de367e834932a81", size = 34031, upload-time = "2024-12-04T17:35:28.174Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/b7/ce/149a00dd41f10bc29e5921b496af8b574d8413afcd5e30dfa0ed46c2cc5e/six-1.17.0-py2.py3-none-any.whl", hash = "sha256:4721f391ed90541fddacab5acf947aa0d3dc7d27b2e1e8eda2be8970586c3274", size = 11050, upload-time = "2024-12-04T17:35:26.475Z" }, +] + +[[package]] +name = "soupsieve" +version = "2.8" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/6d/e6/21ccce3262dd4889aa3332e5a119a3491a95e8f60939870a3a035aabac0d/soupsieve-2.8.tar.gz", hash = "sha256:e2dd4a40a628cb5f28f6d4b0db8800b8f581b65bb380b97de22ba5ca8d72572f", size = 103472, upload-time = "2025-08-27T15:39:51.78Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/14/a0/bb38d3b76b8cae341dad93a2dd83ab7462e6dbcdd84d43f54ee60a8dc167/soupsieve-2.8-py3-none-any.whl", hash = "sha256:0cc76456a30e20f5d7f2e14a98a4ae2ee4e5abdc7c5ea0aafe795f344bc7984c", size = 36679, upload-time = "2025-08-27T15:39:50.179Z" }, +] + +[[package]] +name = "tomli" +version = "2.3.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/52/ed/3f73f72945444548f33eba9a87fc7a6e969915e7b1acc8260b30e1f76a2f/tomli-2.3.0.tar.gz", hash = "sha256:64be704a875d2a59753d80ee8a533c3fe183e3f06807ff7dc2232938ccb01549", size = 17392, upload-time = "2025-10-08T22:01:47.119Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/b3/2e/299f62b401438d5fe1624119c723f5d877acc86a4c2492da405626665f12/tomli-2.3.0-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:88bd15eb972f3664f5ed4b57c1634a97153b4bac4479dcb6a495f41921eb7f45", size = 153236, upload-time = "2025-10-08T22:01:00.137Z" }, + { url = "https://files.pythonhosted.org/packages/86/7f/d8fffe6a7aefdb61bced88fcb5e280cfd71e08939da5894161bd71bea022/tomli-2.3.0-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:883b1c0d6398a6a9d29b508c331fa56adbcdff647f6ace4dfca0f50e90dfd0ba", size = 148084, upload-time = "2025-10-08T22:01:01.63Z" }, + { url = "https://files.pythonhosted.org/packages/47/5c/24935fb6a2ee63e86d80e4d3b58b222dafaf438c416752c8b58537c8b89a/tomli-2.3.0-cp311-cp311-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:d1381caf13ab9f300e30dd8feadb3de072aeb86f1d34a8569453ff32a7dea4bf", size = 234832, upload-time = "2025-10-08T22:01:02.543Z" }, + { url = "https://files.pythonhosted.org/packages/89/da/75dfd804fc11e6612846758a23f13271b76d577e299592b4371a4ca4cd09/tomli-2.3.0-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:a0e285d2649b78c0d9027570d4da3425bdb49830a6156121360b3f8511ea3441", size = 242052, upload-time = "2025-10-08T22:01:03.836Z" }, + { url = "https://files.pythonhosted.org/packages/70/8c/f48ac899f7b3ca7eb13af73bacbc93aec37f9c954df3c08ad96991c8c373/tomli-2.3.0-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:0a154a9ae14bfcf5d8917a59b51ffd5a3ac1fd149b71b47a3a104ca4edcfa845", size = 239555, upload-time = "2025-10-08T22:01:04.834Z" }, + { url = "https://files.pythonhosted.org/packages/ba/28/72f8afd73f1d0e7829bfc093f4cb98ce0a40ffc0cc997009ee1ed94ba705/tomli-2.3.0-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:74bf8464ff93e413514fefd2be591c3b0b23231a77f901db1eb30d6f712fc42c", size = 245128, upload-time = "2025-10-08T22:01:05.84Z" }, + { url = "https://files.pythonhosted.org/packages/b6/eb/a7679c8ac85208706d27436e8d421dfa39d4c914dcf5fa8083a9305f58d9/tomli-2.3.0-cp311-cp311-win32.whl", hash = "sha256:00b5f5d95bbfc7d12f91ad8c593a1659b6387b43f054104cda404be6bda62456", size = 96445, upload-time = "2025-10-08T22:01:06.896Z" }, + { url = "https://files.pythonhosted.org/packages/0a/fe/3d3420c4cb1ad9cb462fb52967080575f15898da97e21cb6f1361d505383/tomli-2.3.0-cp311-cp311-win_amd64.whl", hash = "sha256:4dc4ce8483a5d429ab602f111a93a6ab1ed425eae3122032db7e9acf449451be", size = 107165, upload-time = "2025-10-08T22:01:08.107Z" }, + { url = "https://files.pythonhosted.org/packages/ff/b7/40f36368fcabc518bb11c8f06379a0fd631985046c038aca08c6d6a43c6e/tomli-2.3.0-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:d7d86942e56ded512a594786a5ba0a5e521d02529b3826e7761a05138341a2ac", size = 154891, upload-time = "2025-10-08T22:01:09.082Z" }, + { url = "https://files.pythonhosted.org/packages/f9/3f/d9dd692199e3b3aab2e4e4dd948abd0f790d9ded8cd10cbaae276a898434/tomli-2.3.0-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:73ee0b47d4dad1c5e996e3cd33b8a76a50167ae5f96a2607cbe8cc773506ab22", size = 148796, upload-time = "2025-10-08T22:01:10.266Z" }, + { url = "https://files.pythonhosted.org/packages/60/83/59bff4996c2cf9f9387a0f5a3394629c7efa5ef16142076a23a90f1955fa/tomli-2.3.0-cp312-cp312-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:792262b94d5d0a466afb5bc63c7daa9d75520110971ee269152083270998316f", size = 242121, upload-time = "2025-10-08T22:01:11.332Z" }, + { url = "https://files.pythonhosted.org/packages/45/e5/7c5119ff39de8693d6baab6c0b6dcb556d192c165596e9fc231ea1052041/tomli-2.3.0-cp312-cp312-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:4f195fe57ecceac95a66a75ac24d9d5fbc98ef0962e09b2eddec5d39375aae52", size = 250070, upload-time = "2025-10-08T22:01:12.498Z" }, + { url = "https://files.pythonhosted.org/packages/45/12/ad5126d3a278f27e6701abde51d342aa78d06e27ce2bb596a01f7709a5a2/tomli-2.3.0-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:e31d432427dcbf4d86958c184b9bfd1e96b5b71f8eb17e6d02531f434fd335b8", size = 245859, upload-time = "2025-10-08T22:01:13.551Z" }, + { url = "https://files.pythonhosted.org/packages/fb/a1/4d6865da6a71c603cfe6ad0e6556c73c76548557a8d658f9e3b142df245f/tomli-2.3.0-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:7b0882799624980785240ab732537fcfc372601015c00f7fc367c55308c186f6", size = 250296, upload-time = "2025-10-08T22:01:14.614Z" }, + { url = "https://files.pythonhosted.org/packages/a0/b7/a7a7042715d55c9ba6e8b196d65d2cb662578b4d8cd17d882d45322b0d78/tomli-2.3.0-cp312-cp312-win32.whl", hash = "sha256:ff72b71b5d10d22ecb084d345fc26f42b5143c5533db5e2eaba7d2d335358876", size = 97124, upload-time = "2025-10-08T22:01:15.629Z" }, + { url = "https://files.pythonhosted.org/packages/06/1e/f22f100db15a68b520664eb3328fb0ae4e90530887928558112c8d1f4515/tomli-2.3.0-cp312-cp312-win_amd64.whl", hash = "sha256:1cb4ed918939151a03f33d4242ccd0aa5f11b3547d0cf30f7c74a408a5b99878", size = 107698, upload-time = "2025-10-08T22:01:16.51Z" }, + { url = "https://files.pythonhosted.org/packages/89/48/06ee6eabe4fdd9ecd48bf488f4ac783844fd777f547b8d1b61c11939974e/tomli-2.3.0-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:5192f562738228945d7b13d4930baffda67b69425a7f0da96d360b0a3888136b", size = 154819, upload-time = "2025-10-08T22:01:17.964Z" }, + { url = "https://files.pythonhosted.org/packages/f1/01/88793757d54d8937015c75dcdfb673c65471945f6be98e6a0410fba167ed/tomli-2.3.0-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:be71c93a63d738597996be9528f4abe628d1adf5e6eb11607bc8fe1a510b5dae", size = 148766, upload-time = "2025-10-08T22:01:18.959Z" }, + { url = "https://files.pythonhosted.org/packages/42/17/5e2c956f0144b812e7e107f94f1cc54af734eb17b5191c0bbfb72de5e93e/tomli-2.3.0-cp313-cp313-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:c4665508bcbac83a31ff8ab08f424b665200c0e1e645d2bd9ab3d3e557b6185b", size = 240771, upload-time = "2025-10-08T22:01:20.106Z" }, + { url = "https://files.pythonhosted.org/packages/d5/f4/0fbd014909748706c01d16824eadb0307115f9562a15cbb012cd9b3512c5/tomli-2.3.0-cp313-cp313-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:4021923f97266babc6ccab9f5068642a0095faa0a51a246a6a02fccbb3514eaf", size = 248586, upload-time = "2025-10-08T22:01:21.164Z" }, + { url = "https://files.pythonhosted.org/packages/30/77/fed85e114bde5e81ecf9bc5da0cc69f2914b38f4708c80ae67d0c10180c5/tomli-2.3.0-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:a4ea38c40145a357d513bffad0ed869f13c1773716cf71ccaa83b0fa0cc4e42f", size = 244792, upload-time = "2025-10-08T22:01:22.417Z" }, + { url = "https://files.pythonhosted.org/packages/55/92/afed3d497f7c186dc71e6ee6d4fcb0acfa5f7d0a1a2878f8beae379ae0cc/tomli-2.3.0-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:ad805ea85eda330dbad64c7ea7a4556259665bdf9d2672f5dccc740eb9d3ca05", size = 248909, upload-time = "2025-10-08T22:01:23.859Z" }, + { url = "https://files.pythonhosted.org/packages/f8/84/ef50c51b5a9472e7265ce1ffc7f24cd4023d289e109f669bdb1553f6a7c2/tomli-2.3.0-cp313-cp313-win32.whl", hash = "sha256:97d5eec30149fd3294270e889b4234023f2c69747e555a27bd708828353ab606", size = 96946, upload-time = "2025-10-08T22:01:24.893Z" }, + { url = "https://files.pythonhosted.org/packages/b2/b7/718cd1da0884f281f95ccfa3a6cc572d30053cba64603f79d431d3c9b61b/tomli-2.3.0-cp313-cp313-win_amd64.whl", hash = "sha256:0c95ca56fbe89e065c6ead5b593ee64b84a26fca063b5d71a1122bf26e533999", size = 107705, upload-time = "2025-10-08T22:01:26.153Z" }, + { url = "https://files.pythonhosted.org/packages/19/94/aeafa14a52e16163008060506fcb6aa1949d13548d13752171a755c65611/tomli-2.3.0-cp314-cp314-macosx_10_13_x86_64.whl", hash = "sha256:cebc6fe843e0733ee827a282aca4999b596241195f43b4cc371d64fc6639da9e", size = 154244, upload-time = "2025-10-08T22:01:27.06Z" }, + { url = "https://files.pythonhosted.org/packages/db/e4/1e58409aa78eefa47ccd19779fc6f36787edbe7d4cd330eeeedb33a4515b/tomli-2.3.0-cp314-cp314-macosx_11_0_arm64.whl", hash = "sha256:4c2ef0244c75aba9355561272009d934953817c49f47d768070c3c94355c2aa3", size = 148637, upload-time = "2025-10-08T22:01:28.059Z" }, + { url = "https://files.pythonhosted.org/packages/26/b6/d1eccb62f665e44359226811064596dd6a366ea1f985839c566cd61525ae/tomli-2.3.0-cp314-cp314-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:c22a8bf253bacc0cf11f35ad9808b6cb75ada2631c2d97c971122583b129afbc", size = 241925, upload-time = "2025-10-08T22:01:29.066Z" }, + { url = "https://files.pythonhosted.org/packages/70/91/7cdab9a03e6d3d2bb11beae108da5bdc1c34bdeb06e21163482544ddcc90/tomli-2.3.0-cp314-cp314-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:0eea8cc5c5e9f89c9b90c4896a8deefc74f518db5927d0e0e8d4a80953d774d0", size = 249045, upload-time = "2025-10-08T22:01:31.98Z" }, + { url = "https://files.pythonhosted.org/packages/15/1b/8c26874ed1f6e4f1fcfeb868db8a794cbe9f227299402db58cfcc858766c/tomli-2.3.0-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:b74a0e59ec5d15127acdabd75ea17726ac4c5178ae51b85bfe39c4f8a278e879", size = 245835, upload-time = "2025-10-08T22:01:32.989Z" }, + { url = "https://files.pythonhosted.org/packages/fd/42/8e3c6a9a4b1a1360c1a2a39f0b972cef2cc9ebd56025168c4137192a9321/tomli-2.3.0-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:b5870b50c9db823c595983571d1296a6ff3e1b88f734a4c8f6fc6188397de005", size = 253109, upload-time = "2025-10-08T22:01:34.052Z" }, + { url = "https://files.pythonhosted.org/packages/22/0c/b4da635000a71b5f80130937eeac12e686eefb376b8dee113b4a582bba42/tomli-2.3.0-cp314-cp314-win32.whl", hash = "sha256:feb0dacc61170ed7ab602d3d972a58f14ee3ee60494292d384649a3dc38ef463", size = 97930, upload-time = "2025-10-08T22:01:35.082Z" }, + { url = "https://files.pythonhosted.org/packages/b9/74/cb1abc870a418ae99cd5c9547d6bce30701a954e0e721821df483ef7223c/tomli-2.3.0-cp314-cp314-win_amd64.whl", hash = "sha256:b273fcbd7fc64dc3600c098e39136522650c49bca95df2d11cf3b626422392c8", size = 107964, upload-time = "2025-10-08T22:01:36.057Z" }, + { url = "https://files.pythonhosted.org/packages/54/78/5c46fff6432a712af9f792944f4fcd7067d8823157949f4e40c56b8b3c83/tomli-2.3.0-cp314-cp314t-macosx_10_13_x86_64.whl", hash = "sha256:940d56ee0410fa17ee1f12b817b37a4d4e4dc4d27340863cc67236c74f582e77", size = 163065, upload-time = "2025-10-08T22:01:37.27Z" }, + { url = "https://files.pythonhosted.org/packages/39/67/f85d9bd23182f45eca8939cd2bc7050e1f90c41f4a2ecbbd5963a1d1c486/tomli-2.3.0-cp314-cp314t-macosx_11_0_arm64.whl", hash = "sha256:f85209946d1fe94416debbb88d00eb92ce9cd5266775424ff81bc959e001acaf", size = 159088, upload-time = "2025-10-08T22:01:38.235Z" }, + { url = "https://files.pythonhosted.org/packages/26/5a/4b546a0405b9cc0659b399f12b6adb750757baf04250b148d3c5059fc4eb/tomli-2.3.0-cp314-cp314t-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:a56212bdcce682e56b0aaf79e869ba5d15a6163f88d5451cbde388d48b13f530", size = 268193, upload-time = "2025-10-08T22:01:39.712Z" }, + { url = "https://files.pythonhosted.org/packages/42/4f/2c12a72ae22cf7b59a7fe75b3465b7aba40ea9145d026ba41cb382075b0e/tomli-2.3.0-cp314-cp314t-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:c5f3ffd1e098dfc032d4d3af5c0ac64f6d286d98bc148698356847b80fa4de1b", size = 275488, upload-time = "2025-10-08T22:01:40.773Z" }, + { url = "https://files.pythonhosted.org/packages/92/04/a038d65dbe160c3aa5a624e93ad98111090f6804027d474ba9c37c8ae186/tomli-2.3.0-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:5e01decd096b1530d97d5d85cb4dff4af2d8347bd35686654a004f8dea20fc67", size = 272669, upload-time = "2025-10-08T22:01:41.824Z" }, + { url = "https://files.pythonhosted.org/packages/be/2f/8b7c60a9d1612a7cbc39ffcca4f21a73bf368a80fc25bccf8253e2563267/tomli-2.3.0-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:8a35dd0e643bb2610f156cca8db95d213a90015c11fee76c946aa62b7ae7e02f", size = 279709, upload-time = "2025-10-08T22:01:43.177Z" }, + { url = "https://files.pythonhosted.org/packages/7e/46/cc36c679f09f27ded940281c38607716c86cf8ba4a518d524e349c8b4874/tomli-2.3.0-cp314-cp314t-win32.whl", hash = "sha256:a1f7f282fe248311650081faafa5f4732bdbfef5d45fe3f2e702fbc6f2d496e0", size = 107563, upload-time = "2025-10-08T22:01:44.233Z" }, + { url = "https://files.pythonhosted.org/packages/84/ff/426ca8683cf7b753614480484f6437f568fd2fda2edbdf57a2d3d8b27a0b/tomli-2.3.0-cp314-cp314t-win_amd64.whl", hash = "sha256:70a251f8d4ba2d9ac2542eecf008b3c8a9fc5c3f9f02c56a9d7952612be2fdba", size = 119756, upload-time = "2025-10-08T22:01:45.234Z" }, + { url = "https://files.pythonhosted.org/packages/77/b8/0135fadc89e73be292b473cb820b4f5a08197779206b33191e801feeae40/tomli-2.3.0-py3-none-any.whl", hash = "sha256:e95b1af3c5b07d9e643909b5abbec77cd9f1217e6d0bca72b0234736b9fb1f1b", size = 14408, upload-time = "2025-10-08T22:01:46.04Z" }, +] + +[[package]] +name = "tomlkit" +version = "0.13.3" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/cc/18/0bbf3884e9eaa38819ebe46a7bd25dcd56b67434402b66a58c4b8e552575/tomlkit-0.13.3.tar.gz", hash = "sha256:430cf247ee57df2b94ee3fbe588e71d362a941ebb545dec29b53961d61add2a1", size = 185207, upload-time = "2025-06-05T07:13:44.947Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/bd/75/8539d011f6be8e29f339c42e633aae3cb73bffa95dd0f9adec09b9c58e85/tomlkit-0.13.3-py3-none-any.whl", hash = "sha256:c89c649d79ee40629a9fda55f8ace8c6a1b42deb912b2a8fd8d942ddadb606b0", size = 38901, upload-time = "2025-06-05T07:13:43.546Z" }, +] + +[[package]] +name = "typing-extensions" +version = "4.15.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/72/94/1a15dd82efb362ac84269196e94cf00f187f7ed21c242792a923cdb1c61f/typing_extensions-4.15.0.tar.gz", hash = "sha256:0cea48d173cc12fa28ecabc3b837ea3cf6f38c6d1136f85cbaaf598984861466", size = 109391, upload-time = "2025-08-25T13:49:26.313Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/18/67/36e9267722cc04a6b9f15c7f3441c2363321a3ea07da7ae0c0707beb2a9c/typing_extensions-4.15.0-py3-none-any.whl", hash = "sha256:f0fa19c6845758ab08074a0cfa8b7aecb71c999ca73d62883bc25cc018c4e548", size = 44614, upload-time = "2025-08-25T13:49:24.86Z" }, +] + +[[package]] +name = "urllib3" +version = "2.5.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/15/22/9ee70a2574a4f4599c47dd506532914ce044817c7752a79b6a51286319bc/urllib3-2.5.0.tar.gz", hash = "sha256:3fc47733c7e419d4bc3f6b3dc2b4f890bb743906a30d56ba4a5bfa4bbff92760", size = 393185, upload-time = "2025-06-18T14:07:41.644Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/a7/c2/fe1e52489ae3122415c51f387e221dd0773709bad6c6cdaa599e8a2c5185/urllib3-2.5.0-py3-none-any.whl", hash = "sha256:e6b01673c0fa6a13e374b50871808eb3bf7046c4b125b216f6bf1cc604cff0dc", size = 129795, upload-time = "2025-06-18T14:07:40.39Z" }, +]