diff --git a/iamlivecore/iam_definition.json b/iamlivecore/iam_definition.json index 5c3daffb..79d4ffcc 100644 --- a/iamlivecore/iam_definition.json +++ b/iamlivecore/iam_definition.json @@ -3542,6 +3542,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "ImportBackendAuth", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to retrieve the jobs of an existing Amplify Admin backend environment by appId and backendEnvironmentName", @@ -3715,17 +3727,17 @@ }, { "condition": "apigateway:Request/ApiKeyRequired", - "description": "Filters access based on whether an API key is required or not. Available during the CreateRoute and UpdateRoute operations. Also available as a collection during import and reimport", + "description": "Filters access based on whether an API key is required or not. Available during the CreateMethod and PutMethod operations. Also available as a collection during import and reimport", "type": "ArrayOfBool" }, { "condition": "apigateway:Request/ApiName", - "description": "Filters access by API name. Available during the CreateApi and UpdateApi operations", + "description": "Filters access by API name. Available during the CreateRestApi and UpdateRestApi operations", "type": "String" }, { "condition": "apigateway:Request/AuthorizerType", - "description": "Filters access by type of authorizer in the request, for example REQUEST or JWT. Available during CreateAuthorizer and UpdateAuthorizer. Also available during import and reimport as an ArrayOfString", + "description": "Filters access by type of authorizer in the request, for example TOKEN, REQUEST, JWT. Available during CreateAuthorizer and UpdateAuthorizer. Also available during import and reimport as an ArrayOfString", "type": "ArrayOfString" }, { @@ -3735,13 +3747,13 @@ }, { "condition": "apigateway:Request/DisableExecuteApiEndpoint", - "description": "Filters access by status of the default execute-api endpoint. Available during the CreateApi and UpdateApi operations", + "description": "Filters access by status of the default execute-api endpoint. Available during the CreateRestApi and DeleteRestApi operations", "type": "Bool" }, { "condition": "apigateway:Request/EndpointType", - "description": "Filters access by endpoint type. Available during the CreateDomainName, UpdateDomainName, CreateApi, and UpdateApi operations", - "type": "String" + "description": "Filters access by endpoint type. Available during the CreateDomainName, UpdateDomainName, CreateRestApi, and UpdateRestApi operations", + "type": "ArrayOfString" }, { "condition": "apigateway:Request/MtlsTrustStoreUri", @@ -3755,7 +3767,7 @@ }, { "condition": "apigateway:Request/RouteAuthorizationType", - "description": "Filters access by authorization type, for example NONE, AWS_IAM, CUSTOM, JWT. Available during the CreateRoute and UpdateRoute operations. Also available as a collection during import", + "description": "Filters access by authorization type, for example NONE, AWS_IAM, CUSTOM, JWT, COGNITO_USER_POOLS. Available during the CreateMethod and PutMethod operations Also available as a collection during import", "type": "ArrayOfString" }, { @@ -3780,52 +3792,52 @@ }, { "condition": "apigateway:Resource/ApiKeyRequired", - "description": "Filters access based on whether an API key is required or not for the existing Route resource. Available during the UpdateRoute and DeleteRoute operations. Also available as a collection during reimport", + "description": "Filters access based on whether an API key is required or not for the existing Method resource. Available during the PutMethod and DeleteMethod operations. Also available as a collection during reimport", "type": "ArrayOfBool" }, { "condition": "apigateway:Resource/ApiName", - "description": "Filters access by API name. Available during the UpdateApi and DeleteApi operations", + "description": "Filters access by API name of the existing RestApi resource. Available during UpdateRestApi and DeleteRestApi operations", "type": "String" }, { "condition": "apigateway:Resource/AuthorizerType", - "description": "Filters access by the current type of authorizer, for example REQUEST or JWT. Available during UpdateAuthorizer and DeleteAuthorizer operations. Also available during import and reimport as an ArrayOfString", + "description": "Filters access by the current type of authorizer, for example TOKEN, REQUEST, JWT. Available during UpdateAuthorizer and DeleteAuthorizer operations. Also available during reimport as an ArrayOfString", "type": "ArrayOfString" }, { "condition": "apigateway:Resource/AuthorizerUri", - "description": "Filters access by the URI of the current Lambda authorizer associated with the current API. Available during UpdateAuthorizer and DeleteAuthorizer. Also available as a collection during reimport", + "description": "Filters access by URI of a Lambda authorizer function. Available during UpdateAuthorizer and DeleteAuthorizer operations. Also available during reimport as an ArrayOfString", "type": "ArrayOfString" }, { "condition": "apigateway:Resource/DisableExecuteApiEndpoint", - "description": "Filters access by status of the default execute-api endpoint. Available during the UpdateApi and DeleteApi operations", + "description": "Filters access by status of the default execute-api endpoint of the current RestApi resource. Available during UpdateRestApi and DeleteRestApi operations", "type": "Bool" }, { "condition": "apigateway:Resource/EndpointType", - "description": "Filters access by endpoint type. Available during the UpdateDomainName, DeleteDomainName, UpdateApi, and DeleteApi operations", - "type": "String" + "description": "Filters access by endpoint type. Available during the UpdateDomainName, DeleteDomainName, UpdateRestApi, and DeleteRestApi operations", + "type": "ArrayOfString" }, { "condition": "apigateway:Resource/MtlsTrustStoreUri", - "description": "Filters access by URI of the truststore used for mutual TLS authentication. Available during the UpdateDomainName and DeleteDomainName operations", + "description": "Filters access by URI of the truststore used for mutual TLS authentication. Available during UpdateDomainName and DeleteDomainName operations", "type": "String" }, { "condition": "apigateway:Resource/MtlsTrustStoreVersion", - "description": "Filters access by version of the truststore used for mutual TLS authentication. Available during the UpdateDomainName and DeleteDomainName operations", + "description": "Filters access by version of the truststore used for mutual TLS authentication. Available during UpdateDomainName and DeleteDomainName operations", "type": "String" }, { "condition": "apigateway:Resource/RouteAuthorizationType", - "description": "ilters access by authorization type of the existing Route resource, for example NONE, AWS_IAM, CUSTOM. Available during the UpdateRoute and DeleteRoute operations. Also available as a collection during reimport", + "description": "Filters access by authorization type of the existing Method resource, for example NONE, AWS_IAM, CUSTOM, JWT, COGNITO_USER_POOLS. Available during the PutMethod and DeleteMethod operations. Also available as a collection during reimport", "type": "ArrayOfString" }, { "condition": "apigateway:Resource/SecurityPolicy", - "description": "Filters access by TLS version. Available during the UpdateDomainName and DeleteDomainName operations", + "description": "Filters access by TLS version. Available during UpdateDomain and DeleteDomain operations", "type": "ArrayOfString" }, { @@ -3846,6 +3858,23 @@ ], "prefix": "apigateway", "privileges": [ + { + "access_level": "Permissions management", + "description": "Grants permission to add certificates for mutual TLS authentication to a domain name. This is an additional authorization control for managing the DomainName resource due to the sensitive nature of mTLS", + "privilege": "AddCertificateToDomain", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "DomainName" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "DomainNames" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a particular resource", @@ -3854,37 +3883,47 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "AccessLogSettings" + "resource_type": "ApiKey" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Api" + "resource_type": "Authorizer" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ApiMapping" + "resource_type": "BasePathMapping" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Authorizer" + "resource_type": "ClientCertificate" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "AuthorizersCache" + "resource_type": "Deployment" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Cors" + "resource_type": "DocumentationPart" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Deployment" + "resource_type": "DocumentationVersion" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "DomainName" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "GatewayResponse" }, { "condition_keys": [], @@ -3899,33 +3938,58 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Model" + "resource_type": "Method" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Route" + "resource_type": "MethodResponse" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "RouteRequestParameter" + "resource_type": "Model" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "RouteResponse" + "resource_type": "RequestValidator" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "RouteSettings" + "resource_type": "Resource" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "RestApi" }, { "condition_keys": [], "dependent_actions": [], "resource_type": "Stage" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Template" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "UsagePlan" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "UsagePlanKey" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "VpcLink" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -3944,47 +4008,47 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "AccessLogSettings" + "resource_type": "Account" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Api" + "resource_type": "ApiKey" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ApiMapping" + "resource_type": "ApiKeys" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ApiMappings" + "resource_type": "Authorizer" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Apis" + "resource_type": "Authorizers" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Authorizer" + "resource_type": "BasePathMapping" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Authorizers" + "resource_type": "BasePathMappings" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "AuthorizersCache" + "resource_type": "ClientCertificate" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Cors" + "resource_type": "ClientCertificates" }, { "condition_keys": [], @@ -3999,7 +4063,42 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ExportedAPI" + "resource_type": "DocumentationPart" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "DocumentationParts" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "DocumentationVersion" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "DocumentationVersions" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "DomainName" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "DomainNames" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "GatewayResponse" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "GatewayResponses" }, { "condition_keys": [], @@ -4014,12 +4113,12 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "IntegrationResponses" + "resource_type": "Method" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Integrations" + "resource_type": "MethodResponse" }, { "condition_keys": [], @@ -4029,42 +4128,42 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ModelTemplate" + "resource_type": "Models" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Models" + "resource_type": "RequestValidator" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Route" + "resource_type": "RequestValidators" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "RouteRequestParameter" + "resource_type": "Resource" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "RouteResponse" + "resource_type": "Resources" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "RouteResponses" + "resource_type": "RestApi" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "RouteSettings" + "resource_type": "RestApis" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Routes" + "resource_type": "Sdk" }, { "condition_keys": [], @@ -4075,6 +4174,36 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "Stages" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "UsagePlan" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "UsagePlanKey" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "UsagePlanKeys" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "UsagePlans" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "VpcLink" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "VpcLinks" } ] }, @@ -4086,23 +4215,53 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Api" + "resource_type": "Account" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ApiMapping" + "resource_type": "ApiKey" }, { "condition_keys": [], "dependent_actions": [], "resource_type": "Authorizer" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "BasePathMapping" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ClientCertificate" + }, { "condition_keys": [], "dependent_actions": [], "resource_type": "Deployment" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "DocumentationPart" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "DocumentationVersion" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "DomainName" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "GatewayResponse" + }, { "condition_keys": [], "dependent_actions": [], @@ -4113,6 +4272,16 @@ "dependent_actions": [], "resource_type": "IntegrationResponse" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Method" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "MethodResponse" + }, { "condition_keys": [], "dependent_actions": [], @@ -4121,23 +4290,43 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Route" + "resource_type": "RequestValidator" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "RouteRequestParameter" + "resource_type": "Resource" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "RouteResponse" + "resource_type": "RestApi" }, { "condition_keys": [], "dependent_actions": [], "resource_type": "Stage" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Template" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "UsagePlan" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "UsagePlanKey" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "VpcLink" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -4156,17 +4345,22 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ApiMappings" + "resource_type": "ApiKeys" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Apis" + "resource_type": "Authorizers" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Authorizers" + "resource_type": "BasePathMappings" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ClientCertificates" }, { "condition_keys": [], @@ -4176,12 +4370,32 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "IntegrationResponses" + "resource_type": "DocumentationParts" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Integrations" + "resource_type": "DocumentationVersions" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "DomainNames" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "GatewayResponses" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "IntegrationResponse" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "MethodResponse" }, { "condition_keys": [], @@ -4191,18 +4405,38 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RouteResponses" + "resource_type": "RequestValidators" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Routes" + "resource_type": "Resources" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "RestApis" }, { "condition_keys": [], "dependent_actions": [], "resource_type": "Stages" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "UsagePlanKeys" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "UsagePlans" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "VpcLinks" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -4221,7 +4455,27 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Apis" + "resource_type": "DocumentationPart" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "GatewayResponse" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "IntegrationResponse" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "MethodResponse" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "RestApi" }, { "condition_keys": [ @@ -4232,195 +4486,376 @@ "resource_type": "" } ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to remove certificates for mutual TLS authentication from a domain name. This is an additional authorization control for managing the DomainName resource due to the sensitive nature of mTLS", + "privilege": "RemoveCertificateFromDomain", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "DomainName" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "DomainNames" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission set a WAF access control list (ACL). This is an additional authorization control for managing the Stage resource due to the sensitive nature of WebAcl's", + "privilege": "SetWebACL", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Stage" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Stages" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to manage the IAM resource policy for an API. This is an additional authorization control for managing an API due to the sensitive nature of the resource policy", + "privilege": "UpdateRestApiPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "RestApi" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "RestApis" + } + ] } ], "resources": [ { - "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/stages/${StageName}/accesslogsettings/", + "arn": "arn:${Partition}:apigateway:${Region}::/account", "condition_keys": [], - "resource": "AccessLogSettings" + "resource": "Account" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/", + "arn": "arn:${Partition}:apigateway:${Region}::/apikeys/${ApiKeyId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "ApiKey" + }, + { + "arn": "arn:${Partition}:apigateway:${Region}::/apikeys", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "ApiKeys" + }, + { + "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/authorizers/${AuthorizerId}", "condition_keys": [ - "apigateway:Request/ApiKeyRequired", - "apigateway:Request/ApiName", "apigateway:Request/AuthorizerType", "apigateway:Request/AuthorizerUri", - "apigateway:Request/DisableExecuteApiEndpoint", - "apigateway:Request/EndpointType", - "apigateway:Request/RouteAuthorizationType", - "apigateway:Resource/ApiKeyRequired", - "apigateway:Resource/ApiName", "apigateway:Resource/AuthorizerType", "apigateway:Resource/AuthorizerUri", - "apigateway:Resource/DisableExecuteApiEndpoint", - "apigateway:Resource/EndpointType", - "apigateway:Resource/RouteAuthorizationType" + "aws:ResourceTag/${TagKey}" ], - "resource": "Api" + "resource": "Authorizer" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/apis/", + "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/authorizers", "condition_keys": [ - "apigateway:Request/ApiKeyRequired", - "apigateway:Request/ApiName", "apigateway:Request/AuthorizerType", "apigateway:Request/AuthorizerUri", - "apigateway:Request/DisableExecuteApiEndpoint", - "apigateway:Request/EndpointType", - "apigateway:Request/RouteAuthorizationType" + "aws:ResourceTag/${TagKey}" ], - "resource": "Apis" + "resource": "Authorizers" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/domainnames/${DomainName}/apimappings/${ApiMappingId}/", - "condition_keys": [], - "resource": "ApiMapping" + "arn": "arn:${Partition}:apigateway:${Region}::/domainnames/${DomainName}/basepathmappings/${BasePath}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "BasePathMapping" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/domainnames/${DomainName}/apimappings/", - "condition_keys": [], - "resource": "ApiMappings" + "arn": "arn:${Partition}:apigateway:${Region}::/domainnames/${DomainName}/basepathmappings", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "BasePathMappings" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/authorizers/${AuthorizerId}/", + "arn": "arn:${Partition}:apigateway:${Region}::/clientcertificates/${ClientCertificateId}", "condition_keys": [ - "apigateway:Request/AuthorizerType", - "apigateway:Request/AuthorizerUri", - "apigateway:Resource/AuthorizerType", - "apigateway:Resource/AuthorizerUri" + "aws:ResourceTag/${TagKey}" ], - "resource": "Authorizer" + "resource": "ClientCertificate" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/authorizers/", + "arn": "arn:${Partition}:apigateway:${Region}::/clientcertificates", "condition_keys": [ - "apigateway:Request/AuthorizerType", - "apigateway:Request/AuthorizerUri" + "aws:ResourceTag/${TagKey}" ], - "resource": "Authorizers" + "resource": "ClientCertificates" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/stages/${StageName}/cache/authorizers/", - "condition_keys": [], - "resource": "AuthorizersCache" + "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/deployments/${DeploymentId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Deployment" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/cors/", - "condition_keys": [], - "resource": "Cors" + "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/deployments", + "condition_keys": [ + "apigateway:Request/StageName" + ], + "resource": "Deployments" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/deployments/${DeploymentId}/", - "condition_keys": [], - "resource": "Deployment" + "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/documentation/parts/${DocumentationPartId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "DocumentationPart" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/deployments/", + "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/documentation/parts", "condition_keys": [ - "apigateway:Request/StageName" + "aws:ResourceTag/${TagKey}" ], - "resource": "Deployments" + "resource": "DocumentationParts" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/exports/${Specification}/", + "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/documentation/versions/${DocumentationVersionId}", "condition_keys": [], - "resource": "ExportedAPI" + "resource": "DocumentationVersion" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/integrations/${IntegrationId}/", + "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/documentation/versions", "condition_keys": [], - "resource": "Integration" + "resource": "DocumentationVersions" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/integrations/", - "condition_keys": [], - "resource": "Integrations" + "arn": "arn:${Partition}:apigateway:${Region}::/domainnames/${DomainName}", + "condition_keys": [ + "apigateway:Request/EndpointType", + "apigateway:Request/MtlsTrustStoreUri", + "apigateway:Request/MtlsTrustStoreVersion", + "apigateway:Request/SecurityPolicy", + "apigateway:Resource/EndpointType", + "apigateway:Resource/MtlsTrustStoreUri", + "apigateway:Resource/MtlsTrustStoreVersion", + "apigateway:Resource/SecurityPolicy", + "aws:ResourceTag/${TagKey}" + ], + "resource": "DomainName" + }, + { + "arn": "arn:${Partition}:apigateway:${Region}::/domainnames", + "condition_keys": [ + "apigateway:Request/EndpointType", + "apigateway:Request/MtlsTrustStoreUri", + "apigateway:Request/MtlsTrustStoreVersion", + "apigateway:Request/SecurityPolicy", + "aws:ResourceTag/${TagKey}" + ], + "resource": "DomainNames" + }, + { + "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/gatewayresponses/${ResponseType}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "GatewayResponse" + }, + { + "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/gatewayresponses", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "GatewayResponses" + }, + { + "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/resources/${ResourceId}/methods/${HttpMethodType}/integration", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Integration" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/integrations/${IntegrationId}/integrationresponses/${IntegrationResponseId}/", + "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/resources/${ResourceId}/methods/${HttpMethodType}/integration/responses/${StatusCode}", "condition_keys": [], "resource": "IntegrationResponse" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/integrations/${IntegrationId}/integrationresponses/", - "condition_keys": [], - "resource": "IntegrationResponses" + "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/resources/${ResourceId}/methods/${HttpMethodType}", + "condition_keys": [ + "apigateway:Request/ApiKeyRequired", + "apigateway:Request/RouteAuthorizationType", + "apigateway:Resource/ApiKeyRequired", + "apigateway:Resource/RouteAuthorizationType", + "aws:ResourceTag/${TagKey}" + ], + "resource": "Method" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/models/${ModelId}/", + "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/resources/${ResourceId}/methods/${HttpMethodType}/responses/${StatusCode}", "condition_keys": [], + "resource": "MethodResponse" + }, + { + "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/models/${ModelName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "Model" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/models/", - "condition_keys": [], + "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/models", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "Models" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/models/${ModelId}/template/", + "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/requestvalidators/${RequestValidatorId}", "condition_keys": [], - "resource": "ModelTemplate" + "resource": "RequestValidator" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/routes/${RouteId}/", + "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/requestvalidators", + "condition_keys": [], + "resource": "RequestValidators" + }, + { + "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/resources/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Resource" + }, + { + "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/resources", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Resources" + }, + { + "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}", "condition_keys": [ "apigateway:Request/ApiKeyRequired", + "apigateway:Request/ApiName", + "apigateway:Request/AuthorizerType", + "apigateway:Request/AuthorizerUri", + "apigateway:Request/DisableExecuteApiEndpoint", + "apigateway:Request/EndpointType", "apigateway:Request/RouteAuthorizationType", "apigateway:Resource/ApiKeyRequired", - "apigateway:Resource/RouteAuthorizationType" + "apigateway:Resource/ApiName", + "apigateway:Resource/AuthorizerType", + "apigateway:Resource/AuthorizerUri", + "apigateway:Resource/DisableExecuteApiEndpoint", + "apigateway:Resource/EndpointType", + "apigateway:Resource/RouteAuthorizationType", + "aws:ResourceTag/${TagKey}" ], - "resource": "Route" + "resource": "RestApi" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/routes/", + "arn": "arn:${Partition}:apigateway:${Region}::/restapis", "condition_keys": [ "apigateway:Request/ApiKeyRequired", - "apigateway:Request/RouteAuthorizationType" + "apigateway:Request/ApiName", + "apigateway:Request/AuthorizerType", + "apigateway:Request/AuthorizerUri", + "apigateway:Request/DisableExecuteApiEndpoint", + "apigateway:Request/EndpointType", + "apigateway:Request/RouteAuthorizationType", + "aws:ResourceTag/${TagKey}" ], - "resource": "Routes" + "resource": "RestApis" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/routes/${RouteId}/routeresponses/${RouteResponseId}/", + "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/stages/${StageName}/sdks/${SdkType}", "condition_keys": [], - "resource": "RouteResponse" + "resource": "Sdk" + }, + { + "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/stages/${StageName}", + "condition_keys": [ + "apigateway:Request/AccessLoggingDestination", + "apigateway:Request/AccessLoggingFormat", + "apigateway:Resource/AccessLoggingDestination", + "apigateway:Resource/AccessLoggingFormat", + "aws:ResourceTag/${TagKey}" + ], + "resource": "Stage" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/routes/${RouteId}/routeresponses/", + "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/stages", + "condition_keys": [ + "apigateway:Request/AccessLoggingDestination", + "apigateway:Request/AccessLoggingFormat", + "aws:ResourceTag/${TagKey}" + ], + "resource": "Stages" + }, + { + "arn": "arn:${Partition}:apigateway:${Region}::/restapis/models/${ModelName}/template", "condition_keys": [], - "resource": "RouteResponses" + "resource": "Template" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/routes/${RouteId}/requestparameters/${RequestParameterKey}/", + "arn": "arn:${Partition}:apigateway:${Region}::/usageplans/${UsagePlanId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "UsagePlan" + }, + { + "arn": "arn:${Partition}:apigateway:${Region}::/usageplans", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "UsagePlans" + }, + { + "arn": "arn:${Partition}:apigateway:${Region}::/usageplans/${UsagePlanId}/keys/${Id}", "condition_keys": [], - "resource": "RouteRequestParameter" + "resource": "UsagePlanKey" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/stages/${StageName}/routesettings/${RouteKey}/", + "arn": "arn:${Partition}:apigateway:${Region}::/usageplans/${UsagePlanId}/keys", "condition_keys": [], - "resource": "RouteSettings" + "resource": "UsagePlanKeys" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/stages/${StageName}/", + "arn": "arn:${Partition}:apigateway:${Region}::/vpclinks/${VpcLinkId}", "condition_keys": [ - "apigateway:Request/AccessLoggingDestination", - "apigateway:Request/AccessLoggingFormat", - "apigateway:Resource/AccessLoggingDestination", - "apigateway:Resource/AccessLoggingFormat" + "aws:ResourceTag/${TagKey}" ], - "resource": "Stage" + "resource": "VpcLink" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/stages/", + "arn": "arn:${Partition}:apigateway:${Region}::/vpclinks", "condition_keys": [ - "apigateway:Request/AccessLoggingDestination", - "apigateway:Request/AccessLoggingFormat" + "aws:ResourceTag/${TagKey}" ], - "resource": "Stages" + "resource": "VpcLinks" } ], - "service_name": "Amazon API Gateway Management V2" + "service_name": "Amazon API Gateway Management" }, { "conditions": [ @@ -4436,17 +4871,17 @@ }, { "condition": "apigateway:Request/ApiKeyRequired", - "description": "Filters access based on whether an API key is required or not. Available during the CreateMethod and PutMethod operations. Also available as a collection during import and reimport", + "description": "Filters access based on whether an API key is required or not. Available during the CreateRoute and UpdateRoute operations. Also available as a collection during import and reimport", "type": "ArrayOfBool" }, { "condition": "apigateway:Request/ApiName", - "description": "Filters access by API name. Available during the CreateRestApi and UpdateRestApi operations", + "description": "Filters access by API name. Available during the CreateApi and UpdateApi operations", "type": "String" }, { "condition": "apigateway:Request/AuthorizerType", - "description": "Filters access by type of authorizer in the request, for example TOKEN, REQUEST, JWT. Available during CreateAuthorizer and UpdateAuthorizer. Also available during import and reimport as an ArrayOfString", + "description": "Filters access by type of authorizer in the request, for example REQUEST or JWT. Available during CreateAuthorizer and UpdateAuthorizer. Also available during import and reimport as an ArrayOfString", "type": "ArrayOfString" }, { @@ -4456,13 +4891,13 @@ }, { "condition": "apigateway:Request/DisableExecuteApiEndpoint", - "description": "Filters access by status of the default execute-api endpoint. Available during the CreateRestApi and DeleteRestApi operations", + "description": "Filters access by status of the default execute-api endpoint. Available during the CreateApi and UpdateApi operations", "type": "Bool" }, { "condition": "apigateway:Request/EndpointType", - "description": "Filters access by endpoint type. Available during the CreateDomainName, UpdateDomainName, CreateRestApi, and UpdateRestApi operations", - "type": "ArrayOfString" + "description": "Filters access by endpoint type. Available during the CreateDomainName, UpdateDomainName, CreateApi, and UpdateApi operations", + "type": "String" }, { "condition": "apigateway:Request/MtlsTrustStoreUri", @@ -4476,7 +4911,7 @@ }, { "condition": "apigateway:Request/RouteAuthorizationType", - "description": "Filters access by authorization type, for example NONE, AWS_IAM, CUSTOM, JWT, COGNITO_USER_POOLS. Available during the CreateMethod and PutMethod operations Also available as a collection during import", + "description": "Filters access by authorization type, for example NONE, AWS_IAM, CUSTOM, JWT. Available during the CreateRoute and UpdateRoute operations. Also available as a collection during import", "type": "ArrayOfString" }, { @@ -4501,52 +4936,52 @@ }, { "condition": "apigateway:Resource/ApiKeyRequired", - "description": "Filters access based on whether an API key is required or not for the existing Method resource. Available during the PutMethod and DeleteMethod operations. Also available as a collection during reimport", + "description": "Filters access based on whether an API key is required or not for the existing Route resource. Available during the UpdateRoute and DeleteRoute operations. Also available as a collection during reimport", "type": "ArrayOfBool" }, { "condition": "apigateway:Resource/ApiName", - "description": "Filters access by API name of the existing RestApi resource. Available during UpdateRestApi and DeleteRestApi operations", + "description": "Filters access by API name. Available during the UpdateApi and DeleteApi operations", "type": "String" }, { "condition": "apigateway:Resource/AuthorizerType", - "description": "Filters access by the current type of authorizer, for example TOKEN, REQUEST, JWT. Available during UpdateAuthorizer and DeleteAuthorizer operations. Also available during reimport as an ArrayOfString", + "description": "Filters access by the current type of authorizer, for example REQUEST or JWT. Available during UpdateAuthorizer and DeleteAuthorizer operations. Also available during import and reimport as an ArrayOfString", "type": "ArrayOfString" }, { "condition": "apigateway:Resource/AuthorizerUri", - "description": "Filters access by URI of a Lambda authorizer function. Available during UpdateAuthorizer and DeleteAuthorizer operations. Also available during reimport as an ArrayOfString", + "description": "Filters access by the URI of the current Lambda authorizer associated with the current API. Available during UpdateAuthorizer and DeleteAuthorizer. Also available as a collection during reimport", "type": "ArrayOfString" }, { "condition": "apigateway:Resource/DisableExecuteApiEndpoint", - "description": "Filters access by status of the default execute-api endpoint of the current RestApi resource. Available during UpdateRestApi and DeleteRestApi operations", + "description": "Filters access by status of the default execute-api endpoint. Available during the UpdateApi and DeleteApi operations", "type": "Bool" }, { "condition": "apigateway:Resource/EndpointType", - "description": "Filters access by endpoint type. Available during the UpdateDomainName, DeleteDomainName, UpdateRestApi, and DeleteRestApi operations", - "type": "ArrayOfString" + "description": "Filters access by endpoint type. Available during the UpdateDomainName, DeleteDomainName, UpdateApi, and DeleteApi operations", + "type": "String" }, { "condition": "apigateway:Resource/MtlsTrustStoreUri", - "description": "Filters access by URI of the truststore used for mutual TLS authentication. Available during UpdateDomainName and DeleteDomainName operations", + "description": "Filters access by URI of the truststore used for mutual TLS authentication. Available during the UpdateDomainName and DeleteDomainName operations", "type": "String" }, { "condition": "apigateway:Resource/MtlsTrustStoreVersion", - "description": "Filters access by version of the truststore used for mutual TLS authentication. Available during UpdateDomainName and DeleteDomainName operations", + "description": "Filters access by version of the truststore used for mutual TLS authentication. Available during the UpdateDomainName and DeleteDomainName operations", "type": "String" }, { "condition": "apigateway:Resource/RouteAuthorizationType", - "description": "Filters access by authorization type of the existing Method resource, for example NONE, AWS_IAM, CUSTOM, JWT, COGNITO_USER_POOLS. Available during the PutMethod and DeleteMethod operations. Also available as a collection during reimport", + "description": "ilters access by authorization type of the existing Route resource, for example NONE, AWS_IAM, CUSTOM. Available during the UpdateRoute and DeleteRoute operations. Also available as a collection during reimport", "type": "ArrayOfString" }, { "condition": "apigateway:Resource/SecurityPolicy", - "description": "Filters access by TLS version. Available during UpdateDomain and DeleteDomain operations", + "description": "Filters access by TLS version. Available during the UpdateDomainName and DeleteDomainName operations", "type": "ArrayOfString" }, { @@ -4567,23 +5002,6 @@ ], "prefix": "apigateway", "privileges": [ - { - "access_level": "Permissions management", - "description": "Grants permission to add certificates for mutual TLS authentication to a domain name. This is an additional authorization control for managing the DomainName resource due to the sensitive nature of mTLS", - "privilege": "AddCertificateToDomain", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "DomainName" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "DomainNames" - } - ] - }, { "access_level": "Write", "description": "Grants permission to delete a particular resource", @@ -4592,47 +5010,37 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ApiKey" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Authorizer" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "BasePathMapping" + "resource_type": "AccessLogSettings" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ClientCertificate" + "resource_type": "Api" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Deployment" + "resource_type": "ApiMapping" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "DocumentationPart" + "resource_type": "Authorizer" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "DocumentationVersion" + "resource_type": "AuthorizersCache" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "DomainName" + "resource_type": "Cors" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "GatewayResponse" + "resource_type": "Deployment" }, { "condition_keys": [], @@ -4644,16 +5052,6 @@ "dependent_actions": [], "resource_type": "IntegrationResponse" }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Method" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "MethodResponse" - }, { "condition_keys": [], "dependent_actions": [], @@ -4662,42 +5060,27 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RequestValidator" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Resource" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "RestApi" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Stage" + "resource_type": "Route" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Template" + "resource_type": "RouteRequestParameter" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "UsagePlan" + "resource_type": "RouteResponse" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "UsagePlanKey" + "resource_type": "RouteSettings" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "VpcLink" + "resource_type": "Stage" }, { "condition_keys": [ @@ -4717,47 +5100,47 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Account" + "resource_type": "AccessLogSettings" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ApiKey" + "resource_type": "Api" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ApiKeys" + "resource_type": "ApiMapping" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Authorizer" + "resource_type": "ApiMappings" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Authorizers" + "resource_type": "Apis" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "BasePathMapping" + "resource_type": "Authorizer" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "BasePathMappings" + "resource_type": "Authorizers" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ClientCertificate" + "resource_type": "AuthorizersCache" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ClientCertificates" + "resource_type": "Cors" }, { "condition_keys": [], @@ -4772,42 +5155,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "DocumentationPart" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "DocumentationParts" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "DocumentationVersion" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "DocumentationVersions" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "DomainName" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "DomainNames" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "GatewayResponse" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "GatewayResponses" + "resource_type": "ExportedAPI" }, { "condition_keys": [], @@ -4822,12 +5170,12 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Method" + "resource_type": "IntegrationResponses" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "MethodResponse" + "resource_type": "Integrations" }, { "condition_keys": [], @@ -4837,42 +5185,42 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Models" + "resource_type": "ModelTemplate" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "RequestValidator" + "resource_type": "Models" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "RequestValidators" + "resource_type": "Route" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Resource" + "resource_type": "RouteRequestParameter" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Resources" + "resource_type": "RouteResponse" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "RestApi" + "resource_type": "RouteResponses" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "RestApis" + "resource_type": "RouteSettings" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Sdk" + "resource_type": "Routes" }, { "condition_keys": [], @@ -4883,36 +5231,6 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "Stages" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "UsagePlan" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "UsagePlanKey" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "UsagePlanKeys" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "UsagePlans" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "VpcLink" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "VpcLinks" } ] }, @@ -4924,53 +5242,23 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Account" + "resource_type": "Api" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ApiKey" + "resource_type": "ApiMapping" }, { "condition_keys": [], "dependent_actions": [], "resource_type": "Authorizer" }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "BasePathMapping" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ClientCertificate" - }, { "condition_keys": [], "dependent_actions": [], "resource_type": "Deployment" }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "DocumentationPart" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "DocumentationVersion" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "DomainName" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "GatewayResponse" - }, { "condition_keys": [], "dependent_actions": [], @@ -4981,16 +5269,6 @@ "dependent_actions": [], "resource_type": "IntegrationResponse" }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Method" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "MethodResponse" - }, { "condition_keys": [], "dependent_actions": [], @@ -4999,43 +5277,23 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RequestValidator" + "resource_type": "Route" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Resource" + "resource_type": "RouteRequestParameter" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "RestApi" + "resource_type": "RouteResponse" }, { "condition_keys": [], "dependent_actions": [], "resource_type": "Stage" }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Template" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "UsagePlan" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "UsagePlanKey" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "VpcLink" - }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -5054,22 +5312,17 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ApiKeys" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Authorizers" + "resource_type": "ApiMappings" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "BasePathMappings" + "resource_type": "Apis" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ClientCertificates" + "resource_type": "Authorizers" }, { "condition_keys": [], @@ -5079,32 +5332,12 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "DocumentationParts" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "DocumentationVersions" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "DomainNames" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "GatewayResponses" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "IntegrationResponse" + "resource_type": "IntegrationResponses" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "MethodResponse" + "resource_type": "Integrations" }, { "condition_keys": [], @@ -5114,38 +5347,18 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RequestValidators" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Resources" + "resource_type": "RouteResponses" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "RestApis" + "resource_type": "Routes" }, { "condition_keys": [], "dependent_actions": [], "resource_type": "Stages" }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "UsagePlanKeys" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "UsagePlans" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "VpcLinks" - }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -5164,27 +5377,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "DocumentationPart" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "GatewayResponse" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "IntegrationResponse" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "MethodResponse" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "RestApi" + "resource_type": "Apis" }, { "condition_keys": [ @@ -5195,327 +5388,218 @@ "resource_type": "" } ] - }, - { - "access_level": "Permissions management", - "description": "Grants permission to remove certificates for mutual TLS authentication from a domain name. This is an additional authorization control for managing the DomainName resource due to the sensitive nature of mTLS", - "privilege": "RemoveCertificateFromDomain", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "DomainName" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "DomainNames" - } - ] - }, - { - "access_level": "Permissions management", - "description": "Grants permission set a WAF access control list (ACL). This is an additional authorization control for managing the Stage resource due to the sensitive nature of WebAcl's", - "privilege": "SetWebACL", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Stage" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Stages" - } - ] - }, - { - "access_level": "Permissions management", - "description": "Grants permission to manage the IAM resource policy for an API. This is an additional authorization control for managing an API due to the sensitive nature of the resource policy", - "privilege": "UpdateRestApiPolicy", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "RestApi" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "RestApis" - } - ] } ], "resources": [ { - "arn": "arn:${Partition}:apigateway:${Region}::/account/", + "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/stages/${StageName}/accesslogsettings", "condition_keys": [], - "resource": "Account" + "resource": "AccessLogSettings" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/apikeys/${ApiKeyId}/", - "condition_keys": [], - "resource": "ApiKey" + "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}", + "condition_keys": [ + "apigateway:Request/ApiKeyRequired", + "apigateway:Request/ApiName", + "apigateway:Request/AuthorizerType", + "apigateway:Request/AuthorizerUri", + "apigateway:Request/DisableExecuteApiEndpoint", + "apigateway:Request/EndpointType", + "apigateway:Request/RouteAuthorizationType", + "apigateway:Resource/ApiKeyRequired", + "apigateway:Resource/ApiName", + "apigateway:Resource/AuthorizerType", + "apigateway:Resource/AuthorizerUri", + "apigateway:Resource/DisableExecuteApiEndpoint", + "apigateway:Resource/EndpointType", + "apigateway:Resource/RouteAuthorizationType", + "aws:ResourceTag/${TagKey}" + ], + "resource": "Api" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/apikeys/", - "condition_keys": [], - "resource": "ApiKeys" + "arn": "arn:${Partition}:apigateway:${Region}::/apis", + "condition_keys": [ + "apigateway:Request/ApiKeyRequired", + "apigateway:Request/ApiName", + "apigateway:Request/AuthorizerType", + "apigateway:Request/AuthorizerUri", + "apigateway:Request/DisableExecuteApiEndpoint", + "apigateway:Request/EndpointType", + "apigateway:Request/RouteAuthorizationType", + "aws:ResourceTag/${TagKey}" + ], + "resource": "Apis" + }, + { + "arn": "arn:${Partition}:apigateway:${Region}::/domainnames/${DomainName}/apimappings/${ApiMappingId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "ApiMapping" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/authorizers/${AuthorizerId}/", + "arn": "arn:${Partition}:apigateway:${Region}::/domainnames/${DomainName}/apimappings", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "ApiMappings" + }, + { + "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/authorizers/${AuthorizerId}", "condition_keys": [ "apigateway:Request/AuthorizerType", "apigateway:Request/AuthorizerUri", "apigateway:Resource/AuthorizerType", - "apigateway:Resource/AuthorizerUri" + "apigateway:Resource/AuthorizerUri", + "aws:ResourceTag/${TagKey}" ], "resource": "Authorizer" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/authorizers/", + "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/authorizers", "condition_keys": [ "apigateway:Request/AuthorizerType", - "apigateway:Request/AuthorizerUri" + "apigateway:Request/AuthorizerUri", + "aws:ResourceTag/${TagKey}" ], "resource": "Authorizers" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/domainnames/${DomainName}/basepathmappings/${BasePath}/", + "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/stages/${StageName}/cache/authorizers", "condition_keys": [], - "resource": "BasePathMapping" - }, - { - "arn": "arn:${Partition}:apigateway:${Region}::/domainnames/${DomainName}/basepathmappings/", - "condition_keys": [], - "resource": "BasePathMappings" - }, - { - "arn": "arn:${Partition}:apigateway:${Region}::/clientcertificates/${ClientCertificateId}/", - "condition_keys": [], - "resource": "ClientCertificate" + "resource": "AuthorizersCache" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/clientcertificates/", + "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/cors", "condition_keys": [], - "resource": "ClientCertificates" + "resource": "Cors" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/deployments/${DeploymentId}/", - "condition_keys": [], + "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/deployments/${DeploymentId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "Deployment" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/deployments/", + "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/deployments", "condition_keys": [ - "apigateway:Request/StageName" + "apigateway:Request/StageName", + "aws:ResourceTag/${TagKey}" ], "resource": "Deployments" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/documentation/parts/${DocumentationPartId}/", - "condition_keys": [], - "resource": "DocumentationPart" - }, - { - "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/documentation/parts/", - "condition_keys": [], - "resource": "DocumentationParts" - }, - { - "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/documentation/versions/${DocumentationVersionId}/", - "condition_keys": [], - "resource": "DocumentationVersion" - }, - { - "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/documentation/versions/", + "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/exports/${Specification}", "condition_keys": [], - "resource": "DocumentationVersions" + "resource": "ExportedAPI" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/domainnames/${DomainName}/", + "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/integrations/${IntegrationId}", "condition_keys": [ - "apigateway:Request/EndpointType", - "apigateway:Request/MtlsTrustStoreUri", - "apigateway:Request/MtlsTrustStoreVersion", - "apigateway:Request/SecurityPolicy", - "apigateway:Resource/EndpointType", - "apigateway:Resource/MtlsTrustStoreUri", - "apigateway:Resource/MtlsTrustStoreVersion", - "apigateway:Resource/SecurityPolicy" + "aws:ResourceTag/${TagKey}" ], - "resource": "DomainName" + "resource": "Integration" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/domainnames/", + "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/integrations", "condition_keys": [ - "apigateway:Request/EndpointType", - "apigateway:Request/MtlsTrustStoreUri", - "apigateway:Request/MtlsTrustStoreVersion", - "apigateway:Request/SecurityPolicy" + "aws:ResourceTag/${TagKey}" ], - "resource": "DomainNames" - }, - { - "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/gatewayresponses/${ResponseType}/", - "condition_keys": [], - "resource": "GatewayResponse" - }, - { - "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/gatewayresponses/", - "condition_keys": [], - "resource": "GatewayResponses" + "resource": "Integrations" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/resources/${ResourceId}/methods/${HttpMethodType}/integration/", + "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/integrations/${IntegrationId}/integrationresponses/${IntegrationResponseId}", "condition_keys": [], - "resource": "Integration" + "resource": "IntegrationResponse" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/resources/${ResourceId}/methods/${HttpMethodType}/integration/responses/${StatusCode}/", + "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/integrations/${IntegrationId}/integrationresponses", "condition_keys": [], - "resource": "IntegrationResponse" + "resource": "IntegrationResponses" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/resources/${ResourceId}/methods/${HttpMethodType}/", + "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/models/${ModelId}", "condition_keys": [ - "apigateway:Request/ApiKeyRequired", - "apigateway:Request/RouteAuthorizationType", - "apigateway:Resource/ApiKeyRequired", - "apigateway:Resource/RouteAuthorizationType" + "aws:ResourceTag/${TagKey}" ], - "resource": "Method" - }, - { - "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/resources/${ResourceId}/methods/${HttpMethodType}/responses/${StatusCode}/", - "condition_keys": [], - "resource": "MethodResponse" - }, - { - "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/models/${ModelName}/", - "condition_keys": [], "resource": "Model" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/models/", - "condition_keys": [], + "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/models", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "Models" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/requestvalidators/${RequestValidatorId}/", - "condition_keys": [], - "resource": "RequestValidator" - }, - { - "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/requestvalidators/", - "condition_keys": [], - "resource": "RequestValidators" - }, - { - "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/resources/${ResourceId}/", - "condition_keys": [], - "resource": "Resource" - }, - { - "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/resources/", + "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/models/${ModelId}/template", "condition_keys": [], - "resource": "Resources" + "resource": "ModelTemplate" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/", + "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/routes/${RouteId}", "condition_keys": [ "apigateway:Request/ApiKeyRequired", - "apigateway:Request/ApiName", - "apigateway:Request/AuthorizerType", - "apigateway:Request/AuthorizerUri", - "apigateway:Request/DisableExecuteApiEndpoint", - "apigateway:Request/EndpointType", "apigateway:Request/RouteAuthorizationType", "apigateway:Resource/ApiKeyRequired", - "apigateway:Resource/ApiName", - "apigateway:Resource/AuthorizerType", - "apigateway:Resource/AuthorizerUri", - "apigateway:Resource/DisableExecuteApiEndpoint", - "apigateway:Resource/EndpointType", - "apigateway:Resource/RouteAuthorizationType" + "apigateway:Resource/RouteAuthorizationType", + "aws:ResourceTag/${TagKey}" ], - "resource": "RestApi" + "resource": "Route" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/restapis/", + "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/routes", "condition_keys": [ "apigateway:Request/ApiKeyRequired", - "apigateway:Request/ApiName", - "apigateway:Request/AuthorizerType", - "apigateway:Request/AuthorizerUri", - "apigateway:Request/DisableExecuteApiEndpoint", - "apigateway:Request/EndpointType", - "apigateway:Request/RouteAuthorizationType" + "apigateway:Request/RouteAuthorizationType", + "aws:ResourceTag/${TagKey}" ], - "resource": "RestApis" + "resource": "Routes" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/stages/${StageName}/sdks/${SdkType}/", + "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/routes/${RouteId}/routeresponses/${RouteResponseId}", "condition_keys": [], - "resource": "Sdk" + "resource": "RouteResponse" + }, + { + "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/routes/${RouteId}/routeresponses", + "condition_keys": [], + "resource": "RouteResponses" + }, + { + "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/routes/${RouteId}/requestparameters/${RequestParameterKey}", + "condition_keys": [], + "resource": "RouteRequestParameter" + }, + { + "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/stages/${StageName}/routesettings/${RouteKey}", + "condition_keys": [], + "resource": "RouteSettings" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/stages/${StageName}/", + "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/stages/${StageName}", "condition_keys": [ "apigateway:Request/AccessLoggingDestination", "apigateway:Request/AccessLoggingFormat", "apigateway:Resource/AccessLoggingDestination", - "apigateway:Resource/AccessLoggingFormat" + "apigateway:Resource/AccessLoggingFormat", + "aws:ResourceTag/${TagKey}" ], "resource": "Stage" }, { - "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/stages/", + "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/stages", "condition_keys": [ "apigateway:Request/AccessLoggingDestination", - "apigateway:Request/AccessLoggingFormat" + "apigateway:Request/AccessLoggingFormat", + "aws:ResourceTag/${TagKey}" ], "resource": "Stages" - }, - { - "arn": "arn:${Partition}:apigateway:${Region}::/restapis/models/${ModelName}/template/", - "condition_keys": [], - "resource": "Template" - }, - { - "arn": "arn:${Partition}:apigateway:${Region}::/usageplans/${UsagePlanId}/", - "condition_keys": [], - "resource": "UsagePlan" - }, - { - "arn": "arn:${Partition}:apigateway:${Region}::/usageplans/", - "condition_keys": [], - "resource": "UsagePlans" - }, - { - "arn": "arn:${Partition}:apigateway:${Region}::/usageplans/${UsagePlanId}/keys/${Id}/", - "condition_keys": [], - "resource": "UsagePlanKey" - }, - { - "arn": "arn:${Partition}:apigateway:${Region}::/usageplans/${UsagePlanId}/keys/", - "condition_keys": [], - "resource": "UsagePlanKeys" - }, - { - "arn": "arn:${Partition}:apigateway:${Region}::/vpclinks/${VpcLinkId}/", - "condition_keys": [], - "resource": "VpcLink" - }, - { - "arn": "arn:${Partition}:apigateway:${Region}::/vpclinks/", - "condition_keys": [], - "resource": "VpcLinks" } ], - "service_name": "Amazon API Gateway Management" + "service_name": "Amazon API Gateway Management V2" }, { "conditions": [ @@ -6756,7 +6840,7 @@ ] }, { - "access_level": "List", + "access_level": "Read", "description": "Grants permission to list tags for a flow", "privilege": "ListTagsForResource", "resource_types": [ @@ -6850,7 +6934,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "flow*" + "resource_type": "connectorprofile*" } ] }, @@ -6865,6 +6949,18 @@ "resource_type": "flow*" } ] + }, + { + "access_level": "Write", + "description": "Grants permission to use a connector profile while creating a flow in Amazon AppFlow", + "privilege": "UseConnectorProfile", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connectorprofile*" + } + ] } ], "resources": [ @@ -7336,7 +7432,7 @@ ] }, { - "access_level": "List", + "access_level": "Read", "description": "Grants permission to list tags for the resource", "privilege": "ListTagsForResource", "resource_types": [ @@ -9364,6 +9460,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "CreateUpdatedImage", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a usage report subscription. Usage reports are generated daily", @@ -12095,92 +12203,92 @@ "conditions": [ { "condition": "autoscaling:ImageId", - "description": "The AMI used to create the instance.", + "description": "Filters access based on the AMI used to create the instance", "type": "String" }, { "condition": "autoscaling:InstanceType", - "description": "The type of instance, in terms of the hardware resources available.", + "description": "Filters access based on the type of instance, in terms of the hardware resources available", "type": "String" }, { "condition": "autoscaling:InstanceTypes", - "description": "The types of instances, in terms of the hardware resources available.", + "description": "Filters access based on the types of instances, in terms of the hardware resources available", "type": "String" }, { "condition": "autoscaling:LaunchConfigurationName", - "description": "The name of a launch configuration.", + "description": "Filters access based on the name of a launch configuration", "type": "String" }, { "condition": "autoscaling:LaunchTemplateVersionSpecified", - "description": "Filters access by whether users can specify any version of a launch template or only the Latest or Default version", + "description": "Filters access based on whether users can specify any version of a launch template or only the Latest or Default version", "type": "Bool" }, { "condition": "autoscaling:LoadBalancerNames", - "description": "The name of the load balancer.", + "description": "Filters access based on the name of the load balancer", "type": "String" }, { "condition": "autoscaling:MaxSize", - "description": "The maximum scaling size.", + "description": "Filters access based on the maximum scaling size", "type": "Numeric" }, { "condition": "autoscaling:MetadataHttpEndpoint", - "description": "Filters access by whether the HTTP endpoint is enabled for the instance metadata service.", + "description": "Filters access based on whether the HTTP endpoint is enabled for the instance metadata service", "type": "String" }, { "condition": "autoscaling:MetadataHttpPutResponseHopLimit", - "description": "Filters access by the allowed number of hops when calling the instance metadata service.", + "description": "Filters access based on the allowed number of hops when calling the instance metadata service", "type": "Numeric" }, { "condition": "autoscaling:MetadataHttpTokens", - "description": "Filters access by whether tokens are required when calling the instance metadata service (optional or required)", + "description": "Filters access based on whether tokens are required when calling the instance metadata service (optional or required)", "type": "String" }, { "condition": "autoscaling:MinSize", - "description": "The minimum scaling size.", + "description": "Filters access based on the minimum scaling size", "type": "Numeric" }, { "condition": "autoscaling:ResourceTag/${TagKey}", - "description": "The value of a tag attached to a resource.", + "description": "Filters access based on the value of a tag attached to a resource", "type": "String" }, { "condition": "autoscaling:SpotPrice", - "description": "The spot price associated with an instance.", + "description": "Filters access based on the spot price associated with an instance", "type": "Numeric" }, { "condition": "autoscaling:TargetGroupARNs", - "description": "The ARN of a target group.", + "description": "Filters access based on the ARN of a target group", "type": "ARN" }, { "condition": "autoscaling:VPCZoneIdentifiers", - "description": "The identifier of a VPC zone.", + "description": "Filters access based on the identifier of a VPC zone", "type": "String" }, { "condition": "aws:RequestTag/${TagKey}", - "description": "The value of a tag associated with the request.", + "description": "Filters access based on the value of a tag associated with the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on tag-value associated with the resource.", + "description": "Filters access based on the tag-value associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters create requests based on the presence of mandatory tags in the request.", + "description": "Filters create requests based on the presence of mandatory tags in the request", "type": "String" } ], @@ -12188,7 +12296,7 @@ "privileges": [ { "access_level": "Write", - "description": "Attaches one or more EC2 instances to the specified Auto Scaling group.", + "description": "Grants permission to attach one or more EC2 instances to the specified Auto Scaling group", "privilege": "AttachInstances", "resource_types": [ { @@ -12203,7 +12311,7 @@ }, { "access_level": "Write", - "description": "Attaches one or more target groups to the specified Auto Scaling group.", + "description": "Grants permission to attach one or more target groups to the specified Auto Scaling group", "privilege": "AttachLoadBalancerTargetGroups", "resource_types": [ { @@ -12225,7 +12333,7 @@ }, { "access_level": "Write", - "description": "Attaches one or more load balancers to the specified Auto Scaling group.", + "description": "Grants permission to attach one or more load balancers to the specified Auto Scaling group", "privilege": "AttachLoadBalancers", "resource_types": [ { @@ -12247,7 +12355,7 @@ }, { "access_level": "Write", - "description": "Deletes the specified scheduled actions.", + "description": "Grants permission to delete the specified scheduled actions", "privilege": "BatchDeleteScheduledAction", "resource_types": [ { @@ -12262,7 +12370,7 @@ }, { "access_level": "Write", - "description": "Creates or updates multiple scheduled scaling actions for an Auto Scaling group.", + "description": "Grants permission to create or update multiple scheduled scaling actions for an Auto Scaling group", "privilege": "BatchPutScheduledUpdateGroupAction", "resource_types": [ { @@ -12292,7 +12400,7 @@ }, { "access_level": "Write", - "description": "Completes the lifecycle action for the specified token or instance with the specified result.", + "description": "Grants permission to complete the lifecycle action for the specified token or instance with the specified result", "privilege": "CompleteLifecycleAction", "resource_types": [ { @@ -12306,8 +12414,8 @@ ] }, { - "access_level": "Tagging", - "description": "Creates an Auto Scaling group with the specified name and attributes.", + "access_level": "Write", + "description": "Grants permission to create an Auto Scaling group with the specified name and attributes", "privilege": "CreateAutoScalingGroup", "resource_types": [ { @@ -12338,7 +12446,7 @@ }, { "access_level": "Write", - "description": "Creates a launch configuration.", + "description": "Grants permission to create a launch configuration", "privilege": "CreateLaunchConfiguration", "resource_types": [ { @@ -12362,7 +12470,7 @@ }, { "access_level": "Tagging", - "description": "Creates or updates tags for the specified Auto Scaling group.", + "description": "Grants permission to create or update tags for the specified Auto Scaling group", "privilege": "CreateOrUpdateTags", "resource_types": [ { @@ -12385,7 +12493,7 @@ }, { "access_level": "Write", - "description": "Deletes the specified Auto Scaling group.", + "description": "Grants permission to delete the specified Auto Scaling group", "privilege": "DeleteAutoScalingGroup", "resource_types": [ { @@ -12400,7 +12508,7 @@ }, { "access_level": "Write", - "description": "Deletes the specified launch configuration.", + "description": "Grants permission to delete the specified launch configuration", "privilege": "DeleteLaunchConfiguration", "resource_types": [ { @@ -12412,7 +12520,7 @@ }, { "access_level": "Write", - "description": "Deletes the specified lifecycle hook.", + "description": "Grants permission to deletes the specified lifecycle hook", "privilege": "DeleteLifecycleHook", "resource_types": [ { @@ -12427,7 +12535,7 @@ }, { "access_level": "Write", - "description": "Deletes the specified notification.", + "description": "Grants permission to delete the specified notification", "privilege": "DeleteNotificationConfiguration", "resource_types": [ { @@ -12442,7 +12550,7 @@ }, { "access_level": "Write", - "description": "Deletes the specified Auto Scaling policy.", + "description": "Grants permission to delete the specified Auto Scaling policy", "privilege": "DeletePolicy", "resource_types": [ { @@ -12457,7 +12565,7 @@ }, { "access_level": "Write", - "description": "Deletes the specified scheduled action.", + "description": "Grants permission to delete the specified scheduled action", "privilege": "DeleteScheduledAction", "resource_types": [ { @@ -12472,7 +12580,7 @@ }, { "access_level": "Tagging", - "description": "Deletes the specified tags.", + "description": "Grants permission to delete the specified tags", "privilege": "DeleteTags", "resource_types": [ { @@ -12510,7 +12618,7 @@ }, { "access_level": "List", - "description": "Describes the current Auto Scaling resource limits for your AWS account.", + "description": "Grants permission to describe the current Auto Scaling resource limits for your AWS account", "privilege": "DescribeAccountLimits", "resource_types": [ { @@ -12522,7 +12630,7 @@ }, { "access_level": "List", - "description": "Describes the policy adjustment types for use with PutScalingPolicy.", + "description": "Grants permission to describe the policy adjustment types for use with PutScalingPolicy", "privilege": "DescribeAdjustmentTypes", "resource_types": [ { @@ -12534,7 +12642,7 @@ }, { "access_level": "List", - "description": "Describes one or more Auto Scaling groups. If a list of names is not provided, the call describes all Auto Scaling groups.", + "description": "Grants permission to describe one or more Auto Scaling groups. If a list of names is not provided, the call describes all Auto Scaling groups", "privilege": "DescribeAutoScalingGroups", "resource_types": [ { @@ -12546,7 +12654,7 @@ }, { "access_level": "List", - "description": "Describes one or more Auto Scaling instances. If a list is not provided, the call describes all instances.", + "description": "Grants permission to describe one or more Auto Scaling instances. If a list is not provided, the call describes all instances", "privilege": "DescribeAutoScalingInstances", "resource_types": [ { @@ -12558,7 +12666,7 @@ }, { "access_level": "List", - "description": "Describes the notification types that are supported by Auto Scaling.", + "description": "Grants permission to describe the notification types that are supported by Auto Scaling", "privilege": "DescribeAutoScalingNotificationTypes", "resource_types": [ { @@ -12582,7 +12690,7 @@ }, { "access_level": "List", - "description": "Describes one or more launch configurations. If you omit the list of names, then the call describes all launch configurations.", + "description": "Grants permission to describe one or more launch configurations. If you omit the list of names, then the call describes all launch configurations", "privilege": "DescribeLaunchConfigurations", "resource_types": [ { @@ -12594,7 +12702,7 @@ }, { "access_level": "List", - "description": "Describes the available types of lifecycle hooks.", + "description": "Grants permission to describe the available types of lifecycle hooks", "privilege": "DescribeLifecycleHookTypes", "resource_types": [ { @@ -12606,7 +12714,7 @@ }, { "access_level": "List", - "description": "Describes the lifecycle hooks for the specified Auto Scaling group.", + "description": "Grants permission to describe the lifecycle hooks for the specified Auto Scaling group", "privilege": "DescribeLifecycleHooks", "resource_types": [ { @@ -12618,7 +12726,7 @@ }, { "access_level": "List", - "description": "Describes the target groups for the specified Auto Scaling group.", + "description": "Grants permission to describe the target groups for the specified Auto Scaling group", "privilege": "DescribeLoadBalancerTargetGroups", "resource_types": [ { @@ -12630,7 +12738,7 @@ }, { "access_level": "List", - "description": "Describes the load balancers for the specified Auto Scaling group.", + "description": "Grants permission to describe the load balancers for the specified Auto Scaling group", "privilege": "DescribeLoadBalancers", "resource_types": [ { @@ -12642,7 +12750,7 @@ }, { "access_level": "List", - "description": "Describes the available CloudWatch metrics for Auto Scaling.", + "description": "Grants permission to describe the available CloudWatch metrics for Auto Scaling", "privilege": "DescribeMetricCollectionTypes", "resource_types": [ { @@ -12654,7 +12762,7 @@ }, { "access_level": "List", - "description": "Describes the notification actions associated with the specified Auto Scaling group.", + "description": "Grants permission to describe the notification actions associated with the specified Auto Scaling group", "privilege": "DescribeNotificationConfigurations", "resource_types": [ { @@ -12666,7 +12774,7 @@ }, { "access_level": "List", - "description": "Describes the policies for the specified Auto Scaling group.", + "description": "Grants permission to describe the policies for the specified Auto Scaling group", "privilege": "DescribePolicies", "resource_types": [ { @@ -12678,7 +12786,7 @@ }, { "access_level": "List", - "description": "Describes one or more scaling activities for the specified Auto Scaling group.", + "description": "Grants permission to describe one or more scaling activities for the specified Auto Scaling group", "privilege": "DescribeScalingActivities", "resource_types": [ { @@ -12690,7 +12798,7 @@ }, { "access_level": "List", - "description": "Describes the scaling process types for use with ResumeProcesses and SuspendProcesses.", + "description": "Grants permission to describe the scaling process types for use with ResumeProcesses and SuspendProcesses", "privilege": "DescribeScalingProcessTypes", "resource_types": [ { @@ -12702,7 +12810,7 @@ }, { "access_level": "List", - "description": "Describes the actions scheduled for your Auto Scaling group that haven't run.", + "description": "Grants permission to describe the actions scheduled for your Auto Scaling group that haven't run", "privilege": "DescribeScheduledActions", "resource_types": [ { @@ -12714,7 +12822,7 @@ }, { "access_level": "Read", - "description": "Describes the specified tags.", + "description": "Grants permission to describe the specified tags", "privilege": "DescribeTags", "resource_types": [ { @@ -12726,7 +12834,7 @@ }, { "access_level": "List", - "description": "Describes the termination policies supported by Auto Scaling.", + "description": "Grants permission to describe the termination policies supported by Auto Scaling", "privilege": "DescribeTerminationPolicyTypes", "resource_types": [ { @@ -12750,7 +12858,7 @@ }, { "access_level": "Write", - "description": "Removes one or more instances from the specified Auto Scaling group.", + "description": "Grants permission to remove one or more instances from the specified Auto Scaling group", "privilege": "DetachInstances", "resource_types": [ { @@ -12765,7 +12873,7 @@ }, { "access_level": "Write", - "description": "Detaches one or more target groups from the specified Auto Scaling group.", + "description": "Grants permission to detach one or more target groups from the specified Auto Scaling group", "privilege": "DetachLoadBalancerTargetGroups", "resource_types": [ { @@ -12787,7 +12895,7 @@ }, { "access_level": "Write", - "description": "Removes one or more load balancers from the specified Auto Scaling group.", + "description": "Grants permission to remove one or more load balancers from the specified Auto Scaling group", "privilege": "DetachLoadBalancers", "resource_types": [ { @@ -12809,7 +12917,7 @@ }, { "access_level": "Write", - "description": "Disables monitoring of the specified metrics for the specified Auto Scaling group.", + "description": "Grants permission to disable monitoring of the specified metrics for the specified Auto Scaling group", "privilege": "DisableMetricsCollection", "resource_types": [ { @@ -12824,7 +12932,7 @@ }, { "access_level": "Write", - "description": "Enables monitoring of the specified metrics for the specified Auto Scaling group.", + "description": "Grants permission to enable monitoring of the specified metrics for the specified Auto Scaling group", "privilege": "EnableMetricsCollection", "resource_types": [ { @@ -12839,7 +12947,7 @@ }, { "access_level": "Write", - "description": "Moves the specified instances into Standby mode.", + "description": "Grants permission to move the specified instances into Standby mode", "privilege": "EnterStandby", "resource_types": [ { @@ -12854,7 +12962,7 @@ }, { "access_level": "Write", - "description": "Executes the specified policy.", + "description": "Grants permission to execute the specified policy", "privilege": "ExecutePolicy", "resource_types": [ { @@ -12869,7 +12977,7 @@ }, { "access_level": "Write", - "description": "Moves the specified instances out of Standby mode.", + "description": "Grants permission to move the specified instances out of Standby mode", "privilege": "ExitStandby", "resource_types": [ { @@ -12884,7 +12992,7 @@ }, { "access_level": "Write", - "description": "Creates or updates a lifecycle hook for the specified Auto Scaling Group.", + "description": "Grants permission to create or update a lifecycle hook for the specified Auto Scaling Group", "privilege": "PutLifecycleHook", "resource_types": [ { @@ -12899,7 +13007,7 @@ }, { "access_level": "Write", - "description": "Configures an Auto Scaling group to send notifications when specified events take place.", + "description": "Grants permission to configure an Auto Scaling group to send notifications when specified events take place", "privilege": "PutNotificationConfiguration", "resource_types": [ { @@ -12914,7 +13022,7 @@ }, { "access_level": "Write", - "description": "Creates or updates a policy for an Auto Scaling group.", + "description": "Grants permission to create or update a policy for an Auto Scaling group", "privilege": "PutScalingPolicy", "resource_types": [ { @@ -12929,7 +13037,7 @@ }, { "access_level": "Write", - "description": "Creates or updates a scheduled scaling action for an Auto Scaling group.", + "description": "Grants permission to create or update a scheduled scaling action for an Auto Scaling group", "privilege": "PutScheduledUpdateGroupAction", "resource_types": [ { @@ -12967,7 +13075,7 @@ }, { "access_level": "Write", - "description": "Records a heartbeat for the lifecycle action associated with the specified token or instance.", + "description": "Grants permission to record a heartbeat for the lifecycle action associated with the specified token or instance", "privilege": "RecordLifecycleActionHeartbeat", "resource_types": [ { @@ -12982,7 +13090,7 @@ }, { "access_level": "Write", - "description": "Resumes the specified suspended Auto Scaling processes, or all suspended process, for the specified Auto Scaling group.", + "description": "Grants permission to resume the specified suspended Auto Scaling processes, or all suspended process, for the specified Auto Scaling group", "privilege": "ResumeProcesses", "resource_types": [ { @@ -12997,7 +13105,7 @@ }, { "access_level": "Write", - "description": "Sets the size of the specified Auto Scaling group.", + "description": "Grants permission to set the size of the specified Auto Scaling group", "privilege": "SetDesiredCapacity", "resource_types": [ { @@ -13012,7 +13120,7 @@ }, { "access_level": "Write", - "description": "Sets the health status of the specified instance.", + "description": "Grants permission to set the health status of the specified instance", "privilege": "SetInstanceHealth", "resource_types": [ { @@ -13027,7 +13135,7 @@ }, { "access_level": "Write", - "description": "Updates the instance protection settings of the specified instances.", + "description": "Grants permission to update the instance protection settings of the specified instances", "privilege": "SetInstanceProtection", "resource_types": [ { @@ -13057,7 +13165,7 @@ }, { "access_level": "Write", - "description": "Suspends the specified Auto Scaling processes, or all processes, for the specified Auto Scaling group.", + "description": "Grants permission to suspend the specified Auto Scaling processes, or all processes, for the specified Auto Scaling group", "privilege": "SuspendProcesses", "resource_types": [ { @@ -13072,7 +13180,7 @@ }, { "access_level": "Write", - "description": "Terminates the specified instance and optionally adjusts the desired group size.", + "description": "Grants permission to terminate the specified instance and optionally adjust the desired group size", "privilege": "TerminateInstanceInAutoScalingGroup", "resource_types": [ { @@ -13087,7 +13195,7 @@ }, { "access_level": "Write", - "description": "Updates the configuration for the specified Auto Scaling group.", + "description": "Grants permission to update the configuration for the specified Auto Scaling group", "privilege": "UpdateAutoScalingGroup", "resource_types": [ { @@ -13211,24 +13319,69 @@ "service_name": "AWS Auto Scaling" }, { - "conditions": [ + "conditions": [], + "prefix": "aws-marketplace", + "privileges": [ { - "condition": "aws-marketplace:AgreementType", - "description": "Enables you to control access based on the type of the agreement.", - "type": "String" + "access_level": "Write", + "description": "Grants permission to post metering records for a set of customers for SaaS applications", + "privilege": "BatchMeterUsage", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "aws-marketplace:PartyType", - "description": "Enables you to control access based on the party type of the agreement.", - "type": "String" + "access_level": "Write", + "description": "Grants permission to emit metering records", + "privilege": "MeterUsage", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to to verify that the customer running your paid software is subscribed to your product on AWS Marketplace, enabling you to guard against unauthorized use. Meters software use per ECS task, per hour, with usage prorated to the second", + "privilege": "RegisterUsage", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to resolve a registration token to obtain a CustomerIdentifier and product code", + "privilege": "ResolveCustomer", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] } ], + "resources": [], + "service_name": "AWS Marketplace Metering Service" + }, + { + "conditions": [], "prefix": "aws-marketplace", "privileges": [ { - "access_level": "Write", - "description": "Allows users to approve an incoming subscription request (for providers who provide products that require subscription verification).", - "privilege": "AcceptAgreementApprovalRequest", + "access_level": "Read", + "description": "Describes Image Builds identified by a build Id", + "privilege": "DescribeBuilds", "resource_types": [ { "condition_keys": [], @@ -13238,9 +13391,9 @@ ] }, { - "access_level": "Write", - "description": "Allows users to cancel pending subscription requests for products that require subscription verification.", - "privilege": "CancelAgreementRequest", + "access_level": "Read", + "description": "Lists Image Builds.", + "privilege": "ListBuilds", "resource_types": [ { "condition_keys": [], @@ -13250,9 +13403,35 @@ ] }, { - "access_level": "Read", - "description": "Returns metadata about the agreement.", - "privilege": "DescribeAgreement", + "access_level": "Write", + "description": "Starts an Image Build", + "privilege": "StartBuild", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + } + ], + "resources": [], + "service_name": "AWS Marketplace Image Building Service" + }, + { + "conditions": [ + { + "condition": "catalog:ChangeType", + "description": "Enables you to verify change type in the StartChangeSet request.", + "type": "String" + } + ], + "prefix": "aws-marketplace", + "privileges": [ + { + "access_level": "Write", + "description": "Cancels a running change set.", + "privilege": "CancelChangeSet", "resource_types": [ { "condition_keys": [], @@ -13262,9 +13441,9 @@ ] }, { - "access_level": "Read", - "description": "Allows users to view the details of their incoming subscription requests (for providers who provide products that require subscription verification).", - "privilege": "GetAgreementApprovalRequest", + "access_level": "Write", + "description": "Complete an existing task and submit the content to the associated change.", + "privilege": "CompleteTask", "resource_types": [ { "condition_keys": [], @@ -13275,8 +13454,8 @@ }, { "access_level": "Read", - "description": "Allows users to view the details of their subscription requests for data products that require subscription verification.", - "privilege": "GetAgreementRequest", + "description": "Returns the details of an existing change set.", + "privilege": "DescribeChangeSet", "resource_types": [ { "condition_keys": [], @@ -13286,9 +13465,9 @@ ] }, { - "access_level": "List", - "description": "Returns a list of terms for an agreement.", - "privilege": "GetAgreementTerms", + "access_level": "Read", + "description": "Returns the details of an existing entity.", + "privilege": "DescribeEntity", "resource_types": [ { "condition_keys": [], @@ -13298,9 +13477,9 @@ ] }, { - "access_level": "List", - "description": "Allows users to list their incoming subscription requests (for providers who provide products that require subscription verification).", - "privilege": "ListAgreementApprovalRequests", + "access_level": "Read", + "description": "Returns the details of an existing task.", + "privilege": "DescribeTask", "resource_types": [ { "condition_keys": [], @@ -13310,9 +13489,9 @@ ] }, { - "access_level": "List", - "description": "Allows users to list their subscription requests for products that require subscription verification.", - "privilege": "ListAgreementRequests", + "access_level": "Read", + "description": "Lists existing change sets.", + "privilege": "ListChangeSets", "resource_types": [ { "condition_keys": [], @@ -13322,9 +13501,9 @@ ] }, { - "access_level": "Write", - "description": "Allows users to decline an incoming subscription requests (for providers who provide products that require subscription verification).", - "privilege": "RejectAgreementApprovalRequest", + "access_level": "Read", + "description": "Lists existing entities.", + "privilege": "ListEntities", "resource_types": [ { "condition_keys": [], @@ -13335,8 +13514,8 @@ }, { "access_level": "List", - "description": "Allows users to search their agreements.", - "privilege": "SearchAgreements", + "description": "Lists existing tasks.", + "privilege": "ListTasks", "resource_types": [ { "condition_keys": [], @@ -13347,11 +13526,13 @@ }, { "access_level": "Write", - "description": "Allows users to subscribe to AWS Marketplace products. Includes the ability to send a subscription request for products that require subscription verification. Includes the ability to enable auto-renewal for an existing subscription.", - "privilege": "Subscribe", + "description": "Requests a new change set.", + "privilege": "StartChangeSet", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "catalog:ChangeType" + ], "dependent_actions": [], "resource_type": "" } @@ -13359,8 +13540,8 @@ }, { "access_level": "Write", - "description": "Allows users to remove subscriptions to AWS Marketplace products. Includes the ability to disable auto-renewal for an existing subscription.", - "privilege": "Unsubscribe", + "description": "Update the content of an existing task.", + "privilege": "UpdateTask", "resource_types": [ { "condition_keys": [], @@ -13368,11 +13549,50 @@ "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:aws-marketplace:${Region}:${Account}:${Catalog}/${EntityType}/${ResourceId}", + "condition_keys": [], + "resource": "Entity" }, { - "access_level": "Write", - "description": "Allows users to make changes to an incoming subscription request, including the ability to delete the prospective subscriber's information (for providers who provide products that require subscription verification).", - "privilege": "UpdateAgreementApprovalRequest", + "arn": "arn:${Partition}:aws-marketplace:${Region}:${Account}:${Catalog}/ChangeSet/${ResourceId}", + "condition_keys": [], + "resource": "ChangeSet" + } + ], + "service_name": "AWS Marketplace Catalog" + }, + { + "conditions": [], + "prefix": "aws-marketplace", + "privileges": [ + { + "access_level": "Read", + "description": "Retrieves entitlement values for a given product. The results can be filtered based on customer identifier or product dimensions", + "privilege": "GetEntitlements", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + } + ], + "resources": [], + "service_name": "AWS Marketplace Entitlement Service" + }, + { + "conditions": [], + "prefix": "aws-marketplace", + "privileges": [ + { + "access_level": "Read", + "description": "Describes the Procurement System integration configuration (e.g. Coupa) for the individual account, or for the entire AWS Organization if one exists. This action can only be performed by the master account if using an AWS Organization.", + "privilege": "DescribeProcurementSystemConfiguration", "resource_types": [ { "condition_keys": [], @@ -13382,9 +13602,9 @@ ] }, { - "access_level": "List", - "description": "Allows users to see their account's subscriptions.", - "privilege": "ViewSubscriptions", + "access_level": "Write", + "description": "Creates or updates the Procurement System integration configuration (e.g. Coupa) for the individual account, or for the entire AWS Organization if one exists. This action can only be performed by the master account if using an AWS Organization.", + "privilege": "PutProcurementSystemConfiguration", "resource_types": [ { "condition_keys": [], @@ -13395,13 +13615,18 @@ } ], "resources": [], - "service_name": "AWS Marketplace" + "service_name": "AWS Marketplace Procurement Systems Integration" }, { "conditions": [ { - "condition": "catalog:ChangeType", - "description": "Enables you to verify change type in the StartChangeSet request.", + "condition": "aws-marketplace:AgreementType", + "description": "Enables you to control access based on the type of the agreement.", + "type": "String" + }, + { + "condition": "aws-marketplace:PartyType", + "description": "Enables you to control access based on the party type of the agreement.", "type": "String" } ], @@ -13409,8 +13634,8 @@ "privileges": [ { "access_level": "Write", - "description": "Cancels a running change set.", - "privilege": "CancelChangeSet", + "description": "Allows users to approve an incoming subscription request (for providers who provide products that require subscription verification).", + "privilege": "AcceptAgreementApprovalRequest", "resource_types": [ { "condition_keys": [], @@ -13421,8 +13646,8 @@ }, { "access_level": "Write", - "description": "Complete an existing task and submit the content to the associated change.", - "privilege": "CompleteTask", + "description": "Allows users to cancel pending subscription requests for products that require subscription verification.", + "privilege": "CancelAgreementRequest", "resource_types": [ { "condition_keys": [], @@ -13433,8 +13658,8 @@ }, { "access_level": "Read", - "description": "Returns the details of an existing change set.", - "privilege": "DescribeChangeSet", + "description": "Returns metadata about the agreement.", + "privilege": "DescribeAgreement", "resource_types": [ { "condition_keys": [], @@ -13445,8 +13670,8 @@ }, { "access_level": "Read", - "description": "Returns the details of an existing entity.", - "privilege": "DescribeEntity", + "description": "Allows users to view the details of their incoming subscription requests (for providers who provide products that require subscription verification).", + "privilege": "GetAgreementApprovalRequest", "resource_types": [ { "condition_keys": [], @@ -13457,8 +13682,8 @@ }, { "access_level": "Read", - "description": "Returns the details of an existing task.", - "privilege": "DescribeTask", + "description": "Allows users to view the details of their subscription requests for data products that require subscription verification.", + "privilege": "GetAgreementRequest", "resource_types": [ { "condition_keys": [], @@ -13468,9 +13693,9 @@ ] }, { - "access_level": "Read", - "description": "Lists existing change sets.", - "privilege": "ListChangeSets", + "access_level": "List", + "description": "Returns a list of terms for an agreement.", + "privilege": "GetAgreementTerms", "resource_types": [ { "condition_keys": [], @@ -13480,9 +13705,9 @@ ] }, { - "access_level": "Read", - "description": "Lists existing entities.", - "privilege": "ListEntities", + "access_level": "List", + "description": "Allows users to list their incoming subscription requests (for providers who provide products that require subscription verification).", + "privilege": "ListAgreementApprovalRequests", "resource_types": [ { "condition_keys": [], @@ -13493,8 +13718,8 @@ }, { "access_level": "List", - "description": "Lists existing tasks.", - "privilege": "ListTasks", + "description": "Allows users to list their subscription requests for products that require subscription verification.", + "privilege": "ListAgreementRequests", "resource_types": [ { "condition_keys": [], @@ -13505,13 +13730,23 @@ }, { "access_level": "Write", - "description": "Requests a new change set.", - "privilege": "StartChangeSet", + "description": "Allows users to decline an incoming subscription requests (for providers who provide products that require subscription verification).", + "privilege": "RejectAgreementApprovalRequest", "resource_types": [ { - "condition_keys": [ - "catalog:ChangeType" - ], + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Allows users to search their agreements.", + "privilege": "SearchAgreements", + "resource_types": [ + { + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -13519,8 +13754,8 @@ }, { "access_level": "Write", - "description": "Update the content of an existing task.", - "privilege": "UpdateTask", + "description": "Allows users to subscribe to AWS Marketplace products. Includes the ability to send a subscription request for products that require subscription verification. Includes the ability to enable auto-renewal for an existing subscription.", + "privilege": "Subscribe", "resource_types": [ { "condition_keys": [], @@ -13528,21 +13763,46 @@ "resource_type": "" } ] - } - ], - "resources": [ + }, { - "arn": "arn:${Partition}:aws-marketplace:${Region}:${Account}:${Catalog}/${EntityType}/${ResourceId}", - "condition_keys": [], - "resource": "Entity" + "access_level": "Write", + "description": "Allows users to remove subscriptions to AWS Marketplace products. Includes the ability to disable auto-renewal for an existing subscription.", + "privilege": "Unsubscribe", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:aws-marketplace:${Region}:${Account}:${Catalog}/ChangeSet/${ResourceId}", - "condition_keys": [], - "resource": "ChangeSet" + "access_level": "Write", + "description": "Allows users to make changes to an incoming subscription request, including the ability to delete the prospective subscriber's information (for providers who provide products that require subscription verification).", + "privilege": "UpdateAgreementApprovalRequest", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Allows users to see their account's subscriptions.", + "privilege": "ViewSubscriptions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] } ], - "service_name": "AWS Marketplace Catalog" + "resources": [], + "service_name": "AWS Marketplace" }, { "conditions": [], @@ -13636,158 +13896,6 @@ "resources": [], "service_name": "AWS Private Marketplace" }, - { - "conditions": [], - "prefix": "aws-marketplace", - "privileges": [ - { - "access_level": "Write", - "description": "Called from a SaaS application listed on the AWS Marketplace to post metering records for a set of customers.", - "privilege": "BatchMeterUsage", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Emits metering records.", - "privilege": "MeterUsage", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Allows you to verify that the customer running your paid software is subscribed to your product on AWS Marketplace, enabling you to guard against unauthorized use. Meters software use per ECS task, per hour, with usage prorated to the second.", - "privilege": "RegisterUsage", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Resolves a registration token to obtain a CustomerIdentifier and product code.", - "privilege": "ResolveCustomer", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - } - ], - "resources": [], - "service_name": "AWS Marketplace Metering Service" - }, - { - "conditions": [], - "prefix": "aws-marketplace", - "privileges": [ - { - "access_level": "Read", - "description": "Describes the Procurement System integration configuration (e.g. Coupa) for the individual account, or for the entire AWS Organization if one exists. This action can only be performed by the master account if using an AWS Organization.", - "privilege": "DescribeProcurementSystemConfiguration", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Creates or updates the Procurement System integration configuration (e.g. Coupa) for the individual account, or for the entire AWS Organization if one exists. This action can only be performed by the master account if using an AWS Organization.", - "privilege": "PutProcurementSystemConfiguration", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - } - ], - "resources": [], - "service_name": "AWS Marketplace Procurement Systems Integration" - }, - { - "conditions": [], - "prefix": "aws-marketplace", - "privileges": [ - { - "access_level": "Read", - "description": "Describes Image Builds identified by a build Id", - "privilege": "DescribeBuilds", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Lists Image Builds.", - "privilege": "ListBuilds", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Starts an Image Build", - "privilege": "StartBuild", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - } - ], - "resources": [], - "service_name": "AWS Marketplace Image Building Service" - }, - { - "conditions": [], - "prefix": "aws-marketplace", - "privileges": [ - { - "access_level": "Read", - "description": "Retrieves entitlement values for a given product. The results can be filtered based on customer identifier or product dimensions", - "privilege": "GetEntitlements", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - } - ], - "resources": [], - "service_name": "AWS Marketplace Entitlement Service" - }, { "conditions": [], "prefix": "aws-marketplace-management", @@ -13946,7 +14054,7 @@ } ], "resources": [], - "service_name": "AWS Billing" + "service_name": "AWS Billing and Cost Management" }, { "conditions": [], @@ -15511,6 +15619,234 @@ ], "service_name": "AWS Budget Service" }, + { + "conditions": [ + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters actions based on tag key-value pairs attached to the resource", + "type": "String" + } + ], + "prefix": "bugbust", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create a BugBust event", + "privilege": "CreateEvent", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to evaluate checked-in profiling groups", + "privilege": "EvaluateProfilingGroups", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Event*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to view customer details about an event", + "privilege": "GetEvent", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Event*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to view the status of a BugBust player's attempt to join a BugBust event", + "privilege": "GetJoinEventStatus", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Event*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to join an event", + "privilege": "JoinEvent", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Event*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to view the bugs that were imported into an event for players to work on", + "privilege": "ListBugs", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "codeguru-reviewer:DescribeCodeReview", + "codeguru-reviewer:ListRecommendations" + ], + "resource_type": "Event*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "codereview" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to view the participants of an event", + "privilege": "ListEventParticipants", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Event*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to view the scores of an event's players", + "privilege": "ListEventScores", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Event*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to List BugBust events", + "privilege": "ListEvents", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to view the profiling groups that were imported into an event for players to work on", + "privilege": "ListProfilingGroups", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Event*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to view the pull requests used by players to submit fixes to their claimed bugs in an event", + "privilege": "ListPullRequests", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Event*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a BugBust event", + "privilege": "UpdateEvent", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "codeguru-profiler:DescribeProfilingGroup", + "codeguru-profiler:ListProfilingGroups", + "codeguru-reviewer:DescribeCodeReview", + "codeguru-reviewer:ListCodeReviews", + "codeguru-reviewer:ListRecommendations", + "codeguru-reviewer:TagResource", + "codeguru-reviewer:UnTagResource" + ], + "resource_type": "Event*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ProfilingGroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "codereview" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a work item as claimed or unclaimed (bug or profiling group)", + "privilege": "UpdateWorkItem", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Event*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update an event's work item (bug or profiling group)", + "privilege": "UpdateWorkItemAdmin", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Event*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:codeguru-reviewer::${Account}:.+:.+", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "codereview" + }, + { + "arn": "arn:${Partition}:codeguru-profiler:${Region}:${Account}:profilingGroup/${profilingGroupName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "ProfilingGroup" + }, + { + "arn": "arn:${Partition}:bugbust:${Region}:${Account}:events/${EventId}", + "condition_keys": [], + "resource": "Event" + } + ], + "service_name": "AWS BugBust" + }, { "conditions": [ { @@ -16497,6 +16833,23 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to add multiple users to a channel", + "privilege": "BatchCreateChannelMembership", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-instance-user*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to batch add room members", @@ -16788,6 +17141,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a media capture pipeline", + "privilege": "CreateMediaCapturePipeline", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a new Amazon Chime SDK meeting in the specified media Region, with no initial attendees", @@ -17198,6 +17563,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a media capture pipeline", + "privilege": "DeleteMediaCapturePipeline", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete the specified Amazon Chime SDK meeting", @@ -17748,6 +18125,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get an existing media capture pipeline", + "privilege": "GetMediaCapturePipeline", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get the meeting record for a specified meeting ID", @@ -18393,6 +18782,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list media capture pipelines", + "privilege": "ListMediaCapturePipelines", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list all events that occurred for a specified meeting", @@ -19287,6 +19688,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update an Amazon Chime SIP media application call under the administrator's AWS account", + "privilege": "UpdateSipMediaApplicationCall", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update properties of Amazon Chime SIP rule under the administrator's AWS account", @@ -19393,21 +19806,21 @@ "resource": "meeting" }, { - "arn": "arn:${Partition}:chime::${AccountId}:app-instance/${AppInstanceId}", + "arn": "arn:${Partition}:chime:${Region}:${AccountId}:app-instance/${AppInstanceId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], "resource": "app-instance" }, { - "arn": "arn:${Partition}:chime::${AccountId}:app-instance/${AppInstanceId}/user/${AppInstanceUserId}", + "arn": "arn:${Partition}:chime:${Region}:${AccountId}:app-instance/${AppInstanceId}/user/${AppInstanceUserId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], "resource": "app-instance-user" }, { - "arn": "arn:${Partition}:chime::${AccountId}:app-instance/${AppInstanceId}/channel/${ChannelId}", + "arn": "arn:${Partition}:chime:${Region}:${AccountId}:app-instance/${AppInstanceId}/channel/${ChannelId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], @@ -20772,6 +21185,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "DeactivateType", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete the specified change set. Deleting change sets ensures that no one executes the wrong change set", @@ -20887,6 +21312,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "DescribePublisher", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to return information about a stack drift detection operation", @@ -21271,6 +21708,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "PublishType", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to record the handler progress", @@ -21283,6 +21732,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "RegisterPublisher", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to register a new CloudFormation type", @@ -21314,6 +21775,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "SetTypeConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to set which version of a CloudFormation type applies to CloudFormation operations", @@ -21367,6 +21840,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "TestType", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Tagging", "description": "Grants permission to untag cloudformation resources", @@ -21540,6 +22025,18 @@ ], "prefix": "cloudfront", "privileges": [ + { + "access_level": "Unknown", + "description": "", + "privilege": "AssociateAlias", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "This action adds a new cache policy to CloudFront.", @@ -21620,6 +22117,18 @@ } ] }, + { + "access_level": "Write", + "description": "This action creates a CloudFront function", + "privilege": "CreateFunction", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "This action creates a new invalidation batch request.", @@ -21784,6 +22293,18 @@ } ] }, + { + "access_level": "Write", + "description": "This action deletes a CloudFront function", + "privilege": "DeleteFunction", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "This action deletes a key group", @@ -21856,6 +22377,18 @@ } ] }, + { + "access_level": "Read", + "description": "This action gets a CloudFront function summary", + "privilege": "DescribeFunction", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Get the cache policy", @@ -21976,6 +22509,18 @@ } ] }, + { + "access_level": "Read", + "description": "This action gets a CloudFront function's code", + "privilege": "GetFunction", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Get the information about an invalidation.", @@ -22132,6 +22677,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "ListConflictingAliases", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "List the distributions associated with your AWS account.", @@ -22228,6 +22785,18 @@ } ] }, + { + "access_level": "List", + "description": "This action gets a list of CloudFront functions", + "privilege": "ListFunctions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "List your invalidation batches.", @@ -22317,6 +22886,18 @@ } ] }, + { + "access_level": "Write", + "description": "This action publishes a CloudFront function", + "privilege": "PublishFunction", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Tagging", "description": "Add tags to a CloudFront resource.", @@ -22342,6 +22923,18 @@ } ] }, + { + "access_level": "Write", + "description": "This action tests a CloudFront function", + "privilege": "TestFunction", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Tagging", "description": "Remove tags from a CloudFront resource.", @@ -22426,6 +23019,18 @@ } ] }, + { + "access_level": "Write", + "description": "This action updates a CloudFront function", + "privilege": "UpdateFunction", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "This action updates a key group", @@ -22531,6 +23136,11 @@ "arn": "arn:${Partition}:cloudfront::${Account}:realtime-log-config/${Name}", "condition_keys": [], "resource": "realtime-log-config" + }, + { + "arn": "arn:${Partition}:cloudfront::${Account}:function/${Name}", + "condition_keys": [], + "resource": "function" } ], "service_name": "Amazon CloudFront" @@ -23432,7 +24042,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to connect to a CloudShell environment from the AWS Console", + "description": "Grants permissions to connect to a CloudShell environment from the AWS Management Console", "privilege": "CreateSession", "resource_types": [ { @@ -23785,6 +24395,11 @@ "description": "Filters actions based on the presence of mandatory tags in the request", "type": "String" }, + { + "condition": "cloudwatch:AlarmActions", + "description": "Filters actions based on defined alarm actions", + "type": "String" + }, { "condition": "cloudwatch:namespace", "description": "Filters actions based on the presence of optional namespace values", @@ -24111,7 +24726,8 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "cloudwatch:AlarmActions" ], "dependent_actions": [], "resource_type": "" @@ -24163,7 +24779,8 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "cloudwatch:AlarmActions" ], "dependent_actions": [], "resource_type": "" @@ -27809,10 +28426,20 @@ }, { "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access based on the presence of tag key-value pairs in the request", + "type": "String" + }, { "condition": "aws:ResourceTag/${TagKey}", "description": "Filters actions based on tag key-value pairs attached to the resource", "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access based on the presence of tag keys in the request", + "type": "String" } ], "prefix": "codeguru-reviewer", @@ -27846,6 +28473,14 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "repository" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -27860,6 +28495,13 @@ "s3:GetObject" ], "resource_type": "association*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -27884,6 +28526,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "association*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -27896,6 +28545,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "association*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -27908,6 +28564,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "association*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -27924,6 +28587,13 @@ "events:RemoveTargets" ], "resource_type": "association*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -27960,6 +28630,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "association*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -27972,6 +28649,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "association*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -27996,6 +28680,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "association*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -28020,6 +28711,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "association*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -28032,6 +28730,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "association*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -28044,6 +28749,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "association*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] } @@ -32749,6 +33461,21 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to export EBS volume recommendations to S3 for the provided accounts", + "privilege": "ExportEBSVolumeRecommendations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "compute-optimizer:GetEBSVolumeRecommendations", + "ec2:DescribeVolumes" + ], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to export EC2 instance recommendations to S3 for the provided accounts", @@ -32764,6 +33491,22 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to export Lambda function recommendations to S3 for the provided accounts", + "privilege": "ExportLambdaFunctionRecommendations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "compute-optimizer:GetLambdaFunctionRecommendations", + "lambda:ListFunctions", + "lambda:ListProvisionedConcurrencyConfigs" + ], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to get recommendations for the provided autoscaling groups", @@ -33812,7 +34555,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "iam:PassRole" + ], "resource_type": "RemediationConfiguration*" } ] @@ -33920,7 +34665,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "iam:PassRole" + ], "resource_type": "RemediationConfiguration*" } ] @@ -34103,6 +34850,33 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permissions to associate a Lex bot for an existing Amazon Connect instance. The associated required actions grant permission to modify the settings for the instance.", + "privilege": "AssociateBot", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iam:AttachRolePolicy", + "iam:CreateServiceLinkedRole", + "iam:PutRolePolicy", + "lex:DeleteResourcePolicy", + "lex:DescribeBotAlias", + "lex:GetBot", + "lex:UpdateResourcePolicy" + ], + "resource_type": "instance*" } ] }, @@ -34146,7 +34920,8 @@ }, { "condition_keys": [ - "connect:StorageResourceType" + "connect:StorageResourceType", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -34164,6 +34939,13 @@ "lambda:AddPermission" ], "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -34181,6 +34963,13 @@ "lex:GetBot" ], "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -34201,7 +34990,8 @@ }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -34225,7 +35015,8 @@ }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -34241,6 +35032,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -34257,7 +35055,8 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -34308,6 +35107,15 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "integration-association*" + }, + { + "condition_keys": [ + "connect:InstanceId", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -34344,7 +35152,8 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -34379,7 +35188,8 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -34404,7 +35214,8 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -34433,6 +35244,15 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "use-case*" + }, + { + "condition_keys": [ + "connect:InstanceId", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -34464,7 +35284,8 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -34480,6 +35301,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "hierarchy-group" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -34496,6 +35324,13 @@ "ds:UnauthorizeApplication" ], "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -34520,6 +35355,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "integration-association*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -34535,7 +35377,8 @@ }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -34559,6 +35402,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "use-case*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -34574,7 +35424,8 @@ }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -34590,6 +35441,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "hierarchy-group*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -34605,7 +35463,8 @@ }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -34621,6 +35480,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "hours-of-operation*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -34635,6 +35501,13 @@ "ds:DescribeDirectories" ], "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -34650,7 +35523,8 @@ }, { "condition_keys": [ - "connect:AttributeType" + "connect:AttributeType", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -34669,7 +35543,8 @@ }, { "condition_keys": [ - "connect:StorageResourceType" + "connect:StorageResourceType", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -34688,7 +35563,8 @@ }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -34707,7 +35583,8 @@ }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -34726,7 +35603,8 @@ }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -34745,7 +35623,8 @@ }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -34761,6 +35640,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "hierarchy-group*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -34773,6 +35659,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -34785,6 +35678,31 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permissions to disassociate a Lex bot for an existing Amazon Connect instance. The associated required actions grant permission to modify the settings for the instance.", + "privilege": "DisassociateBot", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iam:AttachRolePolicy", + "iam:CreateServiceLinkedRole", + "iam:PutRolePolicy", + "lex:DeleteResourcePolicy", + "lex:UpdateResourcePolicy" + ], + "resource_type": "instance*" } ] }, @@ -34819,7 +35737,8 @@ }, { "condition_keys": [ - "connect:StorageResourceType" + "connect:StorageResourceType", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -34837,6 +35756,13 @@ "lambda:RemovePermission" ], "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -34853,6 +35779,13 @@ "iam:PutRolePolicy" ], "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -34873,7 +35806,8 @@ }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -34892,7 +35826,8 @@ }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -34908,6 +35843,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -34920,6 +35862,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "contact*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -34932,6 +35881,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "queue*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -34979,6 +35935,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "queue*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -34986,6 +35949,25 @@ "access_level": "List", "description": "Grants permissions to view approved origins of an existing Amazon Connect instance", "privilege": "ListApprovedOrigins", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permissions to view the Lex bots of an existing Amazon Connect instance", + "privilege": "ListBots", "resource_types": [ { "condition_keys": [], @@ -35015,6 +35997,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -35027,6 +36016,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -35039,6 +36035,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -35068,6 +36071,13 @@ "ds:DescribeDirectories" ], "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -35080,6 +36090,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -35092,6 +36109,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -35116,6 +36140,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -35131,7 +36162,8 @@ }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -35186,7 +36218,8 @@ }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -35202,6 +36235,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -35214,6 +36254,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -35226,6 +36273,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -35280,6 +36334,13 @@ "ds:DescribeDirectories" ], "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -35292,6 +36353,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -35304,6 +36372,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -35364,6 +36439,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "contact-flow*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -35376,6 +36458,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "contact*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -35493,6 +36582,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "contact*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -35508,7 +36604,8 @@ }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -35527,7 +36624,8 @@ }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -35552,7 +36650,8 @@ }, { "condition_keys": [ - "connect:AttributeType" + "connect:AttributeType", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -35582,7 +36681,8 @@ }, { "condition_keys": [ - "connect:StorageResourceType" + "connect:StorageResourceType", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -35606,7 +36706,8 @@ }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -35625,7 +36726,8 @@ }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -35644,7 +36746,8 @@ }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -35673,7 +36776,8 @@ }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -35692,7 +36796,8 @@ }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -35726,7 +36831,8 @@ }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -35745,7 +36851,8 @@ }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -35764,7 +36871,8 @@ }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -35788,7 +36896,8 @@ }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -35807,7 +36916,8 @@ }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -35826,7 +36936,8 @@ }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -35850,7 +36961,8 @@ }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -35866,6 +36978,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "hierarchy-group*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -35878,6 +36997,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -35893,7 +37019,8 @@ }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -35912,7 +37039,8 @@ }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -35936,7 +37064,8 @@ }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -35960,7 +37089,8 @@ }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -36036,12 +37166,16 @@ }, { "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/integration-association/${IntegrationAssociationId}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "integration-association" }, { "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/use-case/${UseCaseId}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "use-case" } ], @@ -37332,6 +38466,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to publish a data set.", + "privilege": "PublishDataSet", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "data-sets*" + } + ] + }, { "access_level": "Write", "description": "Grants permissions to start a job.", @@ -40283,7 +41429,13 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateNetworkInterface", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "iam:CreateServiceLinkedRole" + ], "resource_type": "" } ] @@ -41321,7 +42473,13 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateNetworkInterface", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "iam:CreateServiceLinkedRole" + ], "resource_type": "testgrid-project*" } ] @@ -41917,6 +43075,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "AssociateMacSecKey", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Associates a virtual interface with a specified link aggregation group (LAG) or connection.", @@ -42505,6 +43675,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "DisassociateMacSecKey", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Lists the virtual interface failover test history.", @@ -42600,6 +43782,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "UpdateConnection", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Updates the specified attributes of the Direct Connect gateway association.", @@ -43475,6 +44669,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "DescribeEndpointSettings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to return information about the type of endpoints available", @@ -43547,6 +44753,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "DescribePendingMaintenanceActions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to returns the status of the RefreshSchemas operation", @@ -45950,6 +47168,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "snapshot*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -45962,6 +47187,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "snapshot*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -45974,6 +47206,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "snapshot*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -45986,6 +47225,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "snapshot*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -45998,6 +47244,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "snapshot*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -46014,7 +47267,11 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ebs:Description", + "ebs:ParentSnapshot", + "ebs:VolumeSize" ], "dependent_actions": [], "resource_type": "" @@ -47483,7 +48740,7 @@ }, { "access_level": "Write", - "description": "Grants permission to create a carrier gateway and provides CSP connectivity to VPC customers.", + "description": "Grants permission to create a carrier gateway and provides CSP connectivity to VPC customers", "privilege": "CreateCarrierGateway", "resource_types": [ { @@ -48427,6 +49684,42 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a root volume replacement task", + "privilege": "CreateReplaceRootVolumeTask", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:EbsOptimized", + "ec2:InstanceProfile", + "ec2:InstanceType", + "ec2:PlacementGroup", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType", + "ec2:Tenancy" + ], + "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Owner", + "ec2:ParentVolume", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:SnapshotTime", + "ec2:VolumeSize" + ], + "dependent_actions": [], + "resource_type": "snapshot" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a listing for Standard Reserved Instances to be sold in the Reserved Instance Marketplace", @@ -48447,6 +49740,26 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to start a task that restores an AMI from an S3 object previously created by using CreateStoreImageTask", + "privilege": "CreateRestoreImageTask", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:ImageType", + "ec2:Owner", + "ec2:Public", + "ec2:Region", + "ec2:RootDeviceType" + ], + "dependent_actions": [], + "resource_type": "image*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a route in a VPC route table", @@ -48624,8 +49937,7 @@ "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", - "ec2:Region", - "ec2:Vpc" + "ec2:Region" ], "dependent_actions": [], "resource_type": "security-group*" @@ -48651,10 +49963,12 @@ "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", + "ec2:OutpostArn", "ec2:Owner", "ec2:ParentVolume", "ec2:Region", "ec2:SnapshotTime", + "ec2:SourceOutpostArn", "ec2:VolumeSize" ], "dependent_actions": [], @@ -48743,6 +50057,21 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to store an AMI as a single object in an S3 bucket", + "privilege": "CreateStoreImageTask", + "resource_types": [ + { + "condition_keys": [ + "ec2:Owner", + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "image*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a subnet in a VPC", @@ -49107,6 +50436,15 @@ "dependent_actions": [], "resource_type": "prefix-list" }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "replace-root-volume-task" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", @@ -49728,19 +51066,6 @@ ], "dependent_actions": [], "resource_type": "volume*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:Owner", - "ec2:ParentVolume", - "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:SnapshotTime", - "ec2:VolumeSize" - ], - "dependent_actions": [], - "resource_type": "snapshot" } ] }, @@ -49753,8 +51078,7 @@ "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", - "ec2:Region", - "ec2:Tenancy" + "ec2:Region" ], "dependent_actions": [], "resource_type": "vpc*" @@ -50889,6 +52213,15 @@ "dependent_actions": [], "resource_type": "prefix-list" }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "replace-root-volume-task" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", @@ -52520,6 +53853,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to describe a root volume replacement task", + "privilege": "DescribeReplaceRootVolumeTasks", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to describe one or more purchased Reserved Instances in your account", @@ -52736,6 +54081,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to describe the progress of the AMI store tasks", + "privilege": "DescribeStoreImageTasks", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to describe one or more subnets", @@ -53289,6 +54646,26 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to cancel the deprecation of the specified AMI", + "privilege": "DisableImageDeprecation", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ImageType", + "ec2:Owner", + "ec2:Public", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType" + ], + "dependent_actions": [], + "resource_type": "image*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to disable access to the EC2 serial console of all instances for your account", @@ -53645,6 +55022,26 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to enable deprecation of the specified AMI at the specified date and time.", + "privilege": "EnableImageDeprecation", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ImageType", + "ec2:Owner", + "ec2:Public", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType" + ], + "dependent_actions": [], + "resource_type": "image*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to enable access to the EC2 serial console of all instances for your account", @@ -53983,6 +55380,22 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to generate a CloudFormation template to streamline the integration of VPC flow logs with Amazon Athena", + "privilege": "GetFlowLogsIntegrationTemplate", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "vpc-flow-log*" + } + ] + }, { "access_level": "List", "description": "Grants permission to list the resource groups to which a Capacity Reservation has been added", @@ -54974,6 +56387,15 @@ ], "dependent_actions": [], "resource_type": "spot-fleet-request*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "launch-template" } ] }, @@ -56168,6 +57590,15 @@ "description": "Grants permission to create a Spot Fleet request", "privilege": "RequestSpotFleet", "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "launch-template" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", @@ -57467,6 +58898,17 @@ ], "resource": "prefix-list" }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:replace-root-volume-task/${ReplaceRootVolumeTaskId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "replace-root-volume-task" + }, { "arn": "arn:${Partition}:ec2:${Region}:${Account}:reserved-instances/${ReservationId}", "condition_keys": [ @@ -66734,6 +68176,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "DescribeDomainAutoTunes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to view a description of the domain configuration for the specified Amazon ES domain, including the domain ID, domain service endpoint, and domain ARN.", @@ -72409,7 +73863,7 @@ ] }, { - "access_level": "Write", + "access_level": "Read", "description": "Grants permission to retrieve fresh upload credentials to use when uploading a new game build", "privilege": "RequestUploadCredentials", "resource_types": [ @@ -72879,7 +74333,23 @@ "service_name": "Amazon GameLift" }, { - "conditions": [], + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by a tag's key and value in a request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters actions based on the presence of tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys in a request", + "type": "String" + } + ], "prefix": "geo", "privileges": [ { @@ -72894,6 +74364,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a batch of device position histories from a tracker resource", + "privilege": "BatchDeleteDevicePositionHistory", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "tracker*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a batch of geofences from a geofence collection", @@ -72954,6 +74436,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to calculate routes using a given route calculator resource", + "privilege": "CalculateRoute", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "route-calculator*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a geofence-collection", @@ -72963,6 +74457,14 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "geofence-collection*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -72975,6 +74477,14 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "map*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -72987,6 +74497,34 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "place-index*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a route calculator resource", + "privilege": "CreateRouteCalculator", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "route-calculator*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -72999,12 +74537,20 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "tracker*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to deletes a geofence-collection", + "description": "Grants permission to delete a geofence-collection", "privilege": "DeleteGeofenceCollection", "resource_types": [ { @@ -73038,6 +74584,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a route calculator resource", + "privilege": "DeleteRouteCalculator", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "route-calculator*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a tracker resource", @@ -73052,7 +74610,7 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve a geofence collection details", + "description": "Grants permission to retrieve geofence collection details", "privilege": "DescribeGeofenceCollection", "resource_types": [ { @@ -73064,7 +74622,7 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve a map resource details", + "description": "Grants permission to retrieve map resource details", "privilege": "DescribeMap", "resource_types": [ { @@ -73076,7 +74634,7 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve a a place-index resource details", + "description": "Grants permission to retrieve place-index resource details", "privilege": "DescribePlaceIndex", "resource_types": [ { @@ -73086,6 +74644,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve route calculator resource details", + "privilege": "DescribeRouteCalculator", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "route-calculator*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve a tracker resource details", @@ -73195,14 +74765,14 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieves the map TileJSON details from a given map resource", - "privilege": "GetMapTileJson", + "access_level": "List", + "description": "Grants permission to retrieve a list of devices and their latest positions from the given tracker resource", + "privilege": "ListDevicePositions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "map*" + "resource_type": "tracker*" } ] }, @@ -73254,6 +74824,50 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to return a list of route calculator resources", + "privilege": "ListRouteCalculators", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list the tags (metadata) which you have assigned to the resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "geofence-collection" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "map" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "place-index" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "route-calculator" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "tracker" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve a list of geofence collections currently associated to the given tracker resource", @@ -73314,6 +74928,86 @@ } ] }, + { + "access_level": "Tagging", + "description": "Grants permission to adds to or modifies the tags of the given resource. Tags are metadata which can be used to manage a resource", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "geofence-collection" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "map" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "place-index" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "route-calculator" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "tracker" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to remove the given tags (metadata) from the resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "geofence-collection" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "map" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "place-index" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "route-calculator" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "tracker" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update the description of a geofence collection", @@ -73342,22 +75036,37 @@ "resources": [ { "arn": "arn:${Partition}:geo:${Region}:${Account}:geofence-collection/${GeofenceCollectionName}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "geofence-collection" }, { "arn": "arn:${Partition}:geo:${Region}:${Account}:map/${MapName}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "map" }, { "arn": "arn:${Partition}:geo:${Region}:${Account}:place-index/${IndexName}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "place-index" }, + { + "arn": "arn:${Partition}:geo:${Region}:${Account}:route-calculator/${CalculatorName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "route-calculator" + }, { "arn": "arn:${Partition}:geo:${Region}:${Account}:tracker/${TrackerName}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "tracker" } ], @@ -76910,7 +78619,7 @@ ], "resources": [ { - "arn": "arn:${Partition}:grafana::${Region}:${Account}:workspaces/${ResourceId}", + "arn": "arn:${Partition}:grafana::${Region}:${Account}:/workspaces/${ResourceId}", "condition_keys": [], "resource": "workspace" } @@ -76921,27 +78630,27 @@ "conditions": [ { "condition": "aws:CurrentTime", - "description": "Filters access by checking date/time conditions for the current date and time", + "description": "Filters actions based on date/time conditions for the current date and time", "type": "Date" }, { "condition": "aws:EpochTime", - "description": "Filters access by checking date/time conditions for the current date and time in epoch or Unix time", + "description": "Filters actions based on date/time conditions for the current date and time in epoch or Unix time", "type": "Date" }, { "condition": "aws:MultiFactorAuthAge", - "description": "Filters access by checking how long ago (in seconds) the security credentials validated by multi-factor authentication (MFA) in the request were issued using MFA", + "description": "Filters actions based on how long ago (in seconds) the security credentials validated by multi-factor authentication (MFA) in the request were issued using MFA", "type": "Numeric" }, { "condition": "aws:MultiFactorAuthPresent", - "description": "Filters access by checking whether multi-factor authentication (MFA) was used to validate the temporary security credentials that made the current request", + "description": "Filters actions based on whether multi-factor authentication (MFA) was used to validate the temporary security credentials that made the current request", "type": "Boolean" }, { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters create requests based on the allowed set of values for each of the mandatory tags", + "description": "Filters actions based on the allowed set of values for each of the mandatory tags", "type": "String" }, { @@ -76951,17 +78660,17 @@ }, { "condition": "aws:SecureTransport", - "description": "Filters access by checking whether the request was sent using SSL", + "description": "Filters actions based on whether the request was sent using SSL", "type": "Boolean" }, { "condition": "aws:TagKeys", - "description": "Filters create requests based on the presence of mandatory tags in the request", + "description": "Filters actions based on the presence of mandatory tags in the request", "type": "String" }, { "condition": "aws:UserAgent", - "description": "Filters access by the requester's client application", + "description": "Filters actions based on the requester's client application", "type": "String" } ], @@ -76969,460 +78678,44 @@ "privileges": [ { "access_level": "Write", - "description": "Grants permission to cancel a deployment", - "privilege": "CancelDeployment", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "iot:CancelJob", - "iot:DeleteThingShadow", - "iot:DescribeJob", - "iot:DescribeThing", - "iot:DescribeThingGroup", - "iot:GetThingShadow", - "iot:UpdateJob", - "iot:UpdateThingShadow" - ], - "resource_type": "deployment*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a component", - "privilege": "CreateComponentVersion", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "component*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a deployment", - "privilege": "CreateDeployment", - "resource_types": [ - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "iot:CancelJob", - "iot:CreateJob", - "iot:DeleteThingShadow", - "iot:DescribeJob", - "iot:DescribeThing", - "iot:DescribeThingGroup", - "iot:GetThingShadow", - "iot:UpdateJob", - "iot:UpdateThingShadow" - ], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a component", - "privilege": "DeleteComponent", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "componentVersion*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a AWS IoT Greengrass core device, which is an AWS IoT thing. This operation removes the core device from the list of core devices. This operation doesn't delete the AWS IoT thing", - "privilege": "DeleteCoreDevice", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "iot:DescribeJobExecution" - ], - "resource_type": "coreDevice*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve metadata for a version of a component", - "privilege": "DescribeComponent", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "componentVersion*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get the recipe for a version of a component", - "privilege": "GetComponent", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "componentVersion*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get the pre-signed URL to download a public component artifact", - "privilege": "GetComponentVersionArtifact", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "componentVersion*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieves metadata for a AWS IoT Greengrass core device", - "privilege": "GetCoreDevice", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "coreDevice*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get a deployment", - "privilege": "GetDeployment", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "iot:DescribeJob", - "iot:DescribeThing", - "iot:DescribeThingGroup", - "iot:GetThingShadow" - ], - "resource_type": "deployment*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to retrieve a paginated list of all versions for a component", - "privilege": "ListComponentVersions", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "component*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to retrieve a paginated list of component summaries", - "privilege": "ListComponents", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to retrieve a paginated list of AWS IoT Greengrass core devices", - "privilege": "ListCoreDevices", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to retrieves a paginated list of deployments", - "privilege": "ListDeployments", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "iot:DescribeJob", - "iot:DescribeThing", - "iot:DescribeThingGroup", - "iot:GetThingShadow" - ], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to retrieves a paginated list of deployment jobs that AWS IoT Greengrass sends to AWS IoT Greengrass core devices", - "privilege": "ListEffectiveDeployments", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "iot:DescribeJob", - "iot:DescribeJobExecution", - "iot:DescribeThing", - "iot:DescribeThingGroup", - "iot:GetThingShadow" - ], - "resource_type": "coreDevice*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to retrieve a paginated list of the components that a AWS IoT Greengrass core device runs", - "privilege": "ListInstalledComponents", + "description": "Grants permission to associate a role with a group. The role's permissions must allow Greengrass core Lambda functions and connectors to perform actions in other AWS services", + "privilege": "AssociateRoleToGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "coreDevice*" + "resource_type": "group*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the tags for a resource", - "privilege": "ListTagsForResource", + "access_level": "Permissions management", + "description": "Grants permission to associate a role with your account. AWS IoT Greengrass uses this role to access your Lambda functions and AWS IoT resources", + "privilege": "AssociateServiceRoleToAccount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "component" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "componentVersion" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "coreDevice" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "deployment" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list components that meet the component, version, and platform requirements of a deployment", - "privilege": "ResolveComponentCandidates", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "componentVersion*" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to add tags to a resource", - "privilege": "TagResource", + "access_level": "Unknown", + "description": "", + "privilege": "BatchAssociateClientDeviceWithCoreDevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "component" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "componentVersion" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "coreDevice" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "deployment" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from a resource", - "privilege": "UntagResource", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "component" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "componentVersion" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "coreDevice" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "deployment" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:components:${ComponentName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "component" - }, - { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:components:${ComponentName}:versions:${ComponentVersion}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "componentVersion" - }, - { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:coreDevices:${CoreDeviceThingName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "coreDevice" - }, - { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:deployments:${DeploymentId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "deployment" - } - ], - "service_name": "AWS IoT Greengrass V2" - }, - { - "conditions": [ - { - "condition": "aws:CurrentTime", - "description": "Filters actions based on date/time conditions for the current date and time", - "type": "Date" - }, - { - "condition": "aws:EpochTime", - "description": "Filters actions based on date/time conditions for the current date and time in epoch or Unix time", - "type": "Date" - }, - { - "condition": "aws:MultiFactorAuthAge", - "description": "Filters actions based on how long ago (in seconds) the security credentials validated by multi-factor authentication (MFA) in the request were issued using MFA", - "type": "Numeric" - }, - { - "condition": "aws:MultiFactorAuthPresent", - "description": "Filters actions based on whether multi-factor authentication (MFA) was used to validate the temporary security credentials that made the current request", - "type": "Boolean" - }, - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the allowed set of values for each of the mandatory tags", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on the tag value associated with the resource", - "type": "String" - }, - { - "condition": "aws:SecureTransport", - "description": "Filters actions based on whether the request was sent using SSL", - "type": "Boolean" - }, - { - "condition": "aws:TagKeys", - "description": "Filters actions based on the presence of mandatory tags in the request", - "type": "String" - }, - { - "condition": "aws:UserAgent", - "description": "Filters actions based on the requester's client application", - "type": "String" - } - ], - "prefix": "greengrass", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to associate a role with a group. The role's permissions must allow Greengrass core Lambda functions and connectors to perform actions in other AWS services", - "privilege": "AssociateRoleToGroup", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "group*" - } - ] - }, - { - "access_level": "Permissions management", - "description": "Grants permission to associate a role with your account. AWS IoT Greengrass uses this role to access your Lambda functions and AWS IoT resources", - "privilege": "AssociateServiceRoleToAccount", + "access_level": "Unknown", + "description": "", + "privilege": "BatchDisassociateClientDeviceFromCoreDevice", "resource_types": [ { "condition_keys": [], @@ -78177,6 +79470,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "ListClientDevicesAssociatedWithCoreDevice", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list the versions of a connector definition", @@ -78873,6 +80178,482 @@ ], "service_name": "AWS IoT Greengrass" }, + { + "conditions": [ + { + "condition": "aws:CurrentTime", + "description": "Filters access by checking date/time conditions for the current date and time", + "type": "Date" + }, + { + "condition": "aws:EpochTime", + "description": "Filters access by checking date/time conditions for the current date and time in epoch or Unix time", + "type": "Date" + }, + { + "condition": "aws:MultiFactorAuthAge", + "description": "Filters access by checking how long ago (in seconds) the security credentials validated by multi-factor authentication (MFA) in the request were issued using MFA", + "type": "Numeric" + }, + { + "condition": "aws:MultiFactorAuthPresent", + "description": "Filters access by checking whether multi-factor authentication (MFA) was used to validate the temporary security credentials that made the current request", + "type": "Boolean" + }, + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters create requests based on the allowed set of values for each of the mandatory tags", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters actions based on the tag value associated with the resource", + "type": "String" + }, + { + "condition": "aws:SecureTransport", + "description": "Filters access by checking whether the request was sent using SSL", + "type": "Boolean" + }, + { + "condition": "aws:TagKeys", + "description": "Filters create requests based on the presence of mandatory tags in the request", + "type": "String" + }, + { + "condition": "aws:UserAgent", + "description": "Filters access by the requester's client application", + "type": "String" + } + ], + "prefix": "greengrass", + "privileges": [ + { + "access_level": "Unknown", + "description": "", + "privilege": "BatchAssociateClientDeviceWithCoreDevice", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "BatchDisassociateClientDeviceFromCoreDevice", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to cancel a deployment", + "privilege": "CancelDeployment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iot:CancelJob", + "iot:DeleteThingShadow", + "iot:DescribeJob", + "iot:DescribeThing", + "iot:DescribeThingGroup", + "iot:GetThingShadow", + "iot:UpdateJob", + "iot:UpdateThingShadow" + ], + "resource_type": "deployment*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a component", + "privilege": "CreateComponentVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "component*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a deployment", + "privilege": "CreateDeployment", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "iot:CancelJob", + "iot:CreateJob", + "iot:DeleteThingShadow", + "iot:DescribeJob", + "iot:DescribeThing", + "iot:DescribeThingGroup", + "iot:GetThingShadow", + "iot:UpdateJob", + "iot:UpdateThingShadow" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a component", + "privilege": "DeleteComponent", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "componentVersion*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a AWS IoT Greengrass core device, which is an AWS IoT thing. This operation removes the core device from the list of core devices. This operation doesn't delete the AWS IoT thing", + "privilege": "DeleteCoreDevice", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iot:DescribeJobExecution" + ], + "resource_type": "coreDevice*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve metadata for a version of a component", + "privilege": "DescribeComponent", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "componentVersion*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the recipe for a version of a component", + "privilege": "GetComponent", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "componentVersion*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the pre-signed URL to download a public component artifact", + "privilege": "GetComponentVersionArtifact", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "componentVersion*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieves metadata for a AWS IoT Greengrass core device", + "privilege": "GetCoreDevice", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "coreDevice*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a deployment", + "privilege": "GetDeployment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iot:DescribeJob", + "iot:DescribeThing", + "iot:DescribeThingGroup", + "iot:GetThingShadow" + ], + "resource_type": "deployment*" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "ListClientDevicesAssociatedWithCoreDevice", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve a paginated list of all versions for a component", + "privilege": "ListComponentVersions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "component*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve a paginated list of component summaries", + "privilege": "ListComponents", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve a paginated list of AWS IoT Greengrass core devices", + "privilege": "ListCoreDevices", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieves a paginated list of deployments", + "privilege": "ListDeployments", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iot:DescribeJob", + "iot:DescribeThing", + "iot:DescribeThingGroup", + "iot:GetThingShadow" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieves a paginated list of deployment jobs that AWS IoT Greengrass sends to AWS IoT Greengrass core devices", + "privilege": "ListEffectiveDeployments", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iot:DescribeJob", + "iot:DescribeJobExecution", + "iot:DescribeThing", + "iot:DescribeThingGroup", + "iot:GetThingShadow" + ], + "resource_type": "coreDevice*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve a paginated list of the components that a AWS IoT Greengrass core device runs", + "privilege": "ListInstalledComponents", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "coreDevice*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the tags for a resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "component" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "componentVersion" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "coreDevice" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "deployment" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list components that meet the component, version, and platform requirements of a deployment", + "privilege": "ResolveComponentCandidates", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "componentVersion*" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to add tags to a resource", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "component" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "componentVersion" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "coreDevice" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "deployment" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to remove tags from a resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "component" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "componentVersion" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "coreDevice" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "deployment" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:components:${ComponentName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "component" + }, + { + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:components:${ComponentName}:versions:${ComponentVersion}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "componentVersion" + }, + { + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:coreDevices:${CoreDeviceThingName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "coreDevice" + }, + { + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:deployments:${DeploymentId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "deployment" + } + ], + "service_name": "AWS IoT Greengrass V2" + }, { "conditions": [ { @@ -79448,7 +81229,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" + "resource_type": "" } ] }, @@ -79460,7 +81241,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" + "resource_type": "" } ] }, @@ -79487,7 +81268,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" + "resource_type": "filter*" }, { "condition_keys": [ @@ -79504,11 +81285,6 @@ "description": "Grants permission to create an IPSet", "privilege": "CreateIPSet", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "detector*" - }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -79527,7 +81303,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" + "resource_type": "" } ] }, @@ -79542,7 +81318,7 @@ "s3:GetObject", "s3:ListBucket" ], - "resource_type": "detector*" + "resource_type": "" } ] }, @@ -79554,7 +81330,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" + "resource_type": "" } ] }, @@ -79563,11 +81339,6 @@ "description": "Grants permission to create GuardDuty ThreatIntelSets, where a ThreatIntelSet consists of known malicious IP addresses used by GuardDuty to generate findings", "privilege": "CreateThreatIntelSet", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "detector*" - }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -79607,11 +81378,6 @@ "description": "Grants permission to delete GuardDuty filters", "privilege": "DeleteFilter", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "detector*" - }, { "condition_keys": [], "dependent_actions": [], @@ -79624,11 +81390,6 @@ "description": "Grants permission to delete GuardDuty IPSets", "privilege": "DeleteIPSet", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "detector*" - }, { "condition_keys": [], "dependent_actions": [], @@ -79656,7 +81417,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" + "resource_type": "" } ] }, @@ -79665,11 +81426,6 @@ "description": "Grants permission to delete a publishing destination", "privilege": "DeletePublishingDestination", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "detector*" - }, { "condition_keys": [], "dependent_actions": [], @@ -79682,11 +81438,6 @@ "description": "Grants permission to delete GuardDuty ThreatIntelSets", "privilege": "DeleteThreatIntelSet", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "detector*" - }, { "condition_keys": [], "dependent_actions": [], @@ -79702,7 +81453,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" + "resource_type": "" } ] }, @@ -79711,11 +81462,6 @@ "description": "Grants permission to retrieve details about a publishing destination", "privilege": "DescribePublishingDestination", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "detector*" - }, { "condition_keys": [], "dependent_actions": [], @@ -79743,7 +81489,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" + "resource_type": "" } ] }, @@ -79755,7 +81501,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" + "resource_type": "" } ] }, @@ -79788,11 +81534,6 @@ "description": "Grants permission to retrieve GuardDuty filters", "privilege": "GetFilter", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "detector*" - }, { "condition_keys": [], "dependent_actions": [], @@ -79808,7 +81549,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" + "resource_type": "" } ] }, @@ -79820,7 +81561,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" + "resource_type": "" } ] }, @@ -79829,11 +81570,6 @@ "description": "Grants permsission to retrieve GuardDuty IPSets", "privilege": "GetIPSet", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "detector*" - }, { "condition_keys": [], "dependent_actions": [], @@ -79861,7 +81597,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" + "resource_type": "" } ] }, @@ -79873,7 +81609,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" + "resource_type": "" } ] }, @@ -79885,7 +81621,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" + "resource_type": "" } ] }, @@ -79894,11 +81630,6 @@ "description": "Grants permission to retrieve GuardDuty ThreatIntelSets", "privilege": "GetThreatIntelSet", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "detector*" - }, { "condition_keys": [], "dependent_actions": [], @@ -79914,7 +81645,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" + "resource_type": "" } ] }, @@ -79926,7 +81657,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" + "resource_type": "" } ] }, @@ -79950,7 +81681,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" + "resource_type": "" } ] }, @@ -79962,7 +81693,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" + "resource_type": "" } ] }, @@ -79974,7 +81705,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" + "resource_type": "" } ] }, @@ -79998,7 +81729,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" + "resource_type": "" } ] }, @@ -80022,12 +81753,12 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" + "resource_type": "" } ] }, { - "access_level": "List", + "access_level": "Read", "description": "Grants permission to retrieve a list of tags associated with a GuardDuty resource", "privilege": "ListTagsForResource", "resource_types": [ @@ -80061,7 +81792,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" + "resource_type": "" } ] }, @@ -80073,7 +81804,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" + "resource_type": "" } ] }, @@ -80085,12 +81816,12 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" + "resource_type": "" } ] }, { - "access_level": "Write", + "access_level": "Tagging", "description": "Grants permission to add tags to a GuardDuty resource", "privilege": "TagResource", "resource_types": [ @@ -80132,12 +81863,12 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" + "resource_type": "" } ] }, { - "access_level": "Write", + "access_level": "Tagging", "description": "Grants permission to remove tags from a GuardDuty resource", "privilege": "UntagResource", "resource_types": [ @@ -80187,11 +81918,6 @@ "description": "Grants permission to updates GuardDuty filters", "privilege": "UpdateFilter", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "detector*" - }, { "condition_keys": [], "dependent_actions": [], @@ -80207,7 +81933,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" + "resource_type": "" } ] }, @@ -80216,11 +81942,6 @@ "description": "Grants permission to update GuardDuty IPSets", "privilege": "UpdateIPSet", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "detector*" - }, { "condition_keys": [], "dependent_actions": [], @@ -80236,7 +81957,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" + "resource_type": "" } ] }, @@ -80248,7 +81969,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" + "resource_type": "" } ] }, @@ -80263,11 +81984,6 @@ "s3:GetObject", "s3:ListBucket" ], - "resource_type": "detector*" - }, - { - "condition_keys": [], - "dependent_actions": [], "resource_type": "publishingDestination*" } ] @@ -80277,11 +81993,6 @@ "description": "Grants permission to updates the GuardDuty ThreatIntelSets", "privilege": "UpdateThreatIntelSet", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "detector*" - }, { "condition_keys": [], "dependent_actions": [], @@ -81285,6 +82996,14 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "instance-profile*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -81309,6 +83028,14 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "oidc-provider*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -81321,6 +83048,14 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "policy*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -81348,7 +83083,9 @@ }, { "condition_keys": [ - "iam:PermissionsBoundary" + "iam:PermissionsBoundary", + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -81364,6 +83101,14 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "saml-provider*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -81410,7 +83155,9 @@ }, { "condition_keys": [ - "iam:PermissionsBoundary" + "iam:PermissionsBoundary", + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -81426,6 +83173,14 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "mfa*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -81867,7 +83622,22 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "group*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "policy*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "role*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "user*" } ] }, @@ -82393,7 +84163,17 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "group*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "role*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "user*" } ] }, @@ -82824,6 +84604,14 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "instance-profile*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -82836,6 +84624,14 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "mfa*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -82848,6 +84644,14 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "oidc-provider*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -82860,6 +84664,14 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "policy*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -82872,6 +84684,14 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "role*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -82884,6 +84704,14 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "saml-provider*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -82896,6 +84724,14 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "server-certificate*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -82908,6 +84744,14 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "user*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -82920,6 +84764,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "instance-profile*" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -82932,6 +84783,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "mfa*" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -82944,6 +84802,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "oidc-provider*" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -82956,6 +84821,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "policy*" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -82968,6 +84840,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "role*" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -82980,6 +84859,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "saml-provider*" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -82992,6 +84878,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "server-certificate*" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -83004,6 +84897,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "user*" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -83196,6 +85096,14 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "server-certificate*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -83235,39 +85143,52 @@ }, { "arn": "arn:${Partition}:iam::${Account}:instance-profile/${InstanceProfileNameWithPath}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "instance-profile" }, { "arn": "arn:${Partition}:iam::${Account}:mfa/${MfaTokenIdWithPath}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "mfa" }, { "arn": "arn:${Partition}:iam::${Account}:oidc-provider/${OidcProviderName}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "oidc-provider" }, { "arn": "arn:${Partition}:iam::${Account}:policy/${PolicyNameWithPath}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "policy" }, { "arn": "arn:${Partition}:iam::${Account}:role/${RoleNameWithPath}", "condition_keys": [ + "aws:ResourceTag/${TagKey}", "iam:ResourceTag/${TagKey}" ], "resource": "role" }, { "arn": "arn:${Partition}:iam::${Account}:saml-provider/${SamlProviderName}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "saml-provider" }, { "arn": "arn:${Partition}:iam::${Account}:server-certificate/${CertificateNameWithPath}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "server-certificate" }, { @@ -83278,6 +85199,7 @@ { "arn": "arn:${Partition}:iam::${Account}:user/${UserNameWithPath}", "condition_keys": [ + "aws:ResourceTag/${TagKey}", "iam:ResourceTag/${TagKey}" ], "resource": "user" @@ -84832,37 +86754,37 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "A tag key that is present in the request that the user makes to IoT.", + "description": "Filters access by a tag key that is present in the request.", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "The tag key component of a tag attached to an IoT resource.", + "description": "Filters access by a tag key component of a tag associated to the IoT resource in the request.", "type": "String" }, { "condition": "aws:TagKeys", - "description": "The list of all the tag key names associated with the resource in the request.", + "description": "Filters access by a list of tag keys associated to the IoT resource in the request", "type": "String" }, { "condition": "iot:Delete", - "description": "The flag indicating whether or not to also delete an IoT Tunnel immediately", + "description": "Filters access by a flag indicating whether or not to also delete an IoT Tunnel immediately when making iot:CloseTunnel request", "type": "Bool" }, { "condition": "iot:DomainName", - "description": "Filters actions based on the domain name of an IoT DomainConfiguration", + "description": "Filters access by based on the domain name of an IoT DomainConfiguration", "type": "String" }, { "condition": "iot:ThingGroupArn", - "description": "The list of all IoT Thing Group ARNs that the destination IoT Thing belongs to for an IoT Tunnel", + "description": "Filters access by a list of IoT Thing Group ARNs that the destination IoT Thing belongs to for an IoT Tunnel", "type": "String" }, { "condition": "iot:TunnelDestinationService", - "description": "The list of all destination services for an IoT Tunnel", + "description": "Filters access by a list of destination services for an IoT Tunnel", "type": "String" } ], @@ -84870,7 +86792,7 @@ "privileges": [ { "access_level": "Write", - "description": "Accepts a pending certificate transfer.", + "description": "Grants permission to accept a pending certificate transfer.", "privilege": "AcceptCertificateTransfer", "resource_types": [ { @@ -84882,7 +86804,7 @@ }, { "access_level": "Write", - "description": "Adds a thing to the specified billing group.", + "description": "Grants permission to add a thing to the specified billing group.", "privilege": "AddThingToBillingGroup", "resource_types": [ { @@ -84899,7 +86821,7 @@ }, { "access_level": "Write", - "description": "Adds a thing to the specified thing group.", + "description": "Grants permission to add a thing to the specified thing group.", "privilege": "AddThingToThingGroup", "resource_types": [ { @@ -84916,7 +86838,7 @@ }, { "access_level": "Write", - "description": "Associates a group with a continuous job.", + "description": "Grants permission to associate a group with a continuous job.", "privilege": "AssociateTargetsWithJob", "resource_types": [ { @@ -84938,7 +86860,7 @@ }, { "access_level": "Permissions management", - "description": "Attaches a policy to the specified target.", + "description": "Grants permission to attach a policy to the specified target.", "privilege": "AttachPolicy", "resource_types": [ { @@ -84955,7 +86877,7 @@ }, { "access_level": "Permissions management", - "description": "Attaches the specified policy to the specified principal (certificate or other credential).", + "description": "Grants permission to attach the specified policy to the specified principal (certificate or other credential).", "privilege": "AttachPrincipalPolicy", "resource_types": [ { @@ -84967,7 +86889,7 @@ }, { "access_level": "Write", - "description": "Associates a Device Defender security profile with a thing group or with this account.", + "description": "Grants permission to associate a Device Defender security profile with a thing group or with this account.", "privilege": "AttachSecurityProfile", "resource_types": [ { @@ -84994,7 +86916,7 @@ }, { "access_level": "Write", - "description": "Attaches the specified principal to the specified thing.", + "description": "Grants permission to attach the specified principal to the specified thing.", "privilege": "AttachThingPrincipal", "resource_types": [ { @@ -85006,7 +86928,7 @@ }, { "access_level": "Write", - "description": "Cancels a mitigation action task that is in progress.", + "description": "Grants permission to cancel a mitigation action task that is in progress.", "privilege": "CancelAuditMitigationActionsTask", "resource_types": [ { @@ -85018,7 +86940,7 @@ }, { "access_level": "Write", - "description": "Cancels an audit that is in progress. The audit can be either scheduled or on-demand.", + "description": "Grants permission to cancel an audit that is in progress. The audit can be either scheduled or on-demand.", "privilege": "CancelAuditTask", "resource_types": [ { @@ -85030,7 +86952,7 @@ }, { "access_level": "Write", - "description": "Cancels a pending transfer for the specified certificate.", + "description": "Grants permission to cancel a pending transfer for the specified certificate.", "privilege": "CancelCertificateTransfer", "resource_types": [ { @@ -85054,7 +86976,7 @@ }, { "access_level": "Write", - "description": "Cancels a job.", + "description": "Grants permission to cancel a job.", "privilege": "CancelJob", "resource_types": [ { @@ -85066,7 +86988,7 @@ }, { "access_level": "Write", - "description": "Cancels a job execution on a particular device.", + "description": "Grants permission to cancel a job execution on a particular device.", "privilege": "CancelJobExecution", "resource_types": [ { @@ -85083,7 +87005,7 @@ }, { "access_level": "Write", - "description": "Clears the default authorizer.", + "description": "Grants permission to clear the default authorizer.", "privilege": "ClearDefaultAuthorizer", "resource_types": [ { @@ -85095,7 +87017,7 @@ }, { "access_level": "Write", - "description": "Closes a tunnel.", + "description": "Grants permission to close a tunnel.", "privilege": "CloseTunnel", "resource_types": [ { @@ -85114,7 +87036,7 @@ }, { "access_level": "Write", - "description": "Confirms a http url TopicRuleDestinationDestination.", + "description": "Grants permission to confirm a http url TopicRuleDestinationDestination.", "privilege": "ConfirmTopicRuleDestination", "resource_types": [ { @@ -85126,7 +87048,7 @@ }, { "access_level": "Write", - "description": "Connect as the specified client", + "description": "Grants permission to connect as the specified client", "privilege": "Connect", "resource_types": [ { @@ -85138,7 +87060,7 @@ }, { "access_level": "Write", - "description": "Creates a Device Defender audit suppression.", + "description": "Grants permission to create a Device Defender audit suppression.", "privilege": "CreateAuditSuppression", "resource_types": [ { @@ -85150,7 +87072,7 @@ }, { "access_level": "Write", - "description": "Creates an authorizer.", + "description": "Grants permission to create an authorizer.", "privilege": "CreateAuthorizer", "resource_types": [ { @@ -85169,8 +87091,8 @@ ] }, { - "access_level": "Tagging", - "description": "Creates a billing group.", + "access_level": "Write", + "description": "Grants permission to create a billing group.", "privilege": "CreateBillingGroup", "resource_types": [ { @@ -85190,7 +87112,7 @@ }, { "access_level": "Write", - "description": "Creates an X.509 certificate using the specified certificate signing request.", + "description": "Grants permission to create an X.509 certificate using the specified certificate signing request.", "privilege": "CreateCertificateFromCsr", "resource_types": [ { @@ -85222,7 +87144,7 @@ }, { "access_level": "Write", - "description": "Defines a dimension that can be used to to limit the scope of a metric used in a security profile.", + "description": "Grants permission to define a dimension that can be used to to limit the scope of a metric used in a security profile.", "privilege": "CreateDimension", "resource_types": [ { @@ -85242,7 +87164,7 @@ }, { "access_level": "Write", - "description": "Creates a domain configuration.", + "description": "Grants permission to create a domain configuration.", "privilege": "CreateDomainConfiguration", "resource_types": [ { @@ -85262,8 +87184,8 @@ ] }, { - "access_level": "Tagging", - "description": "Creates a Dynamic Thing Group", + "access_level": "Write", + "description": "Grants permission to create a Dynamic Thing Group", "privilege": "CreateDynamicThingGroup", "resource_types": [ { @@ -85282,8 +87204,8 @@ ] }, { - "access_level": "Tagging", - "description": "Creates a fleet metric", + "access_level": "Write", + "description": "Grants permission to create a fleet metric", "privilege": "CreateFleetMetric", "resource_types": [ { @@ -85308,7 +87230,7 @@ }, { "access_level": "Write", - "description": "Creates a job.", + "description": "Grants permission to create a job.", "privilege": "CreateJob", "resource_types": [ { @@ -85326,6 +87248,11 @@ "dependent_actions": [], "resource_type": "thinggroup*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "jobtemplate" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -85338,7 +87265,32 @@ }, { "access_level": "Write", - "description": "Creates a 2048 bit RSA key pair and issues an X.509 certificate using the issued public key.", + "description": "Grants permission to create a job template.", + "privilege": "CreateJobTemplate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "jobtemplate*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "job" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a 2048 bit RSA key pair and issues an X.509 certificate using the issued public key.", "privilege": "CreateKeysAndCertificate", "resource_types": [ { @@ -85350,7 +87302,7 @@ }, { "access_level": "Write", - "description": "Defines an action that can be applied to audit findings by using StartAuditMitigationActionsTask.", + "description": "Grants permission to define an action that can be applied to audit findings by using StartAuditMitigationActionsTask.", "privilege": "CreateMitigationAction", "resource_types": [ { @@ -85370,7 +87322,7 @@ }, { "access_level": "Write", - "description": "Creates an OTA update job.", + "description": "Grants permission to create an OTA update job.", "privilege": "CreateOTAUpdate", "resource_types": [ { @@ -85390,7 +87342,7 @@ }, { "access_level": "Write", - "description": "Creates an AWS IoT policy.", + "description": "Grants permission to create an AWS IoT policy.", "privilege": "CreatePolicy", "resource_types": [ { @@ -85410,7 +87362,7 @@ }, { "access_level": "Write", - "description": "Creates a new version of the specified AWS IoT policy.", + "description": "Grants permission to create a new version of the specified AWS IoT policy.", "privilege": "CreatePolicyVersion", "resource_types": [ { @@ -85422,7 +87374,7 @@ }, { "access_level": "Write", - "description": "Creates a provisioning claim.", + "description": "Grants permission to create a provisioning claim.", "privilege": "CreateProvisioningClaim", "resource_types": [ { @@ -85434,7 +87386,7 @@ }, { "access_level": "Write", - "description": "Creates a fleet provisioning template.", + "description": "Grants permission to create a fleet provisioning template.", "privilege": "CreateProvisioningTemplate", "resource_types": [ { @@ -85456,7 +87408,7 @@ }, { "access_level": "Write", - "description": "Creates a new version of a fleet provisioning template.", + "description": "Grants permission to create a new version of a fleet provisioning template.", "privilege": "CreateProvisioningTemplateVersion", "resource_types": [ { @@ -85468,7 +87420,7 @@ }, { "access_level": "Write", - "description": "Creates a role alias.", + "description": "Grants permission to create a role alias.", "privilege": "CreateRoleAlias", "resource_types": [ { @@ -85490,7 +87442,7 @@ }, { "access_level": "Write", - "description": "Creates a scheduled audit that is run at a specified time interval.", + "description": "Grants permission to create a scheduled audit that is run at a specified time interval.", "privilege": "CreateScheduledAudit", "resource_types": [ { @@ -85510,7 +87462,7 @@ }, { "access_level": "Write", - "description": "Creates a Device Defender security profile.", + "description": "Grants permission to create a Device Defender security profile.", "privilege": "CreateSecurityProfile", "resource_types": [ { @@ -85540,7 +87492,7 @@ }, { "access_level": "Write", - "description": "Creates a new AWS IoT stream", + "description": "Grants permission to create a new AWS IoT stream", "privilege": "CreateStream", "resource_types": [ { @@ -85560,7 +87512,7 @@ }, { "access_level": "Write", - "description": "Creates a thing in the thing registry.", + "description": "Grants permission to create a thing in the thing registry.", "privilege": "CreateThing", "resource_types": [ { @@ -85576,8 +87528,8 @@ ] }, { - "access_level": "Tagging", - "description": "Creates a thing group.", + "access_level": "Write", + "description": "Grants permission to create a thing group.", "privilege": "CreateThingGroup", "resource_types": [ { @@ -85596,8 +87548,8 @@ ] }, { - "access_level": "Tagging", - "description": "Creates a new thing type.", + "access_level": "Write", + "description": "Grants permission to create a new thing type.", "privilege": "CreateThingType", "resource_types": [ { @@ -85617,7 +87569,7 @@ }, { "access_level": "Write", - "description": "Creates a rule.", + "description": "Grants permission to create a rule.", "privilege": "CreateTopicRule", "resource_types": [ { @@ -85637,7 +87589,7 @@ }, { "access_level": "Write", - "description": "Creates a TopicRuleDestination.", + "description": "Grants permission to create a TopicRuleDestination.", "privilege": "CreateTopicRuleDestination", "resource_types": [ { @@ -85649,7 +87601,7 @@ }, { "access_level": "Write", - "description": "Deletes the audit configuration associated with the account.", + "description": "Grants permission to delete the audit configuration associated with the account.", "privilege": "DeleteAccountAuditConfiguration", "resource_types": [ { @@ -85661,7 +87613,7 @@ }, { "access_level": "Write", - "description": "Deletes a Device Defender audit suppression.", + "description": "Grants permission to delete a Device Defender audit suppression.", "privilege": "DeleteAuditSuppression", "resource_types": [ { @@ -85673,7 +87625,7 @@ }, { "access_level": "Write", - "description": "Deletes the specified authorizer.", + "description": "Grants permission to delete the specified authorizer.", "privilege": "DeleteAuthorizer", "resource_types": [ { @@ -85684,8 +87636,8 @@ ] }, { - "access_level": "Tagging", - "description": "Deletes the specified billing group.", + "access_level": "Write", + "description": "Grants permission to delete the specified billing group.", "privilege": "DeleteBillingGroup", "resource_types": [ { @@ -85697,7 +87649,7 @@ }, { "access_level": "Write", - "description": "Deletes a registered CA certificate.", + "description": "Grants permission to delete a registered CA certificate.", "privilege": "DeleteCACertificate", "resource_types": [ { @@ -85709,7 +87661,7 @@ }, { "access_level": "Write", - "description": "Deletes the specified certificate.", + "description": "Grants permission to delete the specified certificate.", "privilege": "DeleteCertificate", "resource_types": [ { @@ -85733,7 +87685,7 @@ }, { "access_level": "Write", - "description": "Removes the specified dimension from your AWS account.", + "description": "Grants permission to remove the specified dimension from your AWS account.", "privilege": "DeleteDimension", "resource_types": [ { @@ -85745,7 +87697,7 @@ }, { "access_level": "Write", - "description": "Deletes a domain configuration.", + "description": "Grants permission to delete a domain configuration.", "privilege": "DeleteDomainConfiguration", "resource_types": [ { @@ -85756,8 +87708,8 @@ ] }, { - "access_level": "Tagging", - "description": "Deletes the specified Dynamic Thing Group", + "access_level": "Write", + "description": "Grants permission to delete the specified Dynamic Thing Group", "privilege": "DeleteDynamicThingGroup", "resource_types": [ { @@ -85768,8 +87720,8 @@ ] }, { - "access_level": "Tagging", - "description": "Deletes the specified fleet metric", + "access_level": "Write", + "description": "Grants permission to delete the specified fleet metric", "privilege": "DeleteFleetMetric", "resource_types": [ { @@ -85781,7 +87733,7 @@ }, { "access_level": "Write", - "description": "Deletes a job and its related job executions.", + "description": "Grants permission to delete a job and its related job executions.", "privilege": "DeleteJob", "resource_types": [ { @@ -85793,7 +87745,7 @@ }, { "access_level": "Write", - "description": "Deletes a job execution.", + "description": "Grants permission to delete a job execution.", "privilege": "DeleteJobExecution", "resource_types": [ { @@ -85810,7 +87762,19 @@ }, { "access_level": "Write", - "description": "Deletes a defined mitigation action from your AWS account.", + "description": "Grants permission to delete a job template.", + "privilege": "DeleteJobTemplate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "jobtemplate*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a defined mitigation action from your AWS account.", "privilege": "DeleteMitigationAction", "resource_types": [ { @@ -85822,7 +87786,7 @@ }, { "access_level": "Write", - "description": "Deletes an OTA update job.", + "description": "Grants permission to delete an OTA update job.", "privilege": "DeleteOTAUpdate", "resource_types": [ { @@ -85834,7 +87798,7 @@ }, { "access_level": "Write", - "description": "Deletes the specified policy.", + "description": "Grants permission to delete the specified policy.", "privilege": "DeletePolicy", "resource_types": [ { @@ -85846,7 +87810,7 @@ }, { "access_level": "Write", - "description": "Deletes the specified version of the specified policy.", + "description": "Grants permission to Delete the specified version of the specified policy.", "privilege": "DeletePolicyVersion", "resource_types": [ { @@ -85858,7 +87822,7 @@ }, { "access_level": "Write", - "description": "Deletes a fleet provisioning template.", + "description": "Grants permission to delete a fleet provisioning template.", "privilege": "DeleteProvisioningTemplate", "resource_types": [ { @@ -85870,7 +87834,7 @@ }, { "access_level": "Write", - "description": "Deletes a fleet provisioning template version.", + "description": "Grants permission to delete a fleet provisioning template version.", "privilege": "DeleteProvisioningTemplateVersion", "resource_types": [ { @@ -85882,7 +87846,7 @@ }, { "access_level": "Write", - "description": "Deletes a CA certificate registration code.", + "description": "Grants permission to delete a CA certificate registration code.", "privilege": "DeleteRegistrationCode", "resource_types": [ { @@ -85894,7 +87858,7 @@ }, { "access_level": "Write", - "description": "Deletes the specified role alias.", + "description": "Grants permission to delete the specified role alias.", "privilege": "DeleteRoleAlias", "resource_types": [ { @@ -85906,7 +87870,7 @@ }, { "access_level": "Write", - "description": "Deletes a scheduled audit.", + "description": "Grants permission to delete a scheduled audit.", "privilege": "DeleteScheduledAudit", "resource_types": [ { @@ -85918,7 +87882,7 @@ }, { "access_level": "Write", - "description": "Deletes a Device Defender security profile.", + "description": "Grants permission to delete a Device Defender security profile.", "privilege": "DeleteSecurityProfile", "resource_types": [ { @@ -85940,7 +87904,7 @@ }, { "access_level": "Write", - "description": "Deletes a specified stream.", + "description": "Grants permission to delete a specified stream.", "privilege": "DeleteStream", "resource_types": [ { @@ -85952,7 +87916,7 @@ }, { "access_level": "Write", - "description": "Deletes the specified thing.", + "description": "Grants permission to delete the specified thing.", "privilege": "DeleteThing", "resource_types": [ { @@ -85963,8 +87927,8 @@ ] }, { - "access_level": "Tagging", - "description": "Deletes the specified thing group.", + "access_level": "Write", + "description": "Grants permission to delete the specified thing group.", "privilege": "DeleteThingGroup", "resource_types": [ { @@ -85976,7 +87940,7 @@ }, { "access_level": "Write", - "description": "Deletes the specified thing shadow.", + "description": "Grants permission to delete the specified thing shadow.", "privilege": "DeleteThingShadow", "resource_types": [ { @@ -85987,8 +87951,8 @@ ] }, { - "access_level": "Tagging", - "description": "Deletes the specified thing type.", + "access_level": "Write", + "description": "Grants permission to delete the specified thing type.", "privilege": "DeleteThingType", "resource_types": [ { @@ -86000,7 +87964,7 @@ }, { "access_level": "Write", - "description": "Deletes the specified rule.", + "description": "Grants permission to delete the specified rule.", "privilege": "DeleteTopicRule", "resource_types": [ { @@ -86012,7 +87976,7 @@ }, { "access_level": "Write", - "description": "Deletes a TopicRuleDestination.", + "description": "Grants permission to delete a TopicRuleDestination.", "privilege": "DeleteTopicRuleDestination", "resource_types": [ { @@ -86024,7 +87988,7 @@ }, { "access_level": "Write", - "description": "Deletes the specified v2 logging level.", + "description": "Grants permission to delete the specified v2 logging level.", "privilege": "DeleteV2LoggingLevel", "resource_types": [ { @@ -86036,7 +88000,7 @@ }, { "access_level": "Write", - "description": "Deprecates the specified thing type.", + "description": "Grants permission to deprecate the specified thing type.", "privilege": "DeprecateThingType", "resource_types": [ { @@ -86048,7 +88012,7 @@ }, { "access_level": "Read", - "description": "Gets information about audit configurations for the account.", + "description": "Grants permission to get information about audit configurations for the account.", "privilege": "DescribeAccountAuditConfiguration", "resource_types": [ { @@ -86060,7 +88024,7 @@ }, { "access_level": "Read", - "description": "Gets information about a single audit finding. Properties include the reason for noncompliance, the severity of the issue, and when the audit that returned the finding was started.", + "description": "Grants permission to get information about a single audit finding. Properties include the reason for noncompliance, the severity of the issue, and when the audit that returned the finding was started.", "privilege": "DescribeAuditFinding", "resource_types": [ { @@ -86072,7 +88036,7 @@ }, { "access_level": "Read", - "description": "Gets information about an audit mitigation task that is used to apply mitigation actions to a set of audit findings.", + "description": "Grants permission to get information about an audit mitigation task that is used to apply mitigation actions to a set of audit findings.", "privilege": "DescribeAuditMitigationActionsTask", "resource_types": [ { @@ -86084,7 +88048,7 @@ }, { "access_level": "Read", - "description": "Gets information about a Device Defender audit suppression.", + "description": "Grants permission to get information about a Device Defender audit suppression.", "privilege": "DescribeAuditSuppression", "resource_types": [ { @@ -86096,7 +88060,7 @@ }, { "access_level": "Read", - "description": "Gets information about a Device Defender audit.", + "description": "Grants permission to get information about a Device Defender audit.", "privilege": "DescribeAuditTask", "resource_types": [ { @@ -86108,7 +88072,7 @@ }, { "access_level": "Read", - "description": "Describes an authorizer.", + "description": "Grants permission to describe an authorizer.", "privilege": "DescribeAuthorizer", "resource_types": [ { @@ -86120,7 +88084,7 @@ }, { "access_level": "Read", - "description": "Gets information about the specified billing group.", + "description": "Grants permission to get information about the specified billing group.", "privilege": "DescribeBillingGroup", "resource_types": [ { @@ -86132,7 +88096,7 @@ }, { "access_level": "Read", - "description": "Describes a registered CA certificate.", + "description": "Grants permission to describe a registered CA certificate.", "privilege": "DescribeCACertificate", "resource_types": [ { @@ -86144,7 +88108,7 @@ }, { "access_level": "Read", - "description": "Gets information about the specified certificate.", + "description": "Grants permission to get information about the specified certificate.", "privilege": "DescribeCertificate", "resource_types": [ { @@ -86168,7 +88132,7 @@ }, { "access_level": "Read", - "description": "Describes the default authorizer.", + "description": "Grants permission to describe the default authorizer.", "privilege": "DescribeDefaultAuthorizer", "resource_types": [ { @@ -86192,7 +88156,7 @@ }, { "access_level": "Read", - "description": "Provides details about a dimension that is defined in your AWS account.", + "description": "Grants permission to get details about a dimension that is defined in your AWS account.", "privilege": "DescribeDimension", "resource_types": [ { @@ -86204,7 +88168,7 @@ }, { "access_level": "Read", - "description": "Gets information about the domain configuration.", + "description": "Grants permission to get information about the domain configuration.", "privilege": "DescribeDomainConfiguration", "resource_types": [ { @@ -86216,7 +88180,7 @@ }, { "access_level": "Read", - "description": "Returns a unique endpoint specific to the AWS account making the call.", + "description": "Grants permission to get a unique endpoint specific to the AWS account making the call.", "privilege": "DescribeEndpoint", "resource_types": [ { @@ -86228,7 +88192,7 @@ }, { "access_level": "Read", - "description": "Returns account event configurations.", + "description": "Grants permission to get account event configurations.", "privilege": "DescribeEventConfigurations", "resource_types": [ { @@ -86240,7 +88204,7 @@ }, { "access_level": "Read", - "description": "Gets information about the specified fleet metric.", + "description": "Grants permission to get information about the specified fleet metric.", "privilege": "DescribeFleetMetric", "resource_types": [ { @@ -86252,7 +88216,7 @@ }, { "access_level": "Read", - "description": "Gets information about the specified index.", + "description": "Grants permission to get information about the specified index.", "privilege": "DescribeIndex", "resource_types": [ { @@ -86264,7 +88228,7 @@ }, { "access_level": "Read", - "description": "Describes a job.", + "description": "Grants permission to describe a job.", "privilege": "DescribeJob", "resource_types": [ { @@ -86276,7 +88240,7 @@ }, { "access_level": "Read", - "description": "Describes a job execution.", + "description": "Grants permission to describe a job execution.", "privilege": "DescribeJobExecution", "resource_types": [ { @@ -86293,7 +88257,19 @@ }, { "access_level": "Read", - "description": "Gets information about a mitigation action.", + "description": "Grants permission to describe a job template.", + "privilege": "DescribeJobTemplate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "jobtemplate*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get information about a mitigation action.", "privilege": "DescribeMitigationAction", "resource_types": [ { @@ -86305,7 +88281,7 @@ }, { "access_level": "Read", - "description": "Returns information about a fleet provisioning template.", + "description": "Grants permission to get information about a fleet provisioning template.", "privilege": "DescribeProvisioningTemplate", "resource_types": [ { @@ -86317,7 +88293,7 @@ }, { "access_level": "Read", - "description": "Returns information about a fleet provisioning template version.", + "description": "Grants permission to get information about a fleet provisioning template version.", "privilege": "DescribeProvisioningTemplateVersion", "resource_types": [ { @@ -86329,7 +88305,7 @@ }, { "access_level": "Read", - "description": "Describes a role alias.", + "description": "Grants permission to describe a role alias.", "privilege": "DescribeRoleAlias", "resource_types": [ { @@ -86341,7 +88317,7 @@ }, { "access_level": "Read", - "description": "Gets information about a scheduled audit.", + "description": "Grants permission to get information about a scheduled audit.", "privilege": "DescribeScheduledAudit", "resource_types": [ { @@ -86353,7 +88329,7 @@ }, { "access_level": "Read", - "description": "Gets information about a Device Defender security profile.", + "description": "Grants permission to get information about a Device Defender security profile.", "privilege": "DescribeSecurityProfile", "resource_types": [ { @@ -86365,7 +88341,7 @@ }, { "access_level": "Read", - "description": "Gets information about the specified stream.", + "description": "Grants permission to get information about the specified stream.", "privilege": "DescribeStream", "resource_types": [ { @@ -86377,7 +88353,7 @@ }, { "access_level": "Read", - "description": "Gets information about the specified thing.", + "description": "Grants permission to get information about the specified thing.", "privilege": "DescribeThing", "resource_types": [ { @@ -86389,7 +88365,7 @@ }, { "access_level": "Read", - "description": "Gets information about the specified thing group.", + "description": "Grants permission to get information about the specified thing group.", "privilege": "DescribeThingGroup", "resource_types": [ { @@ -86401,7 +88377,7 @@ }, { "access_level": "Read", - "description": "Gets information about the bulk thing registration task.", + "description": "Grants permission to get information about the bulk thing registration task.", "privilege": "DescribeThingRegistrationTask", "resource_types": [ { @@ -86413,7 +88389,7 @@ }, { "access_level": "Read", - "description": "Gets information about the specified thing type.", + "description": "Grants permission to get information about the specified thing type.", "privilege": "DescribeThingType", "resource_types": [ { @@ -86425,7 +88401,7 @@ }, { "access_level": "Read", - "description": "Describes a tunnel.", + "description": "Grants permission to describe a tunnel.", "privilege": "DescribeTunnel", "resource_types": [ { @@ -86437,7 +88413,7 @@ }, { "access_level": "Permissions management", - "description": "Detaches a policy from the specified target.", + "description": "Grants permission to detach a policy from the specified target.", "privilege": "DetachPolicy", "resource_types": [ { @@ -86454,7 +88430,7 @@ }, { "access_level": "Permissions management", - "description": "Removes the specified policy from the specified certificate.", + "description": "Grants permission to remove the specified policy from the specified certificate.", "privilege": "DetachPrincipalPolicy", "resource_types": [ { @@ -86466,7 +88442,7 @@ }, { "access_level": "Write", - "description": "Disassociates a Device Defender security profile from a thing group or from this account.", + "description": "Grants permission to disassociate a Device Defender security profile from a thing group or from this account.", "privilege": "DetachSecurityProfile", "resource_types": [ { @@ -86493,7 +88469,7 @@ }, { "access_level": "Write", - "description": "Detaches the specified principal from the specified thing.", + "description": "Grants permission to detach the specified principal from the specified thing.", "privilege": "DetachThingPrincipal", "resource_types": [ { @@ -86505,7 +88481,7 @@ }, { "access_level": "Write", - "description": "Disables the specified rule.", + "description": "Grants permission to disable the specified rule.", "privilege": "DisableTopicRule", "resource_types": [ { @@ -86517,7 +88493,7 @@ }, { "access_level": "Write", - "description": "Enables the specified rule.", + "description": "Grants permission to enable the specified rule.", "privilege": "EnableTopicRule", "resource_types": [ { @@ -86541,7 +88517,7 @@ }, { "access_level": "Read", - "description": "Get buckets aggregation for IoT fleet index", + "description": "Grants permission to get buckets aggregation for IoT fleet index", "privilege": "GetBucketsAggregation", "resource_types": [ { @@ -86553,7 +88529,7 @@ }, { "access_level": "Read", - "description": "Get cardinality for IoT fleet index", + "description": "Grants permission to get cardinality for IoT fleet index", "privilege": "GetCardinality", "resource_types": [ { @@ -86565,7 +88541,7 @@ }, { "access_level": "Read", - "description": "Gets effective policies.", + "description": "Grants permission to get effective policies.", "privilege": "GetEffectivePolicies", "resource_types": [ { @@ -86577,7 +88553,7 @@ }, { "access_level": "Read", - "description": "Gets current fleet indexing configuration", + "description": "Grants permission to get current fleet indexing configuration", "privilege": "GetIndexingConfiguration", "resource_types": [ { @@ -86589,7 +88565,7 @@ }, { "access_level": "Read", - "description": "Gets a job document.", + "description": "Grants permission to get a job document.", "privilege": "GetJobDocument", "resource_types": [ { @@ -86601,7 +88577,7 @@ }, { "access_level": "Read", - "description": "Gets the logging options.", + "description": "Grants permission to get the logging options.", "privilege": "GetLoggingOptions", "resource_types": [ { @@ -86613,7 +88589,7 @@ }, { "access_level": "Read", - "description": "Gets the information about the OTA update job.", + "description": "Grants permission to get the information about the OTA update job.", "privilege": "GetOTAUpdate", "resource_types": [ { @@ -86625,7 +88601,7 @@ }, { "access_level": "Read", - "description": "Gets the list of all jobs for a thing that are not in a terminal state.", + "description": "Grants permission to get the list of all jobs for a thing that are not in a terminal state.", "privilege": "GetPendingJobExecutions", "resource_types": [ { @@ -86637,7 +88613,7 @@ }, { "access_level": "Read", - "description": "Get percentiles for IoT fleet index", + "description": "Grants permission to get percentiles for IoT fleet index", "privilege": "GetPercentiles", "resource_types": [ { @@ -86649,7 +88625,7 @@ }, { "access_level": "Read", - "description": "Gets information about the specified policy with the policy document of the default version.", + "description": "Grants permission to get information about the specified policy with the policy document of the default version.", "privilege": "GetPolicy", "resource_types": [ { @@ -86661,7 +88637,7 @@ }, { "access_level": "Read", - "description": "Gets information about the specified policy version.", + "description": "Grants permission to get information about the specified policy version.", "privilege": "GetPolicyVersion", "resource_types": [ { @@ -86673,7 +88649,7 @@ }, { "access_level": "Read", - "description": "Gets a registration code used to register a CA certificate with AWS IoT.", + "description": "Grants permission to get a registration code used to register a CA certificate with AWS IoT.", "privilege": "GetRegistrationCode", "resource_types": [ { @@ -86685,7 +88661,7 @@ }, { "access_level": "Read", - "description": "Get statistics for IoT fleet index", + "description": "Grants permission to get statistics for IoT fleet index", "privilege": "GetStatistics", "resource_types": [ { @@ -86697,7 +88673,7 @@ }, { "access_level": "Read", - "description": "Gets the thing shadow.", + "description": "Grants permission to get the thing shadow.", "privilege": "GetThingShadow", "resource_types": [ { @@ -86709,7 +88685,7 @@ }, { "access_level": "Read", - "description": "Gets information about the specified rule.", + "description": "Grants permission to get information about the specified rule.", "privilege": "GetTopicRule", "resource_types": [ { @@ -86721,7 +88697,7 @@ }, { "access_level": "Read", - "description": "Gets a TopicRuleDestination.", + "description": "Grants permission to get a TopicRuleDestination.", "privilege": "GetTopicRuleDestination", "resource_types": [ { @@ -86733,7 +88709,7 @@ }, { "access_level": "Read", - "description": "Gets v2 logging options.", + "description": "Grants permission to get v2 logging options.", "privilege": "GetV2LoggingOptions", "resource_types": [ { @@ -86745,7 +88721,7 @@ }, { "access_level": "List", - "description": "Lists the active violations for a given Device Defender security profile or Thing.", + "description": "Grants permission to list the active violations for a given Device Defender security profile or Thing.", "privilege": "ListActiveViolations", "resource_types": [ { @@ -86762,7 +88738,7 @@ }, { "access_level": "List", - "description": "Lists the policies attached to the specified thing group.", + "description": "Grants permission to list the policies attached to the specified thing group.", "privilege": "ListAttachedPolicies", "resource_types": [ { @@ -86774,7 +88750,7 @@ }, { "access_level": "List", - "description": "Lists the findings (results) of a Device Defender audit or of the audits performed during a specified time period.", + "description": "Grants permission to list the findings (results) of a Device Defender audit or of the audits performed during a specified time period.", "privilege": "ListAuditFindings", "resource_types": [ { @@ -86786,7 +88762,7 @@ }, { "access_level": "List", - "description": "Gets the status of audit mitigation action tasks that were executed.", + "description": "Grants permission to get the status of audit mitigation action tasks that were executed.", "privilege": "ListAuditMitigationActionsExecutions", "resource_types": [ { @@ -86798,7 +88774,7 @@ }, { "access_level": "List", - "description": "Gets a list of audit mitigation action tasks that match the specified filters.", + "description": "Grants permission to get a list of audit mitigation action tasks that match the specified filters.", "privilege": "ListAuditMitigationActionsTasks", "resource_types": [ { @@ -86810,7 +88786,7 @@ }, { "access_level": "List", - "description": "Lists your Device Defender audit suppressions.", + "description": "Grants permission to list your Device Defender audit suppressions.", "privilege": "ListAuditSuppressions", "resource_types": [ { @@ -86822,7 +88798,7 @@ }, { "access_level": "List", - "description": "Lists the Device Defender audits that have been performed during a given time period.", + "description": "Grants permission to list the Device Defender audits that have been performed during a given time period.", "privilege": "ListAuditTasks", "resource_types": [ { @@ -86834,7 +88810,7 @@ }, { "access_level": "List", - "description": "Lists the authorizers registered in your account.", + "description": "Grants permission to list the authorizers registered in your account.", "privilege": "ListAuthorizers", "resource_types": [ { @@ -86846,7 +88822,7 @@ }, { "access_level": "List", - "description": "Lists all billing groups.", + "description": "Grants permission to list all billing groups.", "privilege": "ListBillingGroups", "resource_types": [ { @@ -86858,7 +88834,7 @@ }, { "access_level": "List", - "description": "Lists the CA certificates registered for your AWS account.", + "description": "Grants permission to list the CA certificates registered for your AWS account.", "privilege": "ListCACertificates", "resource_types": [ { @@ -86870,7 +88846,7 @@ }, { "access_level": "List", - "description": "Lists your certificates.", + "description": "Grants permission to list your certificates.", "privilege": "ListCertificates", "resource_types": [ { @@ -86882,7 +88858,7 @@ }, { "access_level": "List", - "description": "List the device certificates signed by the specified CA certificate.", + "description": "Grants permission to list the device certificates signed by the specified CA certificate.", "privilege": "ListCertificatesByCA", "resource_types": [ { @@ -86930,7 +88906,7 @@ }, { "access_level": "List", - "description": "Lists the dimensions that are defined for your AWS account.", + "description": "Grants permission to list the dimensions that are defined for your AWS account.", "privilege": "ListDimensions", "resource_types": [ { @@ -86942,7 +88918,7 @@ }, { "access_level": "List", - "description": "Lists the domain configuration created by your AWS account.", + "description": "Grants permission to list the domain configuration created by your AWS account.", "privilege": "ListDomainConfigurations", "resource_types": [ { @@ -86954,7 +88930,7 @@ }, { "access_level": "List", - "description": "Lists the fleet metrics in your account.", + "description": "Grants permission to list the fleet metrics in your account.", "privilege": "ListFleetMetrics", "resource_types": [ { @@ -86966,7 +88942,7 @@ }, { "access_level": "List", - "description": "Lists all indices for fleet index", + "description": "Grants permission to list all indices for fleet index", "privilege": "ListIndices", "resource_types": [ { @@ -86978,7 +88954,7 @@ }, { "access_level": "List", - "description": "Lists the job executions for a job.", + "description": "Grants permission to list the job executions for a job.", "privilege": "ListJobExecutionsForJob", "resource_types": [ { @@ -86990,7 +88966,7 @@ }, { "access_level": "List", - "description": "Lists the job executions for the specified thing.", + "description": "Grants permission to list the job executions for the specified thing.", "privilege": "ListJobExecutionsForThing", "resource_types": [ { @@ -87002,7 +88978,19 @@ }, { "access_level": "List", - "description": "Lists jobs.", + "description": "Grants permission to list job templates.", + "privilege": "ListJobTemplates", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list jobs.", "privilege": "ListJobs", "resource_types": [ { @@ -87014,7 +89002,7 @@ }, { "access_level": "List", - "description": "Gets a list of all mitigation actions that match the specified filter criteria.", + "description": "Grants permission to get a list of all mitigation actions that match the specified filter criteria.", "privilege": "ListMitigationActions", "resource_types": [ { @@ -87026,7 +89014,7 @@ }, { "access_level": "List", - "description": "Lists all named shadows for a given thing.", + "description": "Grants permission to list all named shadows for a given thing.", "privilege": "ListNamedShadowsForThing", "resource_types": [ { @@ -87038,7 +89026,7 @@ }, { "access_level": "List", - "description": "Lists OTA update jobs in the account.", + "description": "Grants permission to list OTA update jobs in the account.", "privilege": "ListOTAUpdates", "resource_types": [ { @@ -87050,7 +89038,7 @@ }, { "access_level": "List", - "description": "Lists certificates that are being transfered but not yet accepted.", + "description": "Grants permission to list certificates that are being transfered but not yet accepted.", "privilege": "ListOutgoingCertificates", "resource_types": [ { @@ -87062,7 +89050,7 @@ }, { "access_level": "List", - "description": "Lists your policies.", + "description": "Grants permission to list your policies.", "privilege": "ListPolicies", "resource_types": [ { @@ -87074,7 +89062,7 @@ }, { "access_level": "List", - "description": "Lists the principals associated with the specified policy.", + "description": "Grants permission to list the principals associated with the specified policy.", "privilege": "ListPolicyPrincipals", "resource_types": [ { @@ -87086,7 +89074,7 @@ }, { "access_level": "List", - "description": "Lists the versions of the specified policy, and identifies the default version.", + "description": "Grants permission to list the versions of the specified policy, and identifies the default version.", "privilege": "ListPolicyVersions", "resource_types": [ { @@ -87098,7 +89086,7 @@ }, { "access_level": "List", - "description": "Lists the policies attached to the specified principal. If you use an Amazon Cognito identity, the ID needs to be in Amazon Cognito Identity format.", + "description": "Grants permission to list the policies attached to the specified principal. If you use an Amazon Cognito identity, the ID needs to be in Amazon Cognito Identity format.", "privilege": "ListPrincipalPolicies", "resource_types": [ { @@ -87110,7 +89098,7 @@ }, { "access_level": "List", - "description": "Lists the things associated with the specified principal.", + "description": "Grants permission to list the things associated with the specified principal.", "privilege": "ListPrincipalThings", "resource_types": [ { @@ -87122,7 +89110,7 @@ }, { "access_level": "List", - "description": "A list of fleet provisioning template versions.", + "description": "Grants permission to get a list of fleet provisioning template versions.", "privilege": "ListProvisioningTemplateVersions", "resource_types": [ { @@ -87134,7 +89122,7 @@ }, { "access_level": "List", - "description": "Lists the fleet provisioning templates in your AWS account.", + "description": "Grants permission to list the fleet provisioning templates in your AWS account.", "privilege": "ListProvisioningTemplates", "resource_types": [ { @@ -87146,7 +89134,7 @@ }, { "access_level": "List", - "description": "Lists role aliases.", + "description": "Grants permission to list role aliases.", "privilege": "ListRoleAliases", "resource_types": [ { @@ -87158,7 +89146,7 @@ }, { "access_level": "List", - "description": "Lists all of your scheduled audits.", + "description": "Grants permission to list all of your scheduled audits.", "privilege": "ListScheduledAudits", "resource_types": [ { @@ -87170,7 +89158,7 @@ }, { "access_level": "List", - "description": "Lists the Device Defender security profiles you have created.", + "description": "Grants permission to list the Device Defender security profiles you have created.", "privilege": "ListSecurityProfiles", "resource_types": [ { @@ -87187,7 +89175,7 @@ }, { "access_level": "List", - "description": "Lists the Device Defender security profiles attached to a target.", + "description": "Grants permission to list the Device Defender security profiles attached to a target.", "privilege": "ListSecurityProfilesForTarget", "resource_types": [ { @@ -87199,7 +89187,7 @@ }, { "access_level": "List", - "description": "Lists the streams in your account.", + "description": "Grants permission to list the streams in your account.", "privilege": "ListStreams", "resource_types": [ { @@ -87211,7 +89199,7 @@ }, { "access_level": "List", - "description": "Lists all tags for a given resource.", + "description": "Grants permission to list all tags for a given resource.", "privilege": "ListTagsForResource", "resource_types": [ { @@ -87259,6 +89247,11 @@ "dependent_actions": [], "resource_type": "job" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "jobtemplate" + }, { "condition_keys": [], "dependent_actions": [], @@ -87318,7 +89311,7 @@ }, { "access_level": "List", - "description": "List targets for the specified policy.", + "description": "Grants permission to list targets for the specified policy.", "privilege": "ListTargetsForPolicy", "resource_types": [ { @@ -87330,7 +89323,7 @@ }, { "access_level": "List", - "description": "Lists the targets associated with a given Device Defender security profile.", + "description": "Grants permission to list the targets associated with a given Device Defender security profile.", "privilege": "ListTargetsForSecurityProfile", "resource_types": [ { @@ -87342,7 +89335,7 @@ }, { "access_level": "List", - "description": "Lists all thing groups.", + "description": "Grants permission to list all thing groups.", "privilege": "ListThingGroups", "resource_types": [ { @@ -87354,7 +89347,7 @@ }, { "access_level": "List", - "description": "List thing groups to which the specified thing belongs.", + "description": "Grants permission to list thing groups to which the specified thing belongs.", "privilege": "ListThingGroupsForThing", "resource_types": [ { @@ -87366,7 +89359,7 @@ }, { "access_level": "List", - "description": "Lists the principals associated with the specified thing.", + "description": "Grants permission to list the principals associated with the specified thing.", "privilege": "ListThingPrincipals", "resource_types": [ { @@ -87378,7 +89371,7 @@ }, { "access_level": "List", - "description": "Lists information about bulk thing registration tasks.", + "description": "Grants permission to list information about bulk thing registration tasks.", "privilege": "ListThingRegistrationTaskReports", "resource_types": [ { @@ -87390,7 +89383,7 @@ }, { "access_level": "List", - "description": "Lists bulk thing registration tasks.", + "description": "Grants permission to list bulk thing registration tasks.", "privilege": "ListThingRegistrationTasks", "resource_types": [ { @@ -87402,7 +89395,7 @@ }, { "access_level": "List", - "description": "Lists all thing types.", + "description": "Grants permission to list all thing types.", "privilege": "ListThingTypes", "resource_types": [ { @@ -87414,7 +89407,7 @@ }, { "access_level": "List", - "description": "Lists all things.", + "description": "Grants permission to list all things.", "privilege": "ListThings", "resource_types": [ { @@ -87426,7 +89419,7 @@ }, { "access_level": "List", - "description": "Lists all things in the specified billing group.", + "description": "Grants permission to list all things in the specified billing group.", "privilege": "ListThingsInBillingGroup", "resource_types": [ { @@ -87438,7 +89431,7 @@ }, { "access_level": "List", - "description": "Lists all things in the specified thing group.", + "description": "Grants permission to list all things in the specified thing group.", "privilege": "ListThingsInThingGroup", "resource_types": [ { @@ -87450,7 +89443,7 @@ }, { "access_level": "List", - "description": "Lists all TopicRuleDestinations.", + "description": "Grants permission to list all TopicRuleDestinations.", "privilege": "ListTopicRuleDestinations", "resource_types": [ { @@ -87462,7 +89455,7 @@ }, { "access_level": "List", - "description": "Lists the rules for the specific topic.", + "description": "Grants permission to list the rules for the specific topic.", "privilege": "ListTopicRules", "resource_types": [ { @@ -87474,7 +89467,7 @@ }, { "access_level": "List", - "description": "Lists tunnels.", + "description": "Grants permission to list tunnels.", "privilege": "ListTunnels", "resource_types": [ { @@ -87486,7 +89479,7 @@ }, { "access_level": "List", - "description": "Lists the v2 logging levels.", + "description": "Grants permission to list the v2 logging levels.", "privilege": "ListV2LoggingLevels", "resource_types": [ { @@ -87498,7 +89491,7 @@ }, { "access_level": "List", - "description": "Lists the Device Defender security profile violations discovered during the given time period.", + "description": "Grants permission to list the Device Defender security profile violations discovered during the given time period.", "privilege": "ListViolationEvents", "resource_types": [ { @@ -87515,7 +89508,7 @@ }, { "access_level": "Write", - "description": "Opens a tunnel.", + "description": "Grants permission to open a tunnel.", "privilege": "OpenTunnel", "resource_types": [ { @@ -87532,7 +89525,7 @@ }, { "access_level": "Write", - "description": "Publish to the specified topic.", + "description": "Grants permission to publish to the specified topic.", "privilege": "Publish", "resource_types": [ { @@ -87544,7 +89537,7 @@ }, { "access_level": "Write", - "description": "Receive from the specified topic.", + "description": "Grants permission to receive from the specified topic.", "privilege": "Receive", "resource_types": [ { @@ -87556,7 +89549,7 @@ }, { "access_level": "Write", - "description": "Registers a CA certificate with AWS IoT.", + "description": "Grants permission to register a CA certificate with AWS IoT.", "privilege": "RegisterCACertificate", "resource_types": [ { @@ -87573,7 +89566,7 @@ }, { "access_level": "Write", - "description": "Registers a device certificate with AWS IoT.", + "description": "Grants permission to register a device certificate with AWS IoT.", "privilege": "RegisterCertificate", "resource_types": [ { @@ -87585,7 +89578,7 @@ }, { "access_level": "Write", - "description": "Registers a device certificate with AWS IoT without a registered CA (certificate authority).", + "description": "Grants permission to register a device certificate with AWS IoT without a registered CA (certificate authority).", "privilege": "RegisterCertificateWithoutCA", "resource_types": [ { @@ -87597,7 +89590,7 @@ }, { "access_level": "Write", - "description": "Registers your thing.", + "description": "Grants permission to register your thing.", "privilege": "RegisterThing", "resource_types": [ { @@ -87609,7 +89602,7 @@ }, { "access_level": "Write", - "description": "Rejects a pending certificate transfer.", + "description": "Grants permission to reject a pending certificate transfer.", "privilege": "RejectCertificateTransfer", "resource_types": [ { @@ -87621,7 +89614,7 @@ }, { "access_level": "Write", - "description": "Removes thing from the specified billing group.", + "description": "Grants permission to remove thing from the specified billing group.", "privilege": "RemoveThingFromBillingGroup", "resource_types": [ { @@ -87638,7 +89631,7 @@ }, { "access_level": "Write", - "description": "Removes thing from the specified thing group.", + "description": "Grants permission to remove thing from the specified thing group.", "privilege": "RemoveThingFromThingGroup", "resource_types": [ { @@ -87655,7 +89648,7 @@ }, { "access_level": "Write", - "description": "Replaces the specified rule.", + "description": "Grants permission to replace the specified rule.", "privilege": "ReplaceTopicRule", "resource_types": [ { @@ -87667,7 +89660,7 @@ }, { "access_level": "Read", - "description": "Search IoT fleet index", + "description": "Grants permission to search IoT fleet index", "privilege": "SearchIndex", "resource_types": [ { @@ -87679,7 +89672,7 @@ }, { "access_level": "Permissions management", - "description": "Sets the default authorizer. This will be used if a websocket connection is made without specifying an authorizer.", + "description": "Grants permission to set the default authorizer. This will be used if a websocket connection is made without specifying an authorizer.", "privilege": "SetDefaultAuthorizer", "resource_types": [ { @@ -87691,7 +89684,7 @@ }, { "access_level": "Permissions management", - "description": "Sets the specified version of the specified policy as the policy's default (operative) version.", + "description": "Grants permission to set the specified version of the specified policy as the policy's default (operative) version.", "privilege": "SetDefaultPolicyVersion", "resource_types": [ { @@ -87703,7 +89696,7 @@ }, { "access_level": "Write", - "description": "Sets the logging options.", + "description": "Grants permission to set the logging options.", "privilege": "SetLoggingOptions", "resource_types": [ { @@ -87715,7 +89708,7 @@ }, { "access_level": "Write", - "description": "Sets the v2 logging level.", + "description": "Grants permission to set the v2 logging level.", "privilege": "SetV2LoggingLevel", "resource_types": [ { @@ -87727,7 +89720,7 @@ }, { "access_level": "Write", - "description": "Sets the v2 logging options.", + "description": "Grants permission to set the v2 logging options.", "privilege": "SetV2LoggingOptions", "resource_types": [ { @@ -87739,7 +89732,7 @@ }, { "access_level": "Write", - "description": "Starts a task that applies a set of mitigation actions to the specified target.", + "description": "Grants permission to start a task that applies a set of mitigation actions to the specified target.", "privilege": "StartAuditMitigationActionsTask", "resource_types": [ { @@ -87763,7 +89756,7 @@ }, { "access_level": "Write", - "description": "Gets and starts the next pending job execution for a thing.", + "description": "Grants permission to get and start the next pending job execution for a thing.", "privilege": "StartNextPendingJobExecution", "resource_types": [ { @@ -87775,7 +89768,7 @@ }, { "access_level": "Write", - "description": "Starts an on-demand Device Defender audit.", + "description": "Grants permission to start an on-demand Device Defender audit.", "privilege": "StartOnDemandAuditTask", "resource_types": [ { @@ -87787,7 +89780,7 @@ }, { "access_level": "Write", - "description": "Starts a bulk thing registration task.", + "description": "Grants permission to start a bulk thing registration task.", "privilege": "StartThingRegistrationTask", "resource_types": [ { @@ -87799,7 +89792,7 @@ }, { "access_level": "Write", - "description": "Stops a bulk thing registration task.", + "description": "Grants permission to stop a bulk thing registration task.", "privilege": "StopThingRegistrationTask", "resource_types": [ { @@ -87811,7 +89804,7 @@ }, { "access_level": "Write", - "description": "Subscribe to the specified TopicFilter.", + "description": "Grants permission to subscribe to the specified TopicFilter.", "privilege": "Subscribe", "resource_types": [ { @@ -87823,7 +89816,7 @@ }, { "access_level": "Tagging", - "description": "Tag a specified resource", + "description": "Grants permission to tag a specified resource", "privilege": "TagResource", "resource_types": [ { @@ -87871,6 +89864,11 @@ "dependent_actions": [], "resource_type": "job" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "jobtemplate" + }, { "condition_keys": [], "dependent_actions": [], @@ -87938,7 +89936,7 @@ }, { "access_level": "Read", - "description": "Test the policies evaluation for group policies", + "description": "Grants permission to test the policies evaluation for group policies", "privilege": "TestAuthorization", "resource_types": [ { @@ -87950,7 +89948,7 @@ }, { "access_level": "Read", - "description": "Invoke the specified custom authorizer for testing purposes.", + "description": "Grants permission to test invoke the specified custom authorizer for testing purposes.", "privilege": "TestInvokeAuthorizer", "resource_types": [ { @@ -87962,7 +89960,7 @@ }, { "access_level": "Write", - "description": "Transfers the specified certificate to the specified AWS account.", + "description": "Grants permission to transfer the specified certificate to the specified AWS account.", "privilege": "TransferCertificate", "resource_types": [ { @@ -87974,7 +89972,7 @@ }, { "access_level": "Tagging", - "description": "Untag a specified resource", + "description": "Grants permission to untag a specified resource", "privilege": "UntagResource", "resource_types": [ { @@ -88022,6 +90020,11 @@ "dependent_actions": [], "resource_type": "job" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "jobtemplate" + }, { "condition_keys": [], "dependent_actions": [], @@ -88088,7 +90091,7 @@ }, { "access_level": "Write", - "description": "Configures or reconfigures the Device Defender audit settings for this account.", + "description": "Grants permission to configure or reconfigure the Device Defender audit settings for this account.", "privilege": "UpdateAccountAuditConfiguration", "resource_types": [ { @@ -88100,7 +90103,7 @@ }, { "access_level": "Write", - "description": "Updates a Device Defender audit suppression.", + "description": "Grants permission to update a Device Defender audit suppression.", "privilege": "UpdateAuditSuppression", "resource_types": [ { @@ -88112,7 +90115,7 @@ }, { "access_level": "Write", - "description": "Updates an authorizer", + "description": "Grants permission to update an authorizer", "privilege": "UpdateAuthorizer", "resource_types": [ { @@ -88124,7 +90127,7 @@ }, { "access_level": "Write", - "description": "Updates information associated with the specified billing group.", + "description": "Grants permission to update information associated with the specified billing group.", "privilege": "UpdateBillingGroup", "resource_types": [ { @@ -88136,7 +90139,7 @@ }, { "access_level": "Write", - "description": "Updates a registered CA certificate.", + "description": "Grants permission to update a registered CA certificate.", "privilege": "UpdateCACertificate", "resource_types": [ { @@ -88150,7 +90153,7 @@ }, { "access_level": "Write", - "description": "Updates the status of the specified certificate. This operation is idempotent.", + "description": "Grants permission to update the status of the specified certificate. This operation is idempotent.", "privilege": "UpdateCertificate", "resource_types": [ { @@ -88174,7 +90177,7 @@ }, { "access_level": "Write", - "description": "Updates the definition for a dimension.", + "description": "Grants permission to update the definition for a dimension.", "privilege": "UpdateDimension", "resource_types": [ { @@ -88186,7 +90189,7 @@ }, { "access_level": "Write", - "description": "Updates a domain configuration.", + "description": "Grants permission to update a domain configuration.", "privilege": "UpdateDomainConfiguration", "resource_types": [ { @@ -88198,7 +90201,7 @@ }, { "access_level": "Write", - "description": "Updates a Dynamic Thing Group", + "description": "Grants permission to update a Dynamic Thing Group", "privilege": "UpdateDynamicThingGroup", "resource_types": [ { @@ -88210,7 +90213,7 @@ }, { "access_level": "Write", - "description": "Updates event configurations.", + "description": "Grants permission to update event configurations.", "privilege": "UpdateEventConfigurations", "resource_types": [ { @@ -88222,7 +90225,7 @@ }, { "access_level": "Write", - "description": "Updates a fleet metric", + "description": "Grants permission to update a fleet metric", "privilege": "UpdateFleetMetric", "resource_types": [ { @@ -88239,7 +90242,7 @@ }, { "access_level": "Write", - "description": "Updates fleet indexing configuration", + "description": "Grants permission to update fleet indexing configuration", "privilege": "UpdateIndexingConfiguration", "resource_types": [ { @@ -88251,7 +90254,7 @@ }, { "access_level": "Write", - "description": "Updates a job.", + "description": "Grants permission to update a job.", "privilege": "UpdateJob", "resource_types": [ { @@ -88263,7 +90266,7 @@ }, { "access_level": "Write", - "description": "Updates a job execution.", + "description": "Grants permission to update a job execution.", "privilege": "UpdateJobExecution", "resource_types": [ { @@ -88275,7 +90278,7 @@ }, { "access_level": "Write", - "description": "Updates the definition for the specified mitigation action.", + "description": "Grants permission to update the definition for the specified mitigation action.", "privilege": "UpdateMitigationAction", "resource_types": [ { @@ -88287,7 +90290,7 @@ }, { "access_level": "Write", - "description": "Updates a fleet provisioning template.", + "description": "Grants permission to update a fleet provisioning template.", "privilege": "UpdateProvisioningTemplate", "resource_types": [ { @@ -88301,7 +90304,7 @@ }, { "access_level": "Write", - "description": "Updates the role alias", + "description": "Grants permission to update the role alias", "privilege": "UpdateRoleAlias", "resource_types": [ { @@ -88315,7 +90318,7 @@ }, { "access_level": "Write", - "description": "Updates a scheduled audit, including what checks are performed and how often the audit takes place.", + "description": "Grants permission to update a scheduled audit, including what checks are performed and how often the audit takes place.", "privilege": "UpdateScheduledAudit", "resource_types": [ { @@ -88327,7 +90330,7 @@ }, { "access_level": "Write", - "description": "Updates a Device Defender security profile.", + "description": "Grants permission to update a Device Defender security profile.", "privilege": "UpdateSecurityProfile", "resource_types": [ { @@ -88349,7 +90352,7 @@ }, { "access_level": "Write", - "description": "Updates the data for a stream.", + "description": "Grants permission to update the data for a stream.", "privilege": "UpdateStream", "resource_types": [ { @@ -88361,7 +90364,7 @@ }, { "access_level": "Write", - "description": "Updates information associated with the specified thing.", + "description": "Grants permission to update information associated with the specified thing.", "privilege": "UpdateThing", "resource_types": [ { @@ -88373,7 +90376,7 @@ }, { "access_level": "Write", - "description": "Updates information associated with the specified thing group.", + "description": "Grants permission to update information associated with the specified thing group.", "privilege": "UpdateThingGroup", "resource_types": [ { @@ -88385,7 +90388,7 @@ }, { "access_level": "Write", - "description": "Updates the thing groups to which the thing belongs.", + "description": "Grants permission to update the thing groups to which the thing belongs.", "privilege": "UpdateThingGroupsForThing", "resource_types": [ { @@ -88402,7 +90405,7 @@ }, { "access_level": "Write", - "description": "Updates the thing shadow.", + "description": "Grants permission to update the thing shadow.", "privilege": "UpdateThingShadow", "resource_types": [ { @@ -88414,7 +90417,7 @@ }, { "access_level": "Write", - "description": "Updates a TopicRuleDestination.", + "description": "Grants permission to update a TopicRuleDestination.", "privilege": "UpdateTopicRuleDestination", "resource_types": [ { @@ -88426,7 +90429,7 @@ }, { "access_level": "Read", - "description": "Validates a Device Defender security profile behaviors specification.", + "description": "Grants permission to validate a Device Defender security profile behaviors specification.", "privilege": "ValidateSecurityProfileBehaviors", "resource_types": [ { @@ -88462,6 +90465,13 @@ ], "resource": "job" }, + { + "arn": "arn:${Partition}:iot:${Region}:${Account}:jobtemplate/${JobTemplateId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "jobtemplate" + }, { "arn": "arn:${Partition}:iot:${Region}:${Account}:tunnel/${TunnelId}", "condition_keys": [ @@ -90134,6 +92144,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "DescribeDetectorModelAnalysis", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve an information about Input", @@ -90158,6 +92180,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "GetDetectorModelAnalysisResults", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list all the versions of an alarm model", @@ -90230,6 +92264,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list one or more input routings", + "privilege": "ListInputRoutings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to lists the inputs you have created", @@ -91004,6 +93050,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "DescribeStorageConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to disassociate a child asset from a parent asset by a hierarchy", @@ -91385,6 +93443,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update an AssetModel property routing", + "privilege": "UpdateAssetModelPropertyRouting", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "asset-model*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update an asset property", @@ -92404,6 +94474,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get log levels by resource types", + "privilege": "GetLogLevelsByResourceTypes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get the associated PartnerAccount", @@ -92416,6 +94498,23 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get resource log level", + "privilege": "GetResourceLogLevel", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "WirelessDevice" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "WirelessGateway" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve the customer account specific endpoint for CUPS protocol connection or LoRaWAN Network Server (LNS) protocol connection, and optionally server trust certificate in PEM format", @@ -92662,6 +94761,52 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to put resource log level", + "privilege": "PutResourceLogLevel", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "WirelessDevice" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "WirelessGateway" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to reset all resource log levels", + "privilege": "ResetAllResourceLogLevels", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to reset resource log level", + "privilege": "ResetResourceLogLevel", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "WirelessDevice" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "WirelessGateway" + } + ] + }, { "access_level": "Write", "description": "Grants permission to send the decrypted application data frame to the target device", @@ -92797,6 +94942,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update log levels by resource types", + "privilege": "UpdateLogLevelsByResourceTypes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update a partner account", @@ -94159,17 +96316,17 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters create requests based on the allowed set of values for each of the mandatory tags", + "description": "Filters access based on the tags that are passed in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on the tag value associated with the resource", + "description": "Filters access based on the tags associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters create requests based on the presence of mandatory tags in the request", + "description": "Filters access based on the tag keys that are passed in the request", "type": "String" } ], @@ -94199,6 +96356,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grant permission to clear out the suggestions for a given index, generated so far", + "privilege": "ClearQuerySuggestions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "index*" + } + ] + }, { "access_level": "Write", "description": "Grant permission to create a data source", @@ -94254,6 +96423,26 @@ } ] }, + { + "access_level": "Write", + "description": "Grant permission to create a QuerySuggestions BlockList", + "privilege": "CreateQuerySuggestionsBlockList", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "index*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grant permission to create a Thesaurus", @@ -94320,6 +96509,23 @@ } ] }, + { + "access_level": "Write", + "description": "Grant permission to delete a QuerySuggestions BlockList", + "privilege": "DeleteQuerySuggestionsBlockList", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "index*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "query-suggestions-block-list*" + } + ] + }, { "access_level": "Write", "description": "Grant permission to delete a Thesaurus", @@ -94383,6 +96589,35 @@ } ] }, + { + "access_level": "Read", + "description": "Grant permission to describe a QuerySuggestions BlockList", + "privilege": "DescribeQuerySuggestionsBlockList", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "index*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "query-suggestions-block-list*" + } + ] + }, + { + "access_level": "Read", + "description": "Grant permission to describe the query suggestions configuration for an index", + "privilege": "DescribeQuerySuggestionsConfig", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "index*" + } + ] + }, { "access_level": "Read", "description": "Grant permission to describe a Thesaurus", @@ -94400,6 +96635,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grant permission to get suggestions for a query prefix", + "privilege": "GetQuerySuggestions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "index*" + } + ] + }, { "access_level": "List", "description": "Grant permission to get Data Source sync job history", @@ -94455,6 +96702,18 @@ }, { "access_level": "List", + "description": "Grant permission to list the QuerySuggestions BlockLists", + "privilege": "ListQuerySuggestionsBlockLists", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "index*" + } + ] + }, + { + "access_level": "Read", "description": "Grant permission to list tags for a resource", "privilege": "ListTagsForResource", "resource_types": [ @@ -94473,6 +96732,11 @@ "dependent_actions": [], "resource_type": "index" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "query-suggestions-block-list" + }, { "condition_keys": [], "dependent_actions": [], @@ -94570,6 +96834,11 @@ "dependent_actions": [], "resource_type": "index" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "query-suggestions-block-list" + }, { "condition_keys": [], "dependent_actions": [], @@ -94605,6 +96874,11 @@ "dependent_actions": [], "resource_type": "index" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "query-suggestions-block-list" + }, { "condition_keys": [], "dependent_actions": [], @@ -94648,6 +96922,35 @@ } ] }, + { + "access_level": "Write", + "description": "Grant permission to update a QuerySuggestions BlockList", + "privilege": "UpdateQuerySuggestionsBlockList", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "index*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "query-suggestions-block-list*" + } + ] + }, + { + "access_level": "Write", + "description": "Grant permission to update the query suggestions configuration for an index", + "privilege": "UpdateQuerySuggestionsConfig", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "index*" + } + ] + }, { "access_level": "Write", "description": "Grant permission to update a thesaurus", @@ -94694,6 +96997,13 @@ "aws:ResourceTag/${TagKey}" ], "resource": "thesaurus" + }, + { + "arn": "arn:${Partition}:kendra:${Region}:${Account}:index/${IndexId}/query-suggestions-block-list/${QuerySuggestionsBlockListId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "query-suggestions-block-list" } ], "service_name": "Amazon Kendra" @@ -95110,7 +97420,19 @@ "privileges": [ { "access_level": "Write", - "description": "Adds input to the application.", + "description": "Grants permission to add cloudwatch logging option to the application", + "privilege": "AddApplicationCloudWatchLoggingOption", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to add input to the application", "privilege": "AddApplicationInput", "resource_types": [ { @@ -95122,7 +97444,19 @@ }, { "access_level": "Write", - "description": "Adds output to the application.", + "description": "Grants permission to add input processing configuration to the application", + "privilege": "AddApplicationInputProcessingConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to add output to the application", "privilege": "AddApplicationOutput", "resource_types": [ { @@ -95134,7 +97468,7 @@ }, { "access_level": "Write", - "description": "Adds reference data source to the application.", + "description": "Grants permission to add reference data source to the application", "privilege": "AddApplicationReferenceDataSource", "resource_types": [ { @@ -95146,7 +97480,19 @@ }, { "access_level": "Write", - "description": "Creates an application.", + "description": "Grants permission to add VPC configuration to the application", + "privilege": "AddApplicationVpcConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an application", "privilege": "CreateApplication", "resource_types": [ { @@ -95159,9 +97505,33 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to create and return a URL that you can use to connect to an application's extension", + "privilege": "CreateApplicationPresignedUrl", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + } + ] + }, { "access_level": "Write", - "description": "Deletes the application.", + "description": "Grants permission to create a snapshot for an application", + "privilege": "CreateApplicationSnapshot", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the application", "privilege": "DeleteApplication", "resource_types": [ { @@ -95173,7 +97543,31 @@ }, { "access_level": "Write", - "description": "Deletes the specified output of the application.", + "description": "Grants permission to delete the specified cloudwatch logging option of the application", + "privilege": "DeleteApplicationCloudWatchLoggingOption", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the specified input processing configuration of the application", + "privilege": "DeleteApplicationInputProcessingConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the specified output of the application", "privilege": "DeleteApplicationOutput", "resource_types": [ { @@ -95185,7 +97579,7 @@ }, { "access_level": "Write", - "description": "Deletes the specified reference data source of the application.", + "description": "Grants permission to delete the specified reference data source of the application", "privilege": "DeleteApplicationReferenceDataSource", "resource_types": [ { @@ -95195,9 +97589,33 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a snapshot for an application", + "privilege": "DeleteApplicationSnapshot", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the specified VPC configuration of the application", + "privilege": "DeleteApplicationVpcConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + } + ] + }, { "access_level": "Read", - "description": "Describes the specified application.", + "description": "Grants permission to describe the specified application", "privilege": "DescribeApplication", "resource_types": [ { @@ -95209,7 +97627,19 @@ }, { "access_level": "Read", - "description": "Discovers the input schema for the application.", + "description": "Grants permission to describe an application snapshot", + "privilege": "DescribeApplicationSnapshot", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to discover the input schema for the application", "privilege": "DiscoverInputSchema", "resource_types": [ { @@ -95221,8 +97651,8 @@ }, { "access_level": "Read", - "description": "Grant permission to Kinesis Data Analytics console to display stream results for Kinesis Data Analytics SQL runtime applications.", - "privilege": "GetApplicationState", + "description": "Grants permission to list the snapshots for an application", + "privilege": "ListApplicationSnapshots", "resource_types": [ { "condition_keys": [], @@ -95231,9 +97661,21 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "ListApplicationVersions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", - "description": "List applications for the account", + "description": "Grants permission to list applications for the account", "privilege": "ListApplications", "resource_types": [ { @@ -95245,7 +97687,7 @@ }, { "access_level": "Read", - "description": "Fetch the tags associated with the application.", + "description": "Grants permission to fetch the tags associated with the application", "privilege": "ListTagsForResource", "resource_types": [ { @@ -95257,7 +97699,7 @@ }, { "access_level": "Write", - "description": "Starts the application.", + "description": "Grants permission to start the application", "privilege": "StartApplication", "resource_types": [ { @@ -95269,7 +97711,7 @@ }, { "access_level": "Write", - "description": "Stops the application.", + "description": "Grants permission to stop the application", "privilege": "StopApplication", "resource_types": [ { @@ -95281,7 +97723,7 @@ }, { "access_level": "Tagging", - "description": "Add tags to the application.", + "description": "Grants permission to add tags to the application", "privilege": "TagResource", "resource_types": [ { @@ -95301,7 +97743,7 @@ }, { "access_level": "Tagging", - "description": "Remove the specified tags from the application.", + "description": "Grants permission to remove the specified tags from the application", "privilege": "UntagResource", "resource_types": [ { @@ -95320,7 +97762,7 @@ }, { "access_level": "Write", - "description": "Updates the application.", + "description": "Grants permission to update the application", "privilege": "UpdateApplication", "resource_types": [ { @@ -95340,7 +97782,7 @@ "resource": "application" } ], - "service_name": "Amazon Kinesis Analytics" + "service_name": "Amazon Kinesis Analytics V2" }, { "conditions": [ @@ -95364,19 +97806,7 @@ "privileges": [ { "access_level": "Write", - "description": "Grants permission to add cloudwatch logging option to the application", - "privilege": "AddApplicationCloudWatchLoggingOption", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to add input to the application", + "description": "Adds input to the application.", "privilege": "AddApplicationInput", "resource_types": [ { @@ -95388,19 +97818,7 @@ }, { "access_level": "Write", - "description": "Grants permission to add input processing configuration to the application", - "privilege": "AddApplicationInputProcessingConfiguration", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to add output to the application", + "description": "Adds output to the application.", "privilege": "AddApplicationOutput", "resource_types": [ { @@ -95412,7 +97830,7 @@ }, { "access_level": "Write", - "description": "Grants permission to add reference data source to the application", + "description": "Adds reference data source to the application.", "privilege": "AddApplicationReferenceDataSource", "resource_types": [ { @@ -95424,19 +97842,7 @@ }, { "access_level": "Write", - "description": "Grants permission to add VPC configuration to the application", - "privilege": "AddApplicationVpcConfiguration", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create an application", + "description": "Creates an application.", "privilege": "CreateApplication", "resource_types": [ { @@ -95449,33 +97855,9 @@ } ] }, - { - "access_level": "Read", - "description": "Grants permission to create and return a URL that you can use to connect to an application's extension", - "privilege": "CreateApplicationPresignedUrl", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a snapshot for an application", - "privilege": "CreateApplicationSnapshot", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, { "access_level": "Write", - "description": "Grants permission to delete the application", + "description": "Deletes the application.", "privilege": "DeleteApplication", "resource_types": [ { @@ -95487,31 +97869,7 @@ }, { "access_level": "Write", - "description": "Grants permission to delete the specified cloudwatch logging option of the application", - "privilege": "DeleteApplicationCloudWatchLoggingOption", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete the specified input processing configuration of the application", - "privilege": "DeleteApplicationInputProcessingConfiguration", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete the specified output of the application", + "description": "Deletes the specified output of the application.", "privilege": "DeleteApplicationOutput", "resource_types": [ { @@ -95523,7 +97881,7 @@ }, { "access_level": "Write", - "description": "Grants permission to delete the specified reference data source of the application", + "description": "Deletes the specified reference data source of the application.", "privilege": "DeleteApplicationReferenceDataSource", "resource_types": [ { @@ -95533,33 +97891,9 @@ } ] }, - { - "access_level": "Write", - "description": "Grants permission to delete a snapshot for an application", - "privilege": "DeleteApplicationSnapshot", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete the specified VPC configuration of the application", - "privilege": "DeleteApplicationVpcConfiguration", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - }, { "access_level": "Read", - "description": "Grants permission to describe the specified application", + "description": "Describes the specified application.", "privilege": "DescribeApplication", "resource_types": [ { @@ -95571,43 +97905,43 @@ }, { "access_level": "Read", - "description": "Grants permission to describe an application snapshot", - "privilege": "DescribeApplicationSnapshot", + "description": "Discovers the input schema for the application.", + "privilege": "DiscoverInputSchema", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to discover the input schema for the application", - "privilege": "DiscoverInputSchema", + "description": "Grant permission to Kinesis Data Analytics console to display stream results for Kinesis Data Analytics SQL runtime applications.", + "privilege": "GetApplicationState", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "application*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list the snapshots for an application", - "privilege": "ListApplicationSnapshots", + "access_level": "Unknown", + "description": "", + "privilege": "ListApplicationVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list applications for the account", + "description": "List applications for the account", "privilege": "ListApplications", "resource_types": [ { @@ -95619,7 +97953,7 @@ }, { "access_level": "Read", - "description": "Grants permission to fetch the tags associated with the application", + "description": "Fetch the tags associated with the application.", "privilege": "ListTagsForResource", "resource_types": [ { @@ -95631,7 +97965,7 @@ }, { "access_level": "Write", - "description": "Grants permission to start the application", + "description": "Starts the application.", "privilege": "StartApplication", "resource_types": [ { @@ -95643,7 +97977,7 @@ }, { "access_level": "Write", - "description": "Grants permission to stop the application", + "description": "Stops the application.", "privilege": "StopApplication", "resource_types": [ { @@ -95655,7 +97989,7 @@ }, { "access_level": "Tagging", - "description": "Grants permission to add tags to the application", + "description": "Add tags to the application.", "privilege": "TagResource", "resource_types": [ { @@ -95675,7 +98009,7 @@ }, { "access_level": "Tagging", - "description": "Grants permission to remove the specified tags from the application", + "description": "Remove the specified tags from the application.", "privilege": "UntagResource", "resource_types": [ { @@ -95694,7 +98028,7 @@ }, { "access_level": "Write", - "description": "Grants permission to update the application", + "description": "Updates the application.", "privilege": "UpdateApplication", "resource_types": [ { @@ -95714,7 +98048,7 @@ "resource": "application" } ], - "service_name": "Amazon Kinesis Analytics V2" + "service_name": "Amazon Kinesis Analytics" }, { "conditions": [ @@ -96253,11 +98587,31 @@ "description": "Filters access to the Sign and Verify operations based on the value of the MessageType parameter in the request", "type": "String" }, + { + "condition": "kms:MultiRegion", + "description": "Filters access to an API operation based on the MultiRegion property of the CMK created by or used in the operation. Use it to qualify authorization of the CreateKey operation or any operation that is authorized for a CMK resource", + "type": "Bool" + }, + { + "condition": "kms:MultiRegionKeyType", + "description": "Filters access to an API operation based on the MultiRegionKeyType property of the CMK created by or used in the operation. Use it to qualify authorization of the CreateKey operation or any operation that is authorized for a CMK resource", + "type": "String" + }, + { + "condition": "kms:PrimaryRegion", + "description": "Filters access to the UpdatePrimaryRegion operation based on the value of the PrimaryRegion parameter in the request", + "type": "String" + }, { "condition": "kms:ReEncryptOnSameKey", "description": "Filters access to the ReEncrypt operation when it uses the same customer master key that was used for the Encrypt operation", "type": "Bool" }, + { + "condition": "kms:ReplicaRegion", + "description": "Filters access to the ReplicateKey operation based on the value of the ReplicaRegion parameter in the request", + "type": "String" + }, { "condition": "kms:RequestAlias", "description": "Filters access to cryptographic operations, DescribeKey, and GetPublicKey based on the alias in the request", @@ -96404,7 +98758,9 @@ "kms:BypassPolicyLockoutSafetyCheck", "kms:CustomerMasterKeySpec", "kms:CustomerMasterKeyUsage", - "kms:KeyOrigin" + "kms:KeyOrigin", + "kms:MultiRegion", + "kms:MultiRegionKeyType" ], "dependent_actions": [], "resource_type": "" @@ -97006,6 +99362,29 @@ } ] }, + { + "access_level": "Write", + "description": "Controls permission to replicate a multi-Region primary key", + "privilege": "ReplicateKey", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "kms:CreateKey" + ], + "resource_type": "key*" + }, + { + "condition_keys": [ + "kms:CallerAccount", + "kms:ReplicaRegion", + "kms:ViaService" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Permissions management", "description": "Controls permission to retire a grant. The RetireGrant operation is typically called by the grant user after they complete the tasks that the grant allowed them to perform", @@ -97081,6 +99460,18 @@ } ] }, + { + "access_level": "Write", + "description": "Controls access to internal APIs that synchronize multi-Region keys", + "privilege": "SynchronizeMultiRegionKey", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "key*" + } + ] + }, { "access_level": "Tagging", "description": "Controls permission to create or update tags that are attached to a customer master key", @@ -97178,6 +99569,27 @@ } ] }, + { + "access_level": "Write", + "description": "Controls permission to update the primary Region of a multi-Region primary key", + "privilege": "UpdatePrimaryRegion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "key*" + }, + { + "condition_keys": [ + "kms:CallerAccount", + "kms:PrimaryRegion", + "kms:ViaService" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Controls permission to use the specified customer master key to verify digital signatures", @@ -97219,6 +99631,18 @@ "conditions": [], "prefix": "lakeformation", "privileges": [ + { + "access_level": "Unknown", + "description": "", + "privilege": "AddLFTagsToResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Permissions management", "description": "Grants data lake permissions to one or more principals in a batch.", @@ -97243,6 +99667,30 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "CreateLFTag", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "DeleteLFTag", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Deregisters a registered location.", @@ -97303,6 +99751,30 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "GetLFTag", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "GetResourceLFTags", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Permissions management", "description": "Grants data lake permissions to a principal.", @@ -97315,6 +99787,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "ListLFTags", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Lists permissions filtered by principal or resource.", @@ -97363,6 +99847,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "RemoveLFTagsFromResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Permissions management", "description": "Revokes data lake permissions from a principal.", @@ -97375,6 +99871,42 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "SearchDatabasesByLFTags", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "SearchTablesByLFTags", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "UpdateLFTag", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Updates a registered location.", @@ -97405,7 +99937,7 @@ }, { "condition": "lambda:Layer", - "description": "Filters access by the ARN of an AWS Lambda layer", + "description": "Filters access by the ARN of a version of an AWS Lambda layer", "type": "String" }, { @@ -99120,6 +101652,16 @@ "description": "Grants permission to create a new bot and a test bot alias pointing to the DRAFT bot version", "privilege": "CreateBot", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot alias*" + }, { "condition_keys": [ "aws:TagKeys", @@ -99138,7 +101680,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "bot alias*" }, { "condition_keys": [ @@ -99186,6 +101728,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create an export for an existing resource", + "privilege": "CreateExport", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a new intent in an existing bot locale", @@ -99198,6 +101752,23 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a new resource policy for a Lex resource", + "privilege": "CreateResourcePolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot alias" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a new slot in an intent", @@ -99222,6 +101793,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create an upload url for import file", + "privilege": "CreateUploadUrl", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete an existing bot", @@ -99229,7 +101812,15 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "lex:DeleteBotAlias", + "lex:DeleteBotChannel", + "lex:DeleteBotLocale", + "lex:DeleteBotVersion", + "lex:DeleteIntent", + "lex:DeleteSlot", + "lex:DeleteSlotType" + ], "resource_type": "bot*" }, { @@ -99270,7 +101861,11 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "lex:DeleteIntent", + "lex:DeleteSlot", + "lex:DeleteSlotType" + ], "resource_type": "bot*" } ] @@ -99287,6 +101882,30 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete an existing export", + "privilege": "DeleteExport", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an existing import", + "privilege": "DeleteImport", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete an existing intent in a bot locale", @@ -99299,6 +101918,23 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete an existing resource policy for a Lex resource", + "privilege": "DeleteResourcePolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot alias" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete session information for a bot alias and user ID", @@ -99397,20 +102033,30 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve an existing intent", - "privilege": "DescribeIntent", + "description": "Grants permission to retrieve an existing export", + "privilege": "DescribeExport", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "lex:DescribeBot", + "lex:DescribeBotLocale", + "lex:DescribeIntent", + "lex:DescribeSlot", + "lex:DescribeSlotType", + "lex:ListBotLocales", + "lex:ListIntents", + "lex:ListSlotTypes", + "lex:ListSlots" + ], "resource_type": "bot*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve an existing slot", - "privilege": "DescribeSlot", + "description": "Grants permission to retrieve an existing import", + "privilege": "DescribeImport", "resource_types": [ { "condition_keys": [], @@ -99421,8 +102067,8 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve an existing slot type", - "privilege": "DescribeSlotType", + "description": "Grants permission to retrieve an existing intent", + "privilege": "DescribeIntent", "resource_types": [ { "condition_keys": [], @@ -99432,26 +102078,43 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list built-in intents", - "privilege": "GetBuiltinIntents", + "access_level": "Read", + "description": "Grants permission to retrieve an existing resource policy for a Lex resource", + "privilege": "DescribeResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "bot" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot alias" } ] }, { - "access_level": "List", - "description": "Grants permission to list built-in slot types", - "privilege": "GetBuiltinSlotTypes", + "access_level": "Read", + "description": "Grants permission to retrieve an existing slot", + "privilege": "DescribeSlot", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "bot*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve an existing slot type", + "privilege": "DescribeSlotType", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot*" } ] }, @@ -99527,6 +102190,54 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list built-in intents", + "privilege": "ListBuiltInIntents", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list built-in slot types", + "privilege": "ListBuiltInSlotTypes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list existing exports", + "privilege": "ListExports", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list existing imports", + "privilege": "ListImports", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list intents in a bot", @@ -99628,6 +102339,46 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to start a new import with the uploaded import file", + "privilege": "StartImport", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "lex:CreateBot", + "lex:CreateBotLocale", + "lex:CreateIntent", + "lex:CreateSlot", + "lex:CreateSlotType", + "lex:DeleteBotLocale", + "lex:DeleteIntent", + "lex:DeleteSlot", + "lex:DeleteSlotType", + "lex:UpdateBot", + "lex:UpdateBotLocale", + "lex:UpdateIntent", + "lex:UpdateSlot", + "lex:UpdateSlotType" + ], + "resource_type": "bot" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot alias" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Tagging", "description": "Grants permission to add or overwrite tags of a Lex resource", @@ -99714,6 +102465,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update an existing export", + "privilege": "UpdateExport", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update an existing intent", @@ -99726,6 +102489,23 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update an existing resource policy for a Lex resource", + "privilege": "UpdateResourcePolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot alias" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update an existing slot", @@ -104828,7 +107608,7 @@ }, { "access_level": "Write", - "description": "Grants permission to create and define the settings for a classification job", + "description": "Grants permission to create and define the settings for a sensitive data discovery job", "privilege": "CreateClassificationJob", "resource_types": [ { @@ -104900,7 +107680,7 @@ }, { "access_level": "Write", - "description": "Grants permission to associate an account with an Amazon Macie master account", + "description": "Grants permission to associate an account with an Amazon Macie administrator account", "privilege": "CreateMember", "resource_types": [ { @@ -104980,7 +107760,7 @@ }, { "access_level": "Write", - "description": "Grants permission to delete the association between an Amazon Macie master account and an account", + "description": "Grants permission to delete the association between an Amazon Macie administrator account and an account", "privilege": "DeleteMember", "resource_types": [ { @@ -104992,7 +107772,7 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve statistical and other data about S3 buckets that Amazon Macie monitors and analyzes", + "description": "Grants permission to retrieve statistical data and other information about S3 buckets that Amazon Macie monitors and analyzes", "privilege": "DescribeBuckets", "resource_types": [ { @@ -105004,7 +107784,7 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve information about the status and settings for a classification job", + "description": "Grants permission to retrieve information about the status and settings for a sensitive data discovery job", "privilege": "DescribeClassificationJob", "resource_types": [ { @@ -105040,7 +107820,7 @@ }, { "access_level": "Write", - "description": "Grants permission to disable an account as a delegated administrator of Amazon Macie for an AWS organization", + "description": "Grants permission to disable an account as the delegated Amazon Macie administrator account for an AWS organization", "privilege": "DisableOrganizationAdminAccount", "resource_types": [ { @@ -105052,7 +107832,19 @@ }, { "access_level": "Write", - "description": "Grants an Amazon Macie member account with permission to disassociate from its master account", + "description": "Grants an Amazon Macie member account with permission to disassociate from its Macie administrator account", + "privilege": "DisassociateFromAdministratorAccount", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "(Deprecated) Grants an Amazon Macie member account with permission to disassociate from its Macie administrator account", "privilege": "DisassociateFromMasterAccount", "resource_types": [ { @@ -105064,7 +107856,7 @@ }, { "access_level": "Write", - "description": "Grants an Amazon Macie master account with permission to disassociate from a member account", + "description": "Grants an Amazon Macie administrator account with permission to disassociate from a Macie member account", "privilege": "DisassociateMember", "resource_types": [ { @@ -105088,7 +107880,7 @@ }, { "access_level": "Write", - "description": "Grants permission to enable an account as a delegated administrator of Amazon Macie for an AWS organization", + "description": "Grants permission to enable an account as the delegated Amazon Macie administrator account for an AWS organization", "privilege": "EnableOrganizationAdminAccount", "resource_types": [ { @@ -105098,6 +107890,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about the Amazon Macie administrator account for an account", + "privilege": "GetAdministratorAccount", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve aggregated statistical data for all the S3 buckets that Amazon Macie monitors and analyzes", @@ -105112,7 +107916,7 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve the settings for exporting data classification results", + "description": "Grants permission to retrieve the settings for exporting sensitive data discovery results", "privilege": "GetClassificationExportConfiguration", "resource_types": [ { @@ -105148,7 +107952,7 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve information about one or more findings", + "description": "Grants permission to retrieve the details of one or more findings", "privilege": "GetFindings", "resource_types": [ { @@ -105170,6 +107974,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the configuration settings for publishing findings to AWS Security Hub", + "privilege": "GetFindingsPublicationConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve the count of Amazon Macie membership invitations that were received by an account", @@ -105196,7 +108012,7 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve information about the Amazon Macie master account for an account", + "description": "(Deprecated) Grants permission to retrieve information about the Amazon Macie administrator account for an account", "privilege": "GetMasterAccount", "resource_types": [ { @@ -105208,7 +108024,7 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve information about an account that's associated with an Amazon Macie master account", + "description": "Grants permission to retrieve information about an account that's associated with an Amazon Macie administrator account", "privilege": "GetMember", "resource_types": [ { @@ -105244,7 +108060,7 @@ }, { "access_level": "List", - "description": "Grants permission to retrieve information about the status and settings for one or more classification jobs", + "description": "Grants permission to retrieve a subset of information about the status and settings for one or more sensitive data discovery jobs", "privilege": "ListClassificationJobs", "resource_types": [ { @@ -105304,7 +108120,7 @@ }, { "access_level": "List", - "description": "Grants permission to retrieve information about all the accounts that are associated with an Amazon Macie master account", + "description": "Grants permission to retrieve information about the Amazon Macie member accounts that are associated with a Macie administrator account", "privilege": "ListMembers", "resource_types": [ { @@ -105327,8 +108143,8 @@ ] }, { - "access_level": "List", - "description": "Grants permission to retrieve the tags for an Amazon Macie resource or member account", + "access_level": "Read", + "description": "Grants permission to retrieve the tags for an Amazon Macie resource", "privilege": "ListTagsForResource", "resource_types": [ { @@ -105340,7 +108156,7 @@ }, { "access_level": "Write", - "description": "Grants permission to create or update the settings for exporting data classification results", + "description": "Grants permission to create or update the settings for storing sensitive data discovery results", "privilege": "PutClassificationExportConfiguration", "resource_types": [ { @@ -105350,9 +108166,33 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update the configuration settings for publishing findings to AWS Security Hub", + "privilege": "PutFindingsPublicationConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve statistical data and other information about AWS resources that Amazon Macie monitors and analyzes", + "privilege": "SearchResources", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Tagging", - "description": "Grants permission to add or update the tags for an Amazon Macie resource or member account", + "description": "Grants permission to add or update the tags for an Amazon Macie resource", "privilege": "TagResource", "resource_types": [ { @@ -105379,7 +108219,7 @@ }, { "access_level": "Tagging", - "description": "Grants permission to remove tags from an Amazon Macie resource or member account", + "description": "Grants permission to remove tags from an Amazon Macie resource", "privilege": "UntagResource", "resource_types": [ { @@ -105393,7 +108233,7 @@ }, { "access_level": "Write", - "description": "Grants permission to cancel a classification job", + "description": "Grants permission to change the status of a sensitive data discovery job", "privilege": "UpdateClassificationJob", "resource_types": [ { @@ -105445,7 +108285,7 @@ }, { "access_level": "Write", - "description": "Grants an Amazon Macie master account with permission to suspend or re-enable a member account", + "description": "Grants an Amazon Macie administrator account with permission to suspend or re-enable a Macie member account", "privilege": "UpdateMemberSession", "resource_types": [ { @@ -106472,7 +109312,19 @@ "privileges": [ { "access_level": "Write", - "description": "Grants permission to add outputs to any flow.", + "description": "Grants permission to add media streams to any flow", + "privilege": "AddFlowMediaStreams", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to add outputs to any flow", "privilege": "AddFlowOutputs", "resource_types": [ { @@ -106484,7 +109336,7 @@ }, { "access_level": "Write", - "description": "Grants permission to add sources to any flow.", + "description": "Grants permission to add sources to any flow", "privilege": "AddFlowSources", "resource_types": [ { @@ -106496,7 +109348,7 @@ }, { "access_level": "Write", - "description": "Grants permission to add VPC interfaces to any flow.", + "description": "Grants permission to add VPC interfaces to any flow", "privilege": "AddFlowVpcInterfaces", "resource_types": [ { @@ -106508,7 +109360,7 @@ }, { "access_level": "Write", - "description": "Grants permission to create flows.", + "description": "Grants permission to create flows", "privilege": "CreateFlow", "resource_types": [ { @@ -106520,7 +109372,7 @@ }, { "access_level": "Write", - "description": "Grants permission to delete flows.", + "description": "Grants permission to delete flows", "privilege": "DeleteFlow", "resource_types": [ { @@ -106532,7 +109384,7 @@ }, { "access_level": "Read", - "description": "Grants permission to display the details of a flow including the flow ARN, name, and Availability Zone, as well as details about the source, outputs, and entitlements.", + "description": "Grants permission to display the details of a flow including the flow ARN, name, and Availability Zone, as well as details about the source, outputs, and entitlements", "privilege": "DescribeFlow", "resource_types": [ { @@ -106544,7 +109396,7 @@ }, { "access_level": "Read", - "description": "Grants permission to display the details of an offering.", + "description": "Grants permission to display the details of an offering", "privilege": "DescribeOffering", "resource_types": [ { @@ -106556,7 +109408,7 @@ }, { "access_level": "Read", - "description": "Grants permission to display the details of a reservation.", + "description": "Grants permission to display the details of a reservation", "privilege": "DescribeReservation", "resource_types": [ { @@ -106568,7 +109420,7 @@ }, { "access_level": "Write", - "description": "Grants permission to grant entitlements on any flow.", + "description": "Grants permission to grant entitlements on any flow", "privilege": "GrantFlowEntitlements", "resource_types": [ { @@ -106580,7 +109432,7 @@ }, { "access_level": "List", - "description": "Grants permission to display a list of all entitlements that have been granted to the account.", + "description": "Grants permission to display a list of all entitlements that have been granted to the account", "privilege": "ListEntitlements", "resource_types": [ { @@ -106592,7 +109444,7 @@ }, { "access_level": "List", - "description": "Grants permission to display a list of flows that are associated with this account.", + "description": "Grants permission to display a list of flows that are associated with this account", "privilege": "ListFlows", "resource_types": [ { @@ -106604,7 +109456,7 @@ }, { "access_level": "List", - "description": "Grants permission to display a list of all offerings that are available to the account in the current AWS Region.", + "description": "Grants permission to display a list of all offerings that are available to the account in the current AWS Region", "privilege": "ListOfferings", "resource_types": [ { @@ -106616,7 +109468,7 @@ }, { "access_level": "List", - "description": "Grants permission to display a list of all reservations that have been purchased by the account in the current AWS Region.", + "description": "Grants permission to display a list of all reservations that have been purchased by the account in the current AWS Region", "privilege": "ListReservations", "resource_types": [ { @@ -106628,7 +109480,7 @@ }, { "access_level": "Read", - "description": "Grants permission to display a list of all tags associated with a resource.", + "description": "Grants permission to display a list of all tags associated with a resource", "privilege": "ListTagsForResource", "resource_types": [ { @@ -106640,7 +109492,7 @@ }, { "access_level": "Write", - "description": "Grants permission to purchase an offering.", + "description": "Grants permission to purchase an offering", "privilege": "PurchaseOffering", "resource_types": [ { @@ -106652,7 +109504,19 @@ }, { "access_level": "Write", - "description": "Grants permission to remove outputs from any flow.", + "description": "Grants permission to remove media streams from any flow", + "privilege": "RemoveFlowMediaStream", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to remove outputs from any flow", "privilege": "RemoveFlowOutput", "resource_types": [ { @@ -106664,7 +109528,7 @@ }, { "access_level": "Write", - "description": "Grants permission to remove sources from any flow.", + "description": "Grants permission to remove sources from any flow", "privilege": "RemoveFlowSource", "resource_types": [ { @@ -106676,7 +109540,7 @@ }, { "access_level": "Write", - "description": "Grants permission to remove VPC interfaces from any flow.", + "description": "Grants permission to remove VPC interfaces from any flow", "privilege": "RemoveFlowVpcInterface", "resource_types": [ { @@ -106688,7 +109552,7 @@ }, { "access_level": "Write", - "description": "Grants permission to revoke entitlements on any flow.", + "description": "Grants permission to revoke entitlements on any flow", "privilege": "RevokeFlowEntitlement", "resource_types": [ { @@ -106700,7 +109564,7 @@ }, { "access_level": "Write", - "description": "Grants permission to start flows.", + "description": "Grants permission to start flows", "privilege": "StartFlow", "resource_types": [ { @@ -106712,7 +109576,7 @@ }, { "access_level": "Write", - "description": "Grants permission to stop flows.", + "description": "Grants permission to stop flows", "privilege": "StopFlow", "resource_types": [ { @@ -106724,7 +109588,7 @@ }, { "access_level": "Tagging", - "description": "Grants permission to associate tags with resources.", + "description": "Grants permission to associate tags with resources", "privilege": "TagResource", "resource_types": [ { @@ -106736,7 +109600,7 @@ }, { "access_level": "Tagging", - "description": "Grants permission to remove tags from resources.", + "description": "Grants permission to remove tags from resources", "privilege": "UntagResource", "resource_types": [ { @@ -106748,7 +109612,7 @@ }, { "access_level": "Write", - "description": "Grants permission to update flows.", + "description": "Grants permission to update flows", "privilege": "UpdateFlow", "resource_types": [ { @@ -106760,7 +109624,7 @@ }, { "access_level": "Write", - "description": "Grants permission to update entitlements on any flow.", + "description": "Grants permission to update entitlements on any flow", "privilege": "UpdateFlowEntitlement", "resource_types": [ { @@ -106772,7 +109636,19 @@ }, { "access_level": "Write", - "description": "Grants permission to update outputs on any flow.", + "description": "Grants permission to update media streams on any flow", + "privilege": "UpdateFlowMediaStream", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update outputs on any flow", "privilege": "UpdateFlowOutput", "resource_types": [ { @@ -106784,7 +109660,7 @@ }, { "access_level": "Write", - "description": "Grants permission to update the source of any flow.", + "description": "Grants permission to update the source of any flow", "privilege": "UpdateFlowSource", "resource_types": [ { @@ -107478,6 +110354,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "CreatePartnerInput", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Tagging", "description": "Grants permission to create tags for channels, inputs, input security groups, multiplexes, and reservations", @@ -109098,6 +111986,78 @@ ], "prefix": "mediatailor", "privileges": [ + { + "access_level": "Unknown", + "description": "", + "privilege": "CreateChannel", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "CreateProgram", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "CreateSourceLocation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "CreateVodSource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "DeleteChannel", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "DeleteChannelPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Deletes the playback configuration for the specified name", @@ -109110,6 +112070,114 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "DeleteProgram", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "DeleteSourceLocation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "DeleteVodSource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "DescribeChannel", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "DescribeProgram", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "DescribeSourceLocation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "DescribeVodSource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "GetChannelPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "GetChannelSchedule", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve the configuration for the specified name", @@ -109122,6 +112190,30 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "ListAlerts", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "ListChannels", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to retrieve the list of available configurations", @@ -109134,6 +112226,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "ListSourceLocations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Returns a list of the tags assigned to the specified playback configuration resource.", @@ -109146,6 +112250,30 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "ListVodSources", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "PutChannelPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to add a new configuration", @@ -109166,6 +112294,30 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "StartChannel", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "StopChannel", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Tagging", "description": "Adds tags to the specified playback configuration resource.", @@ -109195,6 +112347,42 @@ "resource_type": "" } ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "UpdateChannel", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "UpdateSourceLocation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "UpdateVodSource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] } ], "resources": [ @@ -114285,7 +117473,7 @@ { "condition_keys": [], "dependent_actions": [ - "ec2:CreateNetworkInterfacePermission", + "ec2:CreateNetworkInterface", "ec2:RunInstances" ], "resource_type": "studio*" @@ -117945,6 +121133,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "CreateDatasetExportJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a dataset group", @@ -118161,6 +121361,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "DescribeDatasetExportJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe a dataset group", @@ -118329,6 +121541,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "ListDatasetExportJobs", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list dataset groups", @@ -118473,6 +121697,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "StopSolutionVersionCreation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update a campaign", @@ -118566,6 +121802,18 @@ } ] }, + { + "access_level": "Read", + "description": "Retrieve the attributes of the specified dimension group.", + "privilege": "GetDimensionKeyDetails", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "metric-resource*" + } + ] + }, { "access_level": "Read", "description": "Retrieve PI metrics for a set of data sources, over a time period.", @@ -118931,6 +122179,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "GetMatches", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get a specific profile object type in the domain", @@ -119228,6 +122488,42 @@ ], "prefix": "proton", "privileges": [ + { + "access_level": "Unknown", + "description": "", + "privilege": "CancelEnvironmentDeployment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "CancelServiceInstanceDeployment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "CancelServicePipelineDeployment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create an environment", @@ -119452,6 +122748,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "DeleteEnvironmentTemplateVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a service", @@ -119500,6 +122808,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "DeleteServiceTemplateVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe the account role settings", @@ -119512,6 +122832,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "GetAccountSettings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe an environment", @@ -119560,6 +122892,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "GetEnvironmentTemplateVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe a service", @@ -119620,6 +122964,30 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "GetServiceTemplateVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "ListEnvironmentAccountConnections", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list environment template major versions", @@ -119644,6 +123012,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "ListEnvironmentTemplateVersions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list environment templates", @@ -119704,6 +123084,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "ListServiceTemplateVersions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list service templates", @@ -119913,6 +123305,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "UpdateAccountSettings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update an environment", @@ -119963,6 +123367,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "UpdateEnvironmentTemplateVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update a service", @@ -120034,6 +123450,18 @@ "resource_type": "service-template*" } ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "UpdateServiceTemplateVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] } ], "resources": [ @@ -120151,6 +123579,11 @@ "condition": "aws:TagKeys", "description": "Filters actions based on the presence of tag keys in the request", "type": "String" + }, + { + "condition": "qldb:Purge", + "description": "Filters access by the value of purge that is specified in a PartiQL DROP statement", + "type": "String" } ], "prefix": "qldb", @@ -120360,10 +123793,172 @@ "description": "Grants permission to list tags for a resource", "privilege": "ListTagsForResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "catalog" + }, { "condition_keys": [], "dependent_actions": [], "resource_type": "ledger" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "stream" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an index on a table", + "privilege": "PartiQLCreateIndex", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a table", + "privilege": "PartiQLCreateTable", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete documents from a table", + "privilege": "PartiQLDelete", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to drop an index from a table", + "privilege": "PartiQLDropIndex", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + }, + { + "condition_keys": [ + "qldb:Purge" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to drop a table", + "privilege": "PartiQLDropTable", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + }, + { + "condition_keys": [ + "qldb:Purge" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to use the history function on a table", + "privilege": "PartiQLHistoryFunction", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to insert documents into a table", + "privilege": "PartiQLInsert", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to select documents from a table", + "privilege": "PartiQLSelect", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "catalog" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to undrop a table", + "privilege": "PartiQLUndropTable", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update existing documents in a table", + "privilege": "PartiQLUpdate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" } ] }, @@ -120408,11 +124003,26 @@ "description": "Grants permission to add one or more tags to a resource", "privilege": "TagResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "catalog" + }, { "condition_keys": [], "dependent_actions": [], "resource_type": "ledger" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "stream" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -120425,16 +124035,32 @@ }, { "access_level": "Tagging", - "description": "Grants permission to remove one or more tags to a resource", + "description": "Grants permission to remove one or more tags from a resource", "privilege": "UntagResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "catalog" + }, { "condition_keys": [], "dependent_actions": [], "resource_type": "ledger" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "stream" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table" + }, { "condition_keys": [ + "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -120453,6 +124079,18 @@ "resource_type": "ledger*" } ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the permissions mode on a ledger", + "privilege": "UpdateLedgerPermissionsMode", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ledger*" + } + ] } ], "resources": [ @@ -120469,6 +124107,20 @@ "aws:ResourceTag/${TagKey}" ], "resource": "stream" + }, + { + "arn": "arn:${Partition}:qldb:${Region}:${Account}:ledger/${LedgerName}/table/${TableId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "table" + }, + { + "arn": "arn:${Partition}:qldb:${Region}:${Account}:ledger/${LedgerName}/information_schema/user_tables", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "catalog" } ], "service_name": "Amazon QLDB" @@ -125636,6 +129288,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "AddPartner", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Permissions management", "description": "Grants permission to add an inbound (ingress) rule to an Amazon Redshift security group", @@ -125653,6 +129317,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "AuthorizeEndpointAccess", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Permissions management", "description": "Grants permission to the specified AWS account to restore a snapshot", @@ -125856,6 +129532,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "CreateEndpointAccess", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create an Amazon Redshift event notification subscription", @@ -126155,6 +129843,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "DeleteEndpointAccess", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete an Amazon Redshift event notification subscription", @@ -126191,6 +129891,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "DeletePartner", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete saved SQL queries through the Amazon Redshift console", @@ -126477,6 +130189,30 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "DescribeEndpointAccess", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "DescribeEndpointAuthorization", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe event categories for all event source types, or for a specified source type", @@ -126573,6 +130309,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "DescribePartners", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe a query through the Amazon Redshift console", @@ -127087,6 +130835,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "ModifyEndpointAccess", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to modify an existing Amazon Redshift event notification subscription", @@ -127282,6 +131042,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "RevokeEndpointAccess", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Permissions management", "description": "Grants permission to revoke access from the specified AWS account to restore a snapshot", @@ -127306,6 +131078,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "UpdatePartnerStatus", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to view query results through the Amazon Redshift console", @@ -136611,6 +140395,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get a batch of records from one or more feature groups.", + "privilege": "BatchGetRecord", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "feature-group*" + } + ] + }, { "access_level": "Write", "description": "Publish metrics associated with a SageMaker Resource such as a Training Job. This API is not publicly exposed at this point, however admins can control this action", @@ -138053,7 +141849,7 @@ }, { "access_level": "Write", - "description": "Delete a record from a feature group.", + "description": "Grants permission to delete a record from a feature group.", "privilege": "DeleteRecord", "resource_types": [ { @@ -138997,7 +142793,7 @@ }, { "access_level": "Read", - "description": "Get a record from a feature group.", + "description": "Grants permission to get a record from a feature group.", "privilege": "GetRecord", "resource_types": [ { @@ -139897,7 +143693,7 @@ }, { "access_level": "Write", - "description": "Put a record to a feature group.", + "description": "Grants permission to put a record to a feature group.", "privilege": "PutRecord", "resource_types": [ { @@ -142621,6 +146417,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a security score and counts of finding and control statuses for a security standard", + "privilege": "GetControlFindingSummary", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "hub" + } + ] + }, { "access_level": "List", "description": "Grants permission to retrieve a list of the standards that are enabled in Security Hub", @@ -142765,6 +146573,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a list of controls for a standard, including the control IDs, statuses and finding counts", + "privilege": "ListControlEvaluationSummaries", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "hub" + } + ] + }, { "access_level": "List", "description": "Grants permission to retrieve the Security Hub integrated products that are currently enabled", @@ -145383,7 +149203,7 @@ "privileges": [ { "access_level": "Write", - "description": "Grants permission to create a configuration set", + "description": "Grants permission to create a new configuration set", "privilege": "CreateConfigurationSet", "resource_types": [ { @@ -145415,6 +149235,52 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a contact", + "privilege": "CreateContact", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-list*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a contact list", + "privilege": "CreateContactList", + "resource_types": [ + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a new custom verification email template", + "privilege": "CreateCustomVerificationEmailTemplate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "identity*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a new pool of dedicated IP addresses", @@ -145465,6 +149331,49 @@ } ] }, + { + "access_level": "Permissions management", + "description": "Grants permission to create the specified sending authorization policy for the given identity", + "privilege": "CreateEmailIdentityPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "identity*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an email template", + "privilege": "CreateEmailTemplate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to creates an import job for a data destination", + "privilege": "CreateImportJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete an existing configuration set", @@ -145503,6 +149412,56 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a contact from a contact list", + "privilege": "DeleteContact", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-list*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a contact list with all of its contacts", + "privilege": "DeleteContactList", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-list*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an existing custom verification email template", + "privilege": "DeleteCustomVerificationEmailTemplate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "custom-verification-email-template*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a dedicated IP pool", @@ -145524,7 +149483,7 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an email identity that you previously verified", + "description": "Grants permission to delete an email identity", "privilege": "DeleteEmailIdentity", "resource_types": [ { @@ -145541,9 +149500,52 @@ } ] }, + { + "access_level": "Permissions management", + "description": "Grants permission to delete the specified sending authorization policy for the given identity (an email address or a domain)", + "privilege": "DeleteEmailIdentityPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "identity*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an email template", + "privilege": "DeleteEmailTemplate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "template*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to remove an email address from the suppression list for your account", + "privilege": "DeleteSuppressedDestination", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", - "description": "Grants permission to get information about the email-sending status and capabilities", + "description": "Grants permission to get information about the email-sending status and capabilities for your account", "privilege": "GetAccount", "resource_types": [ { @@ -145555,7 +149557,7 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve a list of the deny lists on which your dedicated IP addresses appear", + "description": "Grants permission to retrieve a list of the deny lists on which your dedicated IP addresses or tracked domains appear", "privilege": "GetBlacklistReports", "resource_types": [ { @@ -145603,6 +149605,49 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to return a contact from a contact list", + "privilege": "GetContact", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-list*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return contact list metadata", + "privilege": "GetContactList", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-list*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return the custom email verification template for the template name you specify", + "privilege": "GetCustomVerificationEmailTemplate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "custom-verification-email-template*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get information about a dedicated IP address", @@ -145617,7 +149662,7 @@ }, { "access_level": "Read", - "description": "Grants permission to list the dedicated IP addresses that are associated with your account", + "description": "Grants permission to list the dedicated IP addresses a dedicated IP pool", "privilege": "GetDedicatedIps", "resource_types": [ { @@ -145698,7 +149743,7 @@ }, { "access_level": "Read", - "description": "Grants permission to get information about a specific identity associated with your account", + "description": "Grants permission to get information about a specific identity", "privilege": "GetEmailIdentity", "resource_types": [ { @@ -145715,9 +149760,64 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to return the requested sending authorization policies for the given identity (an email address or a domain)", + "privilege": "GetEmailIdentityPolicies", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "identity*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return the template object, which includes the subject line, HTML part, and text part for the template you specify", + "privilege": "GetEmailTemplate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "template*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to provide information about an import job", + "privilege": "GetImportJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "import-job*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about a specific email address that's on the suppression list for your account", + "privilege": "GetSuppressedDestination", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", - "description": "Grants permission to list all of the configuration sets associated with your account", + "description": "Grants permission to list all of the configuration sets for your account", "privilege": "ListConfigurationSets", "resource_types": [ { @@ -145729,7 +149829,43 @@ }, { "access_level": "List", - "description": "Grants permission to list all of the dedicated IP pools that exist in your account", + "description": "Grants permission to list all of the contact lists available for your account", + "privilege": "ListContactLists", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the contacts present in a specific contact list", + "privilege": "ListContacts", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-list*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all of the existing custom verification email templates for your account", + "privilege": "ListCustomVerificationEmailTemplates", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all of the dedicated IP pools for your account", "privilege": "ListDedicatedIpPools", "resource_types": [ { @@ -145741,7 +149877,7 @@ }, { "access_level": "List", - "description": "Grants permission to retrieve a list of the predictive inbox placement tests that you've performed, regardless of their statuses", + "description": "Grants permission to retrieve the list of the predictive inbox placement tests that you've performed, regardless of their statuses, for your account", "privilege": "ListDeliverabilityTestReports", "resource_types": [ { @@ -145753,7 +149889,7 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve deliverability data for all the campaigns that used a specific domain to send email during a specified time range", + "description": "Grants permission to list deliverability data for campaigns that used a specific domain to send email during a specified time range", "privilege": "ListDomainDeliverabilityCampaigns", "resource_types": [ { @@ -145765,7 +149901,7 @@ }, { "access_level": "List", - "description": "Grants permission to list all of the email identities that are associated with your account", + "description": "Grants permission to list the email identities for your account", "privilege": "ListEmailIdentities", "resource_types": [ { @@ -145775,9 +149911,45 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list all of the email templates for your account", + "privilege": "ListEmailTemplates", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all of the import jobs for your account", + "privilege": "ListImportJobs", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", - "description": "Grants permission to retrieve a list of the tags (keys and values) that are associated with a specific resource", + "description": "Grants permission to list email addresses that are on the suppression list for your account", + "privilege": "ListSuppressedDestinations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a list of the tags (keys and values) that are associated with a specific resource for your account", "privilege": "ListTagsForResource", "resource_types": [ { @@ -145785,6 +149957,11 @@ "dependent_actions": [], "resource_type": "configuration-set" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-list" + }, { "condition_keys": [], "dependent_actions": [], @@ -145816,7 +149993,19 @@ }, { "access_level": "Write", - "description": "Grants permission to enable or disable the ability of your account to send email", + "description": "Grants permission to update your account details", + "privilege": "PutAccountDetails", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to enable or disable the ability to send email for your account", "privilege": "PutAccountSendingAttributes", "resource_types": [ { @@ -145826,6 +150015,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to change the settings for the account-level suppression list", + "privilege": "PutAccountSuppressionAttributes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to associate a configuration set with a dedicated IP pool", @@ -145885,7 +150086,26 @@ }, { "access_level": "Write", - "description": "Grants permission to specify a custom domain to use for open and click tracking elements in email that you send using a particular configuration set", + "description": "Grants permission to specify the account suppression list preferences for a particular configuration set", + "privilege": "PutConfigurationSetSuppressionOptions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configuration-set*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to specify a custom domain to use for open and click tracking elements in email that you send for a particular configuration set", "privilege": "PutConfigurationSetTrackingOptions", "resource_types": [ { @@ -145923,7 +150143,7 @@ }, { "access_level": "Write", - "description": "Grants permission to enable dedicated IP warm up attributes", + "description": "Grants permission to put Dedicated IP warm up attributes", "privilege": "PutDedicatedIpWarmupAttributes", "resource_types": [ { @@ -145945,6 +150165,30 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to associate a configuration set with an email identity", + "privilege": "PutEmailIdentityConfigurationSetAttributes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "identity*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configuration-set" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to enable or disable DKIM authentication for an email identity", @@ -145966,7 +150210,26 @@ }, { "access_level": "Write", - "description": "Grants permission to enable or disable feedback forwarding for an identity", + "description": "Grants permission to configure or change the DKIM authentication settings for an email domain identity", + "privilege": "PutEmailIdentityDkimSigningAttributes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "identity*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to enable or disable feedback forwarding for an email identity", "privilege": "PutEmailIdentityFeedbackAttributes", "resource_types": [ { @@ -146002,6 +150265,42 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to add an email address to the suppression list", + "privilege": "PutSuppressedDestination", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to compose an email message to multiple destinations", + "privilege": "SendBulkEmail", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to add an email address to the list of identities and attempts to verify it", + "privilege": "SendCustomVerificationEmail", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "custom-verification-email-template*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to send an email message", @@ -146034,6 +150333,11 @@ "dependent_actions": [], "resource_type": "configuration-set" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-list" + }, { "condition_keys": [], "dependent_actions": [], @@ -146059,6 +150363,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a preview of the MIME content of an email when provided with a template and a set of replacement data", + "privilege": "TestRenderEmailTemplate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "template*" + } + ] + }, { "access_level": "Tagging", "description": "Grants permission to remove one or more tags (keys and values) from a specified resource", @@ -146069,6 +150385,11 @@ "dependent_actions": [], "resource_type": "configuration-set" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-list" + }, { "condition_keys": [], "dependent_actions": [], @@ -146111,6 +150432,87 @@ "resource_type": "" } ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a contact's preferences for a list", + "privilege": "UpdateContact", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-list*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update contact list metadata", + "privilege": "UpdateContactList", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-list*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update an existing custom verification email template", + "privilege": "UpdateCustomVerificationEmailTemplate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "custom-verification-email-template*" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to update the specified sending authorization policy for the given identity (an email address or a domain)", + "privilege": "UpdateEmailIdentityPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "identity*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update an email template", + "privilege": "UpdateEmailTemplate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "template*" + } + ] } ], "resources": [ @@ -146121,6 +150523,18 @@ ], "resource": "configuration-set" }, + { + "arn": "arn:${Partition}:ses:${Region}:${Account}:contact-list/${ContactListName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "contact-list" + }, + { + "arn": "arn:${Partition}:ses:${Region}:${Account}:custom-verification-email-template/${TemplateName}", + "condition_keys": [], + "resource": "custom-verification-email-template" + }, { "arn": "arn:${Partition}:ses:${Region}:${Account}:dedicated-ip-pool/${DedicatedIPPool}", "condition_keys": [ @@ -146141,9 +150555,19 @@ "aws:ResourceTag/${TagKey}" ], "resource": "identity" + }, + { + "arn": "arn:${Partition}:ses:${Region}:${Account}:import-job/${ImportJobId}", + "condition_keys": [], + "resource": "import-job" + }, + { + "arn": "arn:${Partition}:ses:${Region}:${Account}:template/${TemplateName}", + "condition_keys": [], + "resource": "template" } ], - "service_name": "Amazon Pinpoint Email Service" + "service_name": "Amazon Simple Email Service v2" }, { "conditions": [ @@ -147141,7 +151565,7 @@ "privileges": [ { "access_level": "Write", - "description": "Grants permission to create a new configuration set", + "description": "Grants permission to create a configuration set", "privilege": "CreateConfigurationSet", "resource_types": [ { @@ -147173,52 +151597,6 @@ } ] }, - { - "access_level": "Write", - "description": "Grants permission to create a contact", - "privilege": "CreateContact", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-list*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a contact list", - "privilege": "CreateContactList", - "resource_types": [ - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a new custom verification email template", - "privilege": "CreateCustomVerificationEmailTemplate", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "identity*" - } - ] - }, { "access_level": "Write", "description": "Grants permission to create a new pool of dedicated IP addresses", @@ -147269,49 +151647,6 @@ } ] }, - { - "access_level": "Permissions management", - "description": "Grants permission to create the specified sending authorization policy for the given identity", - "privilege": "CreateEmailIdentityPolicy", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "identity*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create an email template", - "privilege": "CreateEmailTemplate", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to creates an import job for a data destination", - "privilege": "CreateImportJob", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, { "access_level": "Write", "description": "Grants permission to delete an existing configuration set", @@ -147350,56 +151685,6 @@ } ] }, - { - "access_level": "Write", - "description": "Grants permission to delete a contact from a contact list", - "privilege": "DeleteContact", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-list*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a contact list with all of its contacts", - "privilege": "DeleteContactList", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-list*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete an existing custom verification email template", - "privilege": "DeleteCustomVerificationEmailTemplate", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "custom-verification-email-template*" - } - ] - }, { "access_level": "Write", "description": "Grants permission to delete a dedicated IP pool", @@ -147421,7 +151706,7 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an email identity", + "description": "Grants permission to delete an email identity that you previously verified", "privilege": "DeleteEmailIdentity", "resource_types": [ { @@ -147438,52 +151723,9 @@ } ] }, - { - "access_level": "Permissions management", - "description": "Grants permission to delete the specified sending authorization policy for the given identity (an email address or a domain)", - "privilege": "DeleteEmailIdentityPolicy", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "identity*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete an email template", - "privilege": "DeleteEmailTemplate", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "template*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to remove an email address from the suppression list for your account", - "privilege": "DeleteSuppressedDestination", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, { "access_level": "Read", - "description": "Grants permission to get information about the email-sending status and capabilities for your account", + "description": "Grants permission to get information about the email-sending status and capabilities", "privilege": "GetAccount", "resource_types": [ { @@ -147495,7 +151737,7 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve a list of the deny lists on which your dedicated IP addresses or tracked domains appear", + "description": "Grants permission to retrieve a list of the deny lists on which your dedicated IP addresses appear", "privilege": "GetBlacklistReports", "resource_types": [ { @@ -147543,49 +151785,6 @@ } ] }, - { - "access_level": "Read", - "description": "Grants permission to return a contact from a contact list", - "privilege": "GetContact", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-list*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to return contact list metadata", - "privilege": "GetContactList", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-list*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to return the custom email verification template for the template name you specify", - "privilege": "GetCustomVerificationEmailTemplate", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "custom-verification-email-template*" - } - ] - }, { "access_level": "Read", "description": "Grants permission to get information about a dedicated IP address", @@ -147600,7 +151799,7 @@ }, { "access_level": "Read", - "description": "Grants permission to list the dedicated IP addresses a dedicated IP pool", + "description": "Grants permission to list the dedicated IP addresses that are associated with your account", "privilege": "GetDedicatedIps", "resource_types": [ { @@ -147681,7 +151880,7 @@ }, { "access_level": "Read", - "description": "Grants permission to get information about a specific identity", + "description": "Grants permission to get information about a specific identity associated with your account", "privilege": "GetEmailIdentity", "resource_types": [ { @@ -147698,64 +151897,9 @@ } ] }, - { - "access_level": "Read", - "description": "Grants permission to return the requested sending authorization policies for the given identity (an email address or a domain)", - "privilege": "GetEmailIdentityPolicies", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "identity*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to return the template object, which includes the subject line, HTML part, and text part for the template you specify", - "privilege": "GetEmailTemplate", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "template*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to provide information about an import job", - "privilege": "GetImportJob", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "import-job*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve information about a specific email address that's on the suppression list for your account", - "privilege": "GetSuppressedDestination", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, { "access_level": "List", - "description": "Grants permission to list all of the configuration sets for your account", + "description": "Grants permission to list all of the configuration sets associated with your account", "privilege": "ListConfigurationSets", "resource_types": [ { @@ -147767,43 +151911,7 @@ }, { "access_level": "List", - "description": "Grants permission to list all of the contact lists available for your account", - "privilege": "ListContactLists", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list the contacts present in a specific contact list", - "privilege": "ListContacts", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-list*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list all of the existing custom verification email templates for your account", - "privilege": "ListCustomVerificationEmailTemplates", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list all of the dedicated IP pools for your account", + "description": "Grants permission to list all of the dedicated IP pools that exist in your account", "privilege": "ListDedicatedIpPools", "resource_types": [ { @@ -147815,7 +151923,7 @@ }, { "access_level": "List", - "description": "Grants permission to retrieve the list of the predictive inbox placement tests that you've performed, regardless of their statuses, for your account", + "description": "Grants permission to retrieve a list of the predictive inbox placement tests that you've performed, regardless of their statuses", "privilege": "ListDeliverabilityTestReports", "resource_types": [ { @@ -147827,7 +151935,7 @@ }, { "access_level": "Read", - "description": "Grants permission to list deliverability data for campaigns that used a specific domain to send email during a specified time range", + "description": "Grants permission to retrieve deliverability data for all the campaigns that used a specific domain to send email during a specified time range", "privilege": "ListDomainDeliverabilityCampaigns", "resource_types": [ { @@ -147839,7 +151947,7 @@ }, { "access_level": "List", - "description": "Grants permission to list the email identities for your account", + "description": "Grants permission to list all of the email identities that are associated with your account", "privilege": "ListEmailIdentities", "resource_types": [ { @@ -147849,45 +151957,9 @@ } ] }, - { - "access_level": "List", - "description": "Grants permission to list all of the email templates for your account", - "privilege": "ListEmailTemplates", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list all of the import jobs for your account", - "privilege": "ListImportJobs", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, { "access_level": "Read", - "description": "Grants permission to list email addresses that are on the suppression list for your account", - "privilege": "ListSuppressedDestinations", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve a list of the tags (keys and values) that are associated with a specific resource for your account", + "description": "Grants permission to retrieve a list of the tags (keys and values) that are associated with a specific resource", "privilege": "ListTagsForResource", "resource_types": [ { @@ -147895,11 +151967,6 @@ "dependent_actions": [], "resource_type": "configuration-set" }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-list" - }, { "condition_keys": [], "dependent_actions": [], @@ -147931,19 +151998,7 @@ }, { "access_level": "Write", - "description": "Grants permission to update your account details", - "privilege": "PutAccountDetails", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to enable or disable the ability to send email for your account", + "description": "Grants permission to enable or disable the ability of your account to send email", "privilege": "PutAccountSendingAttributes", "resource_types": [ { @@ -147953,18 +152008,6 @@ } ] }, - { - "access_level": "Write", - "description": "Grants permission to change the settings for the account-level suppression list", - "privilege": "PutAccountSuppressionAttributes", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, { "access_level": "Write", "description": "Grants permission to associate a configuration set with a dedicated IP pool", @@ -148024,26 +152067,7 @@ }, { "access_level": "Write", - "description": "Grants permission to specify the account suppression list preferences for a particular configuration set", - "privilege": "PutConfigurationSetSuppressionOptions", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "configuration-set*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to specify a custom domain to use for open and click tracking elements in email that you send for a particular configuration set", + "description": "Grants permission to specify a custom domain to use for open and click tracking elements in email that you send using a particular configuration set", "privilege": "PutConfigurationSetTrackingOptions", "resource_types": [ { @@ -148081,7 +152105,7 @@ }, { "access_level": "Write", - "description": "Grants permission to put Dedicated IP warm up attributes", + "description": "Grants permission to enable dedicated IP warm up attributes", "privilege": "PutDedicatedIpWarmupAttributes", "resource_types": [ { @@ -148103,30 +152127,6 @@ } ] }, - { - "access_level": "Write", - "description": "Grants permission to associate a configuration set with an email identity", - "privilege": "PutEmailIdentityConfigurationSetAttributes", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "identity*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "configuration-set" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, { "access_level": "Write", "description": "Grants permission to enable or disable DKIM authentication for an email identity", @@ -148148,26 +152148,7 @@ }, { "access_level": "Write", - "description": "Grants permission to configure or change the DKIM authentication settings for an email domain identity", - "privilege": "PutEmailIdentityDkimSigningAttributes", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "identity*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to enable or disable feedback forwarding for an email identity", + "description": "Grants permission to enable or disable feedback forwarding for an identity", "privilege": "PutEmailIdentityFeedbackAttributes", "resource_types": [ { @@ -148203,42 +152184,6 @@ } ] }, - { - "access_level": "Write", - "description": "Grants permission to add an email address to the suppression list", - "privilege": "PutSuppressedDestination", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to compose an email message to multiple destinations", - "privilege": "SendBulkEmail", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to add an email address to the list of identities and attempts to verify it", - "privilege": "SendCustomVerificationEmail", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "custom-verification-email-template*" - } - ] - }, { "access_level": "Write", "description": "Grants permission to send an email message", @@ -148271,11 +152216,6 @@ "dependent_actions": [], "resource_type": "configuration-set" }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-list" - }, { "condition_keys": [], "dependent_actions": [], @@ -148301,18 +152241,6 @@ } ] }, - { - "access_level": "Write", - "description": "Grants permission to create a preview of the MIME content of an email when provided with a template and a set of replacement data", - "privilege": "TestRenderEmailTemplate", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "template*" - } - ] - }, { "access_level": "Tagging", "description": "Grants permission to remove one or more tags (keys and values) from a specified resource", @@ -148323,11 +152251,6 @@ "dependent_actions": [], "resource_type": "configuration-set" }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-list" - }, { "condition_keys": [], "dependent_actions": [], @@ -148370,87 +152293,6 @@ "resource_type": "" } ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a contact's preferences for a list", - "privilege": "UpdateContact", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-list*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update contact list metadata", - "privilege": "UpdateContactList", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-list*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update an existing custom verification email template", - "privilege": "UpdateCustomVerificationEmailTemplate", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "custom-verification-email-template*" - } - ] - }, - { - "access_level": "Permissions management", - "description": "Grants permission to update the specified sending authorization policy for the given identity (an email address or a domain)", - "privilege": "UpdateEmailIdentityPolicy", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "identity*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update an email template", - "privilege": "UpdateEmailTemplate", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "template*" - } - ] } ], "resources": [ @@ -148461,18 +152303,6 @@ ], "resource": "configuration-set" }, - { - "arn": "arn:${Partition}:ses:${Region}:${Account}:contact-list/${ContactListName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "contact-list" - }, - { - "arn": "arn:${Partition}:ses:${Region}:${Account}:custom-verification-email-template/${TemplateName}", - "condition_keys": [], - "resource": "custom-verification-email-template" - }, { "arn": "arn:${Partition}:ses:${Region}:${Account}:dedicated-ip-pool/${DedicatedIPPool}", "condition_keys": [ @@ -148493,19 +152323,9 @@ "aws:ResourceTag/${TagKey}" ], "resource": "identity" - }, - { - "arn": "arn:${Partition}:ses:${Region}:${Account}:import-job/${ImportJobId}", - "condition_keys": [], - "resource": "import-job" - }, - { - "arn": "arn:${Partition}:ses:${Region}:${Account}:template/${TemplateName}", - "condition_keys": [], - "resource": "template" } ], - "service_name": "Amazon Simple Email Service v2" + "service_name": "Amazon Pinpoint Email Service" }, { "conditions": [ @@ -149984,6 +153804,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "CreateLongTermPricing", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Creates a shipping label that will be used to return the Snow device to AWS.", @@ -150152,6 +153984,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "ListLongTermPricing", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "While a cluster's ClusterState value is in the AwaitingQuorum state, you can update some of the information associated with a cluster.", @@ -150187,6 +154031,18 @@ "resource_type": "" } ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "UpdateLongTermPricing", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] } ], "resources": [], @@ -150196,22 +154052,22 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Tags from request", + "description": "Filters access baded on tags from request", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Tag keys from request", + "description": "Filters access baded on tag keys from request", "type": "String" }, { "condition": "sns:Endpoint", - "description": "The URL, email address, or ARN from a Subscribe request or a previously confirmed subscription.", + "description": "Filters access based on the URL, email address, or ARN from a Subscribe request or a previously confirmed subscription", "type": "String" }, { "condition": "sns:Protocol", - "description": "The protocol value from a Subscribe request or a previously confirmed subscription.", + "description": "Filters access based on the protocol value from a Subscribe request or a previously confirmed subscription", "type": "String" } ], @@ -150219,7 +154075,7 @@ "privileges": [ { "access_level": "Permissions management", - "description": "Adds a statement to a topic's access control policy, granting access for the specified AWS accounts to the specified actions.", + "description": "Grants permission to add a statement to a topic's access control policy, granting access for the specified AWS accounts to the specified actions", "privilege": "AddPermission", "resource_types": [ { @@ -150231,7 +154087,7 @@ }, { "access_level": "Read", - "description": "Accepts a phone number and indicates whether the phone holder has opted out of receiving SMS messages from your account.", + "description": "Grants permission to accept a phone number and indicate whether the phone holder has opted out of receiving SMS messages from your account", "privilege": "CheckIfPhoneNumberIsOptedOut", "resource_types": [ { @@ -150243,7 +154099,7 @@ }, { "access_level": "Write", - "description": "Verifies an endpoint owner's intent to receive messages by validating the token sent to the endpoint by an earlier Subscribe action.", + "description": "Grants permission to verify an endpoint owner's intent to receive messages by validating the token sent to the endpoint by an earlier Subscribe action", "privilege": "ConfirmSubscription", "resource_types": [ { @@ -150255,7 +154111,7 @@ }, { "access_level": "Write", - "description": "Creates a platform application object for one of the supported push notification services, such as APNS and GCM, to which devices and mobile apps may register.", + "description": "Grants permission to create a platform application object for one of the supported push notification services, such as APNS and GCM, to which devices and mobile apps may register", "privilege": "CreatePlatformApplication", "resource_types": [ { @@ -150269,7 +154125,7 @@ }, { "access_level": "Write", - "description": "Creates an endpoint for a device and mobile app on one of the supported push notification services, such as GCM and APNS.", + "description": "Grants permission to create an endpoint for a device and mobile app on one of the supported push notification services, such as GCM and APNS", "privilege": "CreatePlatformEndpoint", "resource_types": [ { @@ -150281,7 +154137,19 @@ }, { "access_level": "Write", - "description": "Creates a topic to which notifications can be published.", + "description": "Grants permission to add a destination phone number and send a one-time password (OTP) to that phone number for an AWS account", + "privilege": "CreateSMSSandboxPhoneNumber", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a topic to which notifications can be published", "privilege": "CreateTopic", "resource_types": [ { @@ -150295,7 +154163,7 @@ }, { "access_level": "Write", - "description": "Deletes the endpoint for a device and mobile app from Amazon SNS.", + "description": "Grants permission to delete the endpoint for a device and mobile app from Amazon SNS", "privilege": "DeleteEndpoint", "resource_types": [ { @@ -150307,7 +154175,7 @@ }, { "access_level": "Write", - "description": "Deletes a platform application object for one of the supported push notification services, such as APNS and GCM.", + "description": "Grants permission to delete a platform application object for one of the supported push notification services, such as APNS and GCM", "privilege": "DeletePlatformApplication", "resource_types": [ { @@ -150319,7 +154187,19 @@ }, { "access_level": "Write", - "description": "Deletes a topic and all its subscriptions.", + "description": "Grants permission to delete an AWS account's verified or pending phone number", + "privilege": "DeleteSMSSandboxPhoneNumber", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a topic and all its subscriptions", "privilege": "DeleteTopic", "resource_types": [ { @@ -150331,7 +154211,7 @@ }, { "access_level": "Read", - "description": "Retrieves the endpoint attributes for a device on one of the supported push notification services, such as GCM and APNS.", + "description": "Grants permission to retrieve the endpoint attributes for a device on one of the supported push notification services, such as GCM and APNS", "privilege": "GetEndpointAttributes", "resource_types": [ { @@ -150343,7 +154223,7 @@ }, { "access_level": "Read", - "description": "Retrieves the attributes of the platform application object for the supported push notification services, such as APNS and GCM.", + "description": "Grants permission to retrieve the attributes of the platform application object for the supported push notification services, such as APNS and GCM", "privilege": "GetPlatformApplicationAttributes", "resource_types": [ { @@ -150355,7 +154235,7 @@ }, { "access_level": "Read", - "description": "Returns the settings for sending SMS messages from your account.", + "description": "Grants permission to return the settings for sending SMS messages from your account", "privilege": "GetSMSAttributes", "resource_types": [ { @@ -150367,7 +154247,19 @@ }, { "access_level": "Read", - "description": "Returns all of the properties of a subscription.", + "description": "Grants permission to retrieve the sandbox status for the calling account in the target region", + "privilege": "GetSMSSandboxAccountStatus", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return all of the properties of a subscription", "privilege": "GetSubscriptionAttributes", "resource_types": [ { @@ -150379,7 +154271,7 @@ }, { "access_level": "Read", - "description": "Returns all of the properties of a topic. Topic properties returned might differ based on the authorization of the user.", + "description": "Grants permission to return all of the properties of a topic", "privilege": "GetTopicAttributes", "resource_types": [ { @@ -150391,7 +154283,7 @@ }, { "access_level": "List", - "description": "Lists the endpoints and endpoint attributes for devices in a supported push notification service, such as GCM and APNS.", + "description": "Grants permission to list the endpoints and endpoint attributes for devices in a supported push notification service, such as GCM and APNS", "privilege": "ListEndpointsByPlatformApplication", "resource_types": [ { @@ -150401,9 +154293,21 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list all origination numbers, and their metadata", + "privilege": "ListOriginationNumbers", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", - "description": "Returns a list of phone numbers that are opted out, meaning you cannot send SMS messages to them.", + "description": "Grants permission to return a list of phone numbers that are opted out, meaning you cannot send SMS messages to them", "privilege": "ListPhoneNumbersOptedOut", "resource_types": [ { @@ -150415,7 +154319,7 @@ }, { "access_level": "List", - "description": "Lists the platform application objects for the supported push notification services, such as APNS and GCM.", + "description": "Grants permission to list the platform application objects for the supported push notification services, such as APNS and GCM", "privilege": "ListPlatformApplications", "resource_types": [ { @@ -150427,7 +154331,19 @@ }, { "access_level": "List", - "description": "Returns a list of the requester's subscriptions.", + "description": "Grants permission to list the calling account's current pending and verified destination phone numbers", + "privilege": "ListSMSSandboxPhoneNumbers", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to return a list of the requester's subscriptions", "privilege": "ListSubscriptions", "resource_types": [ { @@ -150439,7 +154355,7 @@ }, { "access_level": "List", - "description": "Returns a list of the subscriptions to a specific topic.", + "description": "Grants permission to return a list of the subscriptions to a specific topic", "privilege": "ListSubscriptionsByTopic", "resource_types": [ { @@ -150451,7 +154367,7 @@ }, { "access_level": "Read", - "description": "List all tags added to the specified Amazon SNS topic.", + "description": "Grants permission to list all tags added to the specified Amazon SNS topic", "privilege": "ListTagsForResource", "resource_types": [ { @@ -150463,7 +154379,7 @@ }, { "access_level": "List", - "description": "Returns a list of the requester's topics. Each call returns a limited list of topics, up to 100.", + "description": "Grants permission to return a list of the requester's topics", "privilege": "ListTopics", "resource_types": [ { @@ -150475,7 +154391,7 @@ }, { "access_level": "Write", - "description": "Opts in a phone number that is currently opted out, which enables you to resume sending SMS messages to the number.", + "description": "Grants permission to opt in a phone number that is currently opted out, which enables you to resume sending SMS messages to the number", "privilege": "OptInPhoneNumber", "resource_types": [ { @@ -150487,7 +154403,7 @@ }, { "access_level": "Write", - "description": "Sends a message to all of a topic's subscribed endpoints.", + "description": "Grants permission to send a message to all of a topic's subscribed endpoints", "privilege": "Publish", "resource_types": [ { @@ -150499,7 +154415,7 @@ }, { "access_level": "Permissions management", - "description": "Removes a statement from a topic's access control policy.", + "description": "Grants permission to remove a statement from a topic's access control policy", "privilege": "RemovePermission", "resource_types": [ { @@ -150511,7 +154427,7 @@ }, { "access_level": "Write", - "description": "Sets the attributes for an endpoint for a device on one of the supported push notification services, such as GCM and APNS.", + "description": "Grants permission to set the attributes for an endpoint for a device on one of the supported push notification services, such as GCM and APNS", "privilege": "SetEndpointAttributes", "resource_types": [ { @@ -150523,7 +154439,7 @@ }, { "access_level": "Write", - "description": "Sets the attributes of the platform application object for the supported push notification services, such as APNS and GCM.", + "description": "Grants permission to set the attributes of the platform application object for the supported push notification services, such as APNS and GCM", "privilege": "SetPlatformApplicationAttributes", "resource_types": [ { @@ -150537,7 +154453,7 @@ }, { "access_level": "Write", - "description": "Set the default settings for sending SMS messages and receiving daily SMS usage reports.", + "description": "Grants permission to set the default settings for sending SMS messages and receiving daily SMS usage reports", "privilege": "SetSMSAttributes", "resource_types": [ { @@ -150549,7 +154465,7 @@ }, { "access_level": "Write", - "description": "Allows a subscription owner to set an attribute of the topic to a new value.", + "description": "Grants permission to allow a subscription owner to set an attribute of the topic to a new value", "privilege": "SetSubscriptionAttributes", "resource_types": [ { @@ -150561,7 +154477,7 @@ }, { "access_level": "Write", - "description": "Allows a topic owner to set an attribute of the topic to a new value.", + "description": "Grants permission to allow a topic owner to set an attribute of the topic to a new value", "privilege": "SetTopicAttributes", "resource_types": [ { @@ -150575,7 +154491,7 @@ }, { "access_level": "Write", - "description": "Prepares to subscribe an endpoint by sending the endpoint a confirmation message.", + "description": "Grants permission to prepare to subscribe an endpoint by sending the endpoint a confirmation message", "privilege": "Subscribe", "resource_types": [ { @@ -150595,7 +154511,7 @@ }, { "access_level": "Tagging", - "description": "Add tags to the specified Amazon SNS topic.", + "description": "Grants permission to add tags to the specified Amazon SNS topic", "privilege": "TagResource", "resource_types": [ { @@ -150615,7 +154531,7 @@ }, { "access_level": "Write", - "description": "Deletes a subscription. If the subscription requires authentication for deletion, only the owner of the subscription or the topic's owner can unsubscribe, and an AWS signature is required.", + "description": "Grants permission to delete a subscription", "privilege": "Unsubscribe", "resource_types": [ { @@ -150627,7 +154543,7 @@ }, { "access_level": "Tagging", - "description": "Remove tags from the specified Amazon SNS topic.", + "description": "Grants permission to remove tags from the specified Amazon SNS topic", "privilege": "UntagResource", "resource_types": [ { @@ -150644,6 +154560,18 @@ "resource_type": "" } ] + }, + { + "access_level": "Write", + "description": "Grants permission to verify a destination phone number with a one-time password (OTP) for an AWS account", + "privilege": "VerifySMSSandboxPhoneNumber", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] } ], "resources": [ @@ -150984,6 +154912,11 @@ "dependent_actions": [], "resource_type": "managed-instance" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "opsitem" + }, { "condition_keys": [], "dependent_actions": [], @@ -151009,7 +154942,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "opsitem*" } ] }, @@ -151136,7 +155069,10 @@ "privilege": "CreateOpsItem", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -151822,7 +155758,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "opsitem*" } ] }, @@ -152014,7 +155950,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "opsitem*" } ] }, @@ -152357,6 +156293,11 @@ "dependent_actions": [], "resource_type": "managed-instance" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "opsitem" + }, { "condition_keys": [], "dependent_actions": [], @@ -152515,6 +156456,11 @@ "dependent_actions": [], "resource_type": "managed-instance" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "opsitem" + }, { "condition_keys": [], "dependent_actions": [], @@ -152868,7 +156814,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "opsitem*" } ] }, @@ -152988,7 +156934,9 @@ }, { "arn": "arn:${Partition}:ssm:${Region}:${Account}:opsitem/${ResourceId}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "opsitem" }, { @@ -153213,6 +157161,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "GetContactPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list all of a contact's contact channels", @@ -153285,6 +157245,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to add a resource policy to a contact", @@ -153333,6 +157305,30 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update a contact", @@ -153407,7 +157403,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "iam:CreateServiceLinkedRole" + ], "resource_type": "" } ] @@ -160295,6 +164293,18 @@ ], "prefix": "transfer", "privileges": [ + { + "access_level": "Unknown", + "description": "", + "privilege": "CreateAccess", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a server", @@ -160334,6 +164344,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "DeleteAccess", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a server", @@ -160370,6 +164392,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "DescribeAccess", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe a security policy", @@ -160418,6 +164452,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "ListAccesses", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list security policies", @@ -160556,6 +164602,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "UpdateAccess", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update the configuration of a server", @@ -161054,7 +165112,7 @@ }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on tag-value assoicated with the resource", + "description": "Filters actions based on tag-value associated with the resource", "type": "String" }, { @@ -161067,7 +165125,7 @@ "privileges": [ { "access_level": "Write", - "description": "Creates a ByteMatchSet.", + "description": "Grants permission to create a ByteMatchSet", "privilege": "CreateByteMatchSet", "resource_types": [ { @@ -161079,7 +165137,7 @@ }, { "access_level": "Write", - "description": "Creates a GeoMatchSet, which you use to specify which web requests you want to allow or block based on the country that the requests originate from.", + "description": "Grants permission to create a GeoMatchSet", "privilege": "CreateGeoMatchSet", "resource_types": [ { @@ -161091,7 +165149,7 @@ }, { "access_level": "Write", - "description": "Creates an IPSet, which you use to specify which web requests you want to allow or block based on the IP addresses that the requests originate from.", + "description": "Grants permission to create an IPSet", "privilege": "CreateIPSet", "resource_types": [ { @@ -161103,7 +165161,7 @@ }, { "access_level": "Write", - "description": "Creates a RateBasedRule, which contains a RateLimit specifying the maximum number of requests that AWS WAF allows from a specified IP address in a five-minute period.", + "description": "Grants permission to create a RateBasedRule for limiting the volume of requests from a single IP address", "privilege": "CreateRateBasedRule", "resource_types": [ { @@ -161123,7 +165181,7 @@ }, { "access_level": "Write", - "description": "Creates a RegexMatchSet, which you use to specify which web requests you want to allow or block based on the regex patterns you specified in a RegexPatternSet.", + "description": "Grants permission to create a RegexMatchSet", "privilege": "CreateRegexMatchSet", "resource_types": [ { @@ -161135,7 +165193,7 @@ }, { "access_level": "Write", - "description": "Creates a RegexPatternSet, which you use to specify the regular expression (regex) pattern that you want AWS WAF to search for.", + "description": "Grants permission to create a RegexPatternSet", "privilege": "CreateRegexPatternSet", "resource_types": [ { @@ -161147,7 +165205,7 @@ }, { "access_level": "Write", - "description": "Creates a Rule, which contains the IPSet objects, ByteMatchSet objects, and other predicates that identify the requests that you want to block.", + "description": "Grants permission to create a Rule for filtering web requests", "privilege": "CreateRule", "resource_types": [ { @@ -161167,7 +165225,7 @@ }, { "access_level": "Write", - "description": "Creates a RuleGroup. A rule group is a collection of predefined rules that you add to a WebACL.", + "description": "Grants permission to create a RuleGroup, which is a collection of predefined rules that you can use in a WebACL", "privilege": "CreateRuleGroup", "resource_types": [ { @@ -161187,7 +165245,7 @@ }, { "access_level": "Write", - "description": "Creates a SizeConstraintSet, which you use to identify the part of a web request that you want to check for length.", + "description": "Grants permission to create a SizeConstraintSet", "privilege": "CreateSizeConstraintSet", "resource_types": [ { @@ -161199,7 +165257,7 @@ }, { "access_level": "Write", - "description": "Creates a SqlInjectionMatchSet, which you use to allow, block, or count requests that contain snippets of SQL code in a specified part of web requests.", + "description": "Grants permission to create an SqlInjectionMatchSet", "privilege": "CreateSqlInjectionMatchSet", "resource_types": [ { @@ -161211,7 +165269,7 @@ }, { "access_level": "Permissions management", - "description": "Creates a WebACL, which contains the Rules that identify the CloudFront web requests that you want to allow, block, or count.", + "description": "Grants permission to create a WebACL, which contains rules for filtering web requests", "privilege": "CreateWebACL", "resource_types": [ { @@ -161231,7 +165289,7 @@ }, { "access_level": "Write", - "description": "Create and store a CloudFormation tempalte that creates an equivalent WAF v2 WebACL from the given WAF Classic WebACL in the given S3 bucket.", + "description": "Grants permission to create a CloudFormation web ACL template in an S3 bucket for the purposes of migrating the web ACL from AWS WAF Classic to AWS WAF v2", "privilege": "CreateWebACLMigrationStack", "resource_types": [ { @@ -161245,7 +165303,7 @@ }, { "access_level": "Write", - "description": "Creates an XssMatchSet, which you use to allow, block, or count requests that contain cross-site scripting attacks in the specified part of web requests.", + "description": "Grants permission to create an XssMatchSet, which you use to detect requests that contain cross-site scripting attacks", "privilege": "CreateXssMatchSet", "resource_types": [ { @@ -161257,7 +165315,7 @@ }, { "access_level": "Write", - "description": "Permanently deletes a ByteMatchSet.", + "description": "Grants permission to delete a ByteMatchSet", "privilege": "DeleteByteMatchSet", "resource_types": [ { @@ -161269,7 +165327,7 @@ }, { "access_level": "Write", - "description": "Permanently deletes an GeoMatchSet.", + "description": "Grants permission to delete a GeoMatchSet", "privilege": "DeleteGeoMatchSet", "resource_types": [ { @@ -161281,7 +165339,7 @@ }, { "access_level": "Write", - "description": "Permanently deletes an IPSet.", + "description": "Grants permission to delete an IPSet", "privilege": "DeleteIPSet", "resource_types": [ { @@ -161293,7 +165351,7 @@ }, { "access_level": "Write", - "description": "Permanently deletes the LoggingConfiguration from the specified web ACL.", + "description": "Grants permission to delete the LoggingConfiguration from a web ACL", "privilege": "DeleteLoggingConfiguration", "resource_types": [ { @@ -161305,7 +165363,7 @@ }, { "access_level": "Permissions management", - "description": "Permanently deletes an IAM policy from the specified RuleGroup.", + "description": "Grants permission to delete an IAM policy from a rule group", "privilege": "DeletePermissionPolicy", "resource_types": [ { @@ -161317,7 +165375,7 @@ }, { "access_level": "Write", - "description": "Permanently deletes a RateBasedRule.", + "description": "Grants permission to delete a RateBasedRule", "privilege": "DeleteRateBasedRule", "resource_types": [ { @@ -161329,7 +165387,7 @@ }, { "access_level": "Write", - "description": "Permanently deletes an RegexMatchSet.", + "description": "Grants permission to delete a RegexMatchSet", "privilege": "DeleteRegexMatchSet", "resource_types": [ { @@ -161341,7 +165399,7 @@ }, { "access_level": "Write", - "description": "Permanently deletes an RegexPatternSet.", + "description": "Grants permission to delete a RegexPatternSet", "privilege": "DeleteRegexPatternSet", "resource_types": [ { @@ -161353,7 +165411,7 @@ }, { "access_level": "Write", - "description": "Permanently deletes a Rule.", + "description": "Grants permission to delete a Rule", "privilege": "DeleteRule", "resource_types": [ { @@ -161365,7 +165423,7 @@ }, { "access_level": "Write", - "description": "Permanently deletes a RuleGroup.", + "description": "Grants permission to delete a RuleGroup", "privilege": "DeleteRuleGroup", "resource_types": [ { @@ -161377,7 +165435,7 @@ }, { "access_level": "Write", - "description": "Permanently deletes a SizeConstraintSet.", + "description": "Grants permission to delete a SizeConstraintSet", "privilege": "DeleteSizeConstraintSet", "resource_types": [ { @@ -161389,7 +165447,7 @@ }, { "access_level": "Write", - "description": "Permanently deletes a SqlInjectionMatchSet.", + "description": "Grants permission to delete an SqlInjectionMatchSet", "privilege": "DeleteSqlInjectionMatchSet", "resource_types": [ { @@ -161401,7 +165459,7 @@ }, { "access_level": "Permissions management", - "description": "Permanently deletes a WebACL.", + "description": "Grants permission to delete a WebACL", "privilege": "DeleteWebACL", "resource_types": [ { @@ -161413,7 +165471,7 @@ }, { "access_level": "Write", - "description": "Permanently deletes an XssMatchSet.", + "description": "Grants permission to delete an XssMatchSet", "privilege": "DeleteXssMatchSet", "resource_types": [ { @@ -161425,7 +165483,7 @@ }, { "access_level": "Read", - "description": "Returns the ByteMatchSet specified by ByteMatchSetId.", + "description": "Grants permission to retrieve a ByteMatchSet", "privilege": "GetByteMatchSet", "resource_types": [ { @@ -161437,7 +165495,7 @@ }, { "access_level": "Read", - "description": "When you want to create, update, or delete AWS WAF objects, get a change token and include the change token in the create, update, or delete request.", + "description": "Grants permission to retrieve a change token to use in create, update, and delete requests", "privilege": "GetChangeToken", "resource_types": [ { @@ -161449,7 +165507,7 @@ }, { "access_level": "Read", - "description": "Returns the status of a ChangeToken that you got by calling GetChangeToken.", + "description": "Grants permission to retrieve the status of a change token", "privilege": "GetChangeTokenStatus", "resource_types": [ { @@ -161461,7 +165519,7 @@ }, { "access_level": "Read", - "description": "Returns the GeoMatchSet specified by GeoMatchSetId.", + "description": "Grants permission to retrieve a GeoMatchSet", "privilege": "GetGeoMatchSet", "resource_types": [ { @@ -161473,7 +165531,7 @@ }, { "access_level": "Read", - "description": "Returns the IPSet that is specified by IPSetId.", + "description": "Grants permission to retrieve an IPSet", "privilege": "GetIPSet", "resource_types": [ { @@ -161485,7 +165543,7 @@ }, { "access_level": "Read", - "description": "Returns the LoggingConfiguration for the specified web ACL.", + "description": "Grants permission to retrieve a LoggingConfiguration for a web ACL", "privilege": "GetLoggingConfiguration", "resource_types": [ { @@ -161497,7 +165555,7 @@ }, { "access_level": "Read", - "description": "Returns the IAM policy attached to the RuleGroup.", + "description": "Grants permission to retrieve an IAM policy for a rule group", "privilege": "GetPermissionPolicy", "resource_types": [ { @@ -161509,7 +165567,7 @@ }, { "access_level": "Read", - "description": "Returns the RateBasedRule that is specified by the RuleId that you included in the GetRateBasedRule request.", + "description": "Grants permission to retrieve a RateBasedRule", "privilege": "GetRateBasedRule", "resource_types": [ { @@ -161521,7 +165579,7 @@ }, { "access_level": "Read", - "description": "Returns an array of IP addresses currently being blocked by the RateBasedRule that is specified by the RuleId.", + "description": "Grants permission to retrieve the array of IP addresses that are currently being blocked by a RateBasedRule", "privilege": "GetRateBasedRuleManagedKeys", "resource_types": [ { @@ -161533,7 +165591,7 @@ }, { "access_level": "Read", - "description": "Returns the RegexMatchSet specified by RegexMatchSetId.", + "description": "Grants permission to retrieve a RegexMatchSet", "privilege": "GetRegexMatchSet", "resource_types": [ { @@ -161545,7 +165603,7 @@ }, { "access_level": "Read", - "description": "Returns the RegexPatternSet specified by RegexPatternSetId.", + "description": "Grants permission to retrieve a RegexPatternSet", "privilege": "GetRegexPatternSet", "resource_types": [ { @@ -161557,7 +165615,7 @@ }, { "access_level": "Read", - "description": "Returns the Rule that is specified by the RuleId that you included in the GetRule request.", + "description": "Grants permission to retrieve a Rule", "privilege": "GetRule", "resource_types": [ { @@ -161569,7 +165627,7 @@ }, { "access_level": "Read", - "description": "Returns the RuleGroup that is specified by the RuleGroupId that you included in the GetRuleGroup request.", + "description": "Grants permission to retrieve a RuleGroup", "privilege": "GetRuleGroup", "resource_types": [ { @@ -161581,7 +165639,7 @@ }, { "access_level": "Read", - "description": "Gets detailed information about a specified number of requests--a sample--that AWS WAF randomly selects from among the first 5,000 requests that your AWS resource received during a time range that you choose.", + "description": "Grants permission to retrieve detailed information about a sample set of web requests", "privilege": "GetSampledRequests", "resource_types": [ { @@ -161598,7 +165656,7 @@ }, { "access_level": "Read", - "description": "Returns the SizeConstraintSet specified by SizeConstraintSetId.", + "description": "Grants permission to retrieve a SizeConstraintSet", "privilege": "GetSizeConstraintSet", "resource_types": [ { @@ -161610,7 +165668,7 @@ }, { "access_level": "Read", - "description": "Returns the SqlInjectionMatchSet that is specified by SqlInjectionMatchSetId.", + "description": "Grants permission to retrieve an SqlInjectionMatchSet", "privilege": "GetSqlInjectionMatchSet", "resource_types": [ { @@ -161622,7 +165680,7 @@ }, { "access_level": "Read", - "description": "Returns the WebACL that is specified by WebACLId.", + "description": "Grants permission to retrieve a WebACL", "privilege": "GetWebACL", "resource_types": [ { @@ -161634,7 +165692,7 @@ }, { "access_level": "Read", - "description": "Returns the XssMatchSet that is specified by XssMatchSetId.", + "description": "Grants permission to retrieve an XssMatchSet", "privilege": "GetXssMatchSet", "resource_types": [ { @@ -161646,7 +165704,7 @@ }, { "access_level": "List", - "description": "Returns an array of ActivatedRule objects.", + "description": "Grants permission to retrieve an array of ActivatedRule objects", "privilege": "ListActivatedRulesInRuleGroup", "resource_types": [ { @@ -161658,7 +165716,7 @@ }, { "access_level": "List", - "description": "Returns an array of ByteMatchSetSummary objects.", + "description": "Grants permission to retrieve an array of ByteMatchSetSummary objects", "privilege": "ListByteMatchSets", "resource_types": [ { @@ -161670,7 +165728,7 @@ }, { "access_level": "List", - "description": "Returns an array of GeoMatchSetSummary objects.", + "description": "Grants permission to retrieve an array of GeoMatchSetSummary objects", "privilege": "ListGeoMatchSets", "resource_types": [ { @@ -161682,7 +165740,7 @@ }, { "access_level": "List", - "description": "Returns an array of IPSetSummary objects in the response.", + "description": "Grants permission to retrieve an array of IPSetSummary objects", "privilege": "ListIPSets", "resource_types": [ { @@ -161694,7 +165752,7 @@ }, { "access_level": "List", - "description": "Returns an array of LoggingConfiguration objects.", + "description": "Grants permission to retrieve an array of LoggingConfiguration objects", "privilege": "ListLoggingConfigurations", "resource_types": [ { @@ -161706,7 +165764,7 @@ }, { "access_level": "List", - "description": "Returns an array of RuleSummary objects.", + "description": "Grants permission to retrieve an array of RuleSummary objects", "privilege": "ListRateBasedRules", "resource_types": [ { @@ -161718,7 +165776,7 @@ }, { "access_level": "List", - "description": "Returns an array of RegexMatchSetSummary objects.", + "description": "Grants permission to retrieve an array of RegexMatchSetSummary objects", "privilege": "ListRegexMatchSets", "resource_types": [ { @@ -161730,7 +165788,7 @@ }, { "access_level": "List", - "description": "Returns an array of RegexPatternSetSummary objects.", + "description": "Grants permission to retrieve an array of RegexPatternSetSummary objects", "privilege": "ListRegexPatternSets", "resource_types": [ { @@ -161742,7 +165800,7 @@ }, { "access_level": "List", - "description": "Returns an array of RuleGroup objects.", + "description": "Grants permission to retrieve an array of RuleGroup objects", "privilege": "ListRuleGroups", "resource_types": [ { @@ -161754,7 +165812,7 @@ }, { "access_level": "List", - "description": "Returns an array of RuleSummary objects.", + "description": "Grants permission to retrieve an array of RuleSummary objects", "privilege": "ListRules", "resource_types": [ { @@ -161766,7 +165824,7 @@ }, { "access_level": "List", - "description": "Returns an array of SizeConstraintSetSummary objects.", + "description": "Grants permission to retrieve an array of SizeConstraintSetSummary objects", "privilege": "ListSizeConstraintSets", "resource_types": [ { @@ -161778,7 +165836,7 @@ }, { "access_level": "List", - "description": "Returns an array of SqlInjectionMatchSet objects.", + "description": "Grants permission to retrieve an array of SqlInjectionMatchSet objects", "privilege": "ListSqlInjectionMatchSets", "resource_types": [ { @@ -161790,7 +165848,7 @@ }, { "access_level": "List", - "description": "Returns an array of RuleGroup objects that you are subscribed to.", + "description": "Grants permission to retrieve an array of RuleGroup objects that you are subscribed to", "privilege": "ListSubscribedRuleGroups", "resource_types": [ { @@ -161802,7 +165860,7 @@ }, { "access_level": "Read", - "description": "Lists the Tags for a given resource.", + "description": "Grants permission to retrieve the tags for a resource", "privilege": "ListTagsForResource", "resource_types": [ { @@ -161829,7 +165887,7 @@ }, { "access_level": "List", - "description": "Returns an array of WebACLSummary objects in the response.", + "description": "Grants permission to retrieve an array of WebACLSummary objects", "privilege": "ListWebACLs", "resource_types": [ { @@ -161841,7 +165899,7 @@ }, { "access_level": "List", - "description": "Returns an array of XssMatchSet objects.", + "description": "Grants permission to retrieve an array of XssMatchSet objects", "privilege": "ListXssMatchSets", "resource_types": [ { @@ -161853,7 +165911,7 @@ }, { "access_level": "Write", - "description": "Associates a LoggingConfiguration with a specified web ACL.", + "description": "Grants permission to associate a LoggingConfiguration with a specified web ACL", "privilege": "PutLoggingConfiguration", "resource_types": [ { @@ -161867,7 +165925,7 @@ }, { "access_level": "Permissions management", - "description": "Attaches a IAM policy to the specified resource. The only supported use for this action is to share a RuleGroup across accounts.", + "description": "Grants permission to attach an IAM policy to a rule group, to share the rule group between accounts", "privilege": "PutPermissionPolicy", "resource_types": [ { @@ -161879,7 +165937,7 @@ }, { "access_level": "Tagging", - "description": "Adds a Tag to a given resource.", + "description": "Grants permission to add a Tag to a resource", "privilege": "TagResource", "resource_types": [ { @@ -161914,7 +165972,7 @@ }, { "access_level": "Tagging", - "description": "Removes a Tag from a given resource.", + "description": "Grants permission to remove a Tag from a resource", "privilege": "UntagResource", "resource_types": [ { @@ -161948,7 +166006,7 @@ }, { "access_level": "Write", - "description": "Inserts or deletes ByteMatchTuple objects (filters) in a ByteMatchSet.", + "description": "Grants permission to insert or delete ByteMatchTuple objects in a ByteMatchSet", "privilege": "UpdateByteMatchSet", "resource_types": [ { @@ -161960,7 +166018,7 @@ }, { "access_level": "Write", - "description": "Inserts or deletes GeoMatchConstraint objects in a GeoMatchSet.", + "description": "Grants permission to insert or delete GeoMatchConstraint objects in a GeoMatchSet", "privilege": "UpdateGeoMatchSet", "resource_types": [ { @@ -161972,7 +166030,7 @@ }, { "access_level": "Write", - "description": "Inserts or deletes IPSetDescriptor objects in an IPSet.", + "description": "Grants permission to insert or delete IPSetDescriptor objects in an IPSet", "privilege": "UpdateIPSet", "resource_types": [ { @@ -161984,7 +166042,7 @@ }, { "access_level": "Write", - "description": "Inserts or deletes Predicate objects in a rule and updates the RateLimit in the rule.", + "description": "Grants permission to modify a rate based rule", "privilege": "UpdateRateBasedRule", "resource_types": [ { @@ -161996,7 +166054,7 @@ }, { "access_level": "Write", - "description": "Inserts or deletes RegexMatchTuple objects (filters) in a RegexMatchSet.", + "description": "Grants permission to insert or delete RegexMatchTuple objects in a RegexMatchSet", "privilege": "UpdateRegexMatchSet", "resource_types": [ { @@ -162008,7 +166066,7 @@ }, { "access_level": "Write", - "description": "Inserts or deletes RegexPatternStrings in a RegexPatternSet.", + "description": "Grants permission to insert or delete RegexPatternStrings in a RegexPatternSet", "privilege": "UpdateRegexPatternSet", "resource_types": [ { @@ -162020,7 +166078,7 @@ }, { "access_level": "Write", - "description": "Inserts or deletes Predicate objects in a Rule.", + "description": "Grants permission to modify a Rule", "privilege": "UpdateRule", "resource_types": [ { @@ -162032,7 +166090,7 @@ }, { "access_level": "Write", - "description": "Inserts or deletes ActivatedRule objects in a RuleGroup.", + "description": "Grants permission to insert or delete ActivatedRule objects in a RuleGroup", "privilege": "UpdateRuleGroup", "resource_types": [ { @@ -162044,7 +166102,7 @@ }, { "access_level": "Write", - "description": "Inserts or deletes SizeConstraint objects (filters) in a SizeConstraintSet.", + "description": "Grants permission to insert or delete SizeConstraint objects in a SizeConstraintSet", "privilege": "UpdateSizeConstraintSet", "resource_types": [ { @@ -162056,7 +166114,7 @@ }, { "access_level": "Write", - "description": "Inserts or deletes SqlInjectionMatchTuple objects (filters) in a SqlInjectionMatchSet.", + "description": "Grants permission to insert or delete SqlInjectionMatchTuple objects in an SqlInjectionMatchSet", "privilege": "UpdateSqlInjectionMatchSet", "resource_types": [ { @@ -162068,7 +166126,7 @@ }, { "access_level": "Permissions management", - "description": "Inserts or deletes ActivatedRule objects in a WebACL.", + "description": "Grants permission to insert or delete ActivatedRule objects in a WebACL", "privilege": "UpdateWebACL", "resource_types": [ { @@ -162080,7 +166138,7 @@ }, { "access_level": "Write", - "description": "Inserts or deletes XssMatchTuple objects (filters) in an XssMatchSet.", + "description": "Grants permission to insert or delete XssMatchTuple objects in an XssMatchSet", "privilege": "UpdateXssMatchSet", "resource_types": [ { @@ -162185,7 +166243,7 @@ "privileges": [ { "access_level": "Write", - "description": "Associates a WebACL with a resource.", + "description": "Grants permission to associate a web ACL with a resource", "privilege": "AssociateWebACL", "resource_types": [ { @@ -162202,7 +166260,7 @@ }, { "access_level": "Write", - "description": "Creates a ByteMatchSet.", + "description": "Grants permission to create a ByteMatchSet", "privilege": "CreateByteMatchSet", "resource_types": [ { @@ -162214,7 +166272,7 @@ }, { "access_level": "Write", - "description": "Creates a GeoMatchSet, which you use to specify which web requests you want to allow or block based on the country that the requests originate rom.", + "description": "Grants permission to create a GeoMatchSet", "privilege": "CreateGeoMatchSet", "resource_types": [ { @@ -162226,7 +166284,7 @@ }, { "access_level": "Write", - "description": "Creates an IPSet, which you use to specify which web requests you want to allow or block based on the IP addresses that the requests originate rom.", + "description": "Grants permission to create an IPSet", "privilege": "CreateIPSet", "resource_types": [ { @@ -162238,7 +166296,7 @@ }, { "access_level": "Write", - "description": "Creates a RateBasedRule, which contains a RateLimit specifying the maximum number of requests that AWS WAF allows from a specified IP address n a five-minute period.", + "description": "Grants permission to create a RateBasedRule", "privilege": "CreateRateBasedRule", "resource_types": [ { @@ -162258,7 +166316,7 @@ }, { "access_level": "Write", - "description": "Creates a RegexMatchSet, which you use to specify which web requests you want to allow or block based on the regex patterns you specified in a egexPatternSet.", + "description": "Grants permission to create a RegexMatchSet", "privilege": "CreateRegexMatchSet", "resource_types": [ { @@ -162270,7 +166328,7 @@ }, { "access_level": "Write", - "description": "Creates a RegexPatternSet, which you use to specify the regular expression (regex) pattern that you want AWS WAF to search for.", + "description": "Grants permission to create a RegexPatternSet", "privilege": "CreateRegexPatternSet", "resource_types": [ { @@ -162282,7 +166340,7 @@ }, { "access_level": "Write", - "description": "Creates a Rule, which contains the IPSet objects, ByteMatchSet objects, and other predicates that identify the requests that you want to lock.", + "description": "Grants permission to create a Rule", "privilege": "CreateRule", "resource_types": [ { @@ -162302,7 +166360,7 @@ }, { "access_level": "Write", - "description": "Creates a RuleGroup. A rule group is a collection of predefined rules that you add to a WebACL.", + "description": "Grants permission to create a RuleGroup", "privilege": "CreateRuleGroup", "resource_types": [ { @@ -162322,7 +166380,7 @@ }, { "access_level": "Write", - "description": "Creates a SizeConstraintSet, which you use to identify the part of a web request that you want to check for length.", + "description": "Grants permission to create a SizeConstraintSet", "privilege": "CreateSizeConstraintSet", "resource_types": [ { @@ -162334,7 +166392,7 @@ }, { "access_level": "Write", - "description": "Creates a SqlInjectionMatchSet, which you use to allow, block, or count requests that contain snippets of SQL code in a specified part of web equests.", + "description": "Grants permission to create an SqlInjectionMatchSet", "privilege": "CreateSqlInjectionMatchSet", "resource_types": [ { @@ -162346,7 +166404,7 @@ }, { "access_level": "Permissions management", - "description": "Creates a WebACL, which contains the Rules that identify the CloudFront web requests that you want to allow, block, or count.", + "description": "Grants permission to create a WebACL", "privilege": "CreateWebACL", "resource_types": [ { @@ -162366,7 +166424,7 @@ }, { "access_level": "Write", - "description": "Create and store a CloudFormation tempalte that creates an equivalent WAF v2 WebACL from the given WAF Classic WebACL in the given S3 bucket.", + "description": "Grants permission to create a CloudFormation web ACL template in an S3 bucket for the purposes of migrating the web ACL from AWS WAF Classic to AWS WAF v2", "privilege": "CreateWebACLMigrationStack", "resource_types": [ { @@ -162380,7 +166438,7 @@ }, { "access_level": "Write", - "description": "Creates an XssMatchSet, which you use to allow, block, or count requests that contain cross-site scripting attacks in the specified part of web equests.", + "description": "Grants permission to create an XssMatchSet", "privilege": "CreateXssMatchSet", "resource_types": [ { @@ -162392,7 +166450,7 @@ }, { "access_level": "Write", - "description": "Permanently deletes a ByteMatchSet.", + "description": "Grants permission to delete a ByteMatchSet", "privilege": "DeleteByteMatchSet", "resource_types": [ { @@ -162404,7 +166462,7 @@ }, { "access_level": "Write", - "description": "Permanently deletes an GeoMatchSet.", + "description": "Grants permission to delete a GeoMatchSet", "privilege": "DeleteGeoMatchSet", "resource_types": [ { @@ -162416,7 +166474,7 @@ }, { "access_level": "Write", - "description": "Permanently deletes an IPSet.", + "description": "Grants permission to delete an IPSet", "privilege": "DeleteIPSet", "resource_types": [ { @@ -162428,7 +166486,7 @@ }, { "access_level": "Write", - "description": "Permanently deletes the LoggingConfiguration from the specified web ACL.", + "description": "Grants permission to delete a LoggingConfiguration from a web ACL", "privilege": "DeleteLoggingConfiguration", "resource_types": [ { @@ -162440,7 +166498,7 @@ }, { "access_level": "Permissions management", - "description": "Permanently deletes an IAM policy from the specified RuleGroup.", + "description": "Grants permission to delete an IAM policy from a rule group", "privilege": "DeletePermissionPolicy", "resource_types": [ { @@ -162452,7 +166510,7 @@ }, { "access_level": "Write", - "description": "Permanently deletes a RateBasedRule.", + "description": "Grants permission to delete a RateBasedRule", "privilege": "DeleteRateBasedRule", "resource_types": [ { @@ -162464,7 +166522,7 @@ }, { "access_level": "Write", - "description": "Permanently deletes an RegexMatchSet.", + "description": "Grants permission to delete a RegexMatchSet", "privilege": "DeleteRegexMatchSet", "resource_types": [ { @@ -162476,7 +166534,7 @@ }, { "access_level": "Write", - "description": "Permanently deletes an RegexPatternSet.", + "description": "Grants permission to delete a RegexPatternSet", "privilege": "DeleteRegexPatternSet", "resource_types": [ { @@ -162488,7 +166546,7 @@ }, { "access_level": "Write", - "description": "Permanently deletes a Rule.", + "description": "Grants permission to delete a Rule", "privilege": "DeleteRule", "resource_types": [ { @@ -162500,7 +166558,7 @@ }, { "access_level": "Write", - "description": "Permanently deletes a RuleGroup.", + "description": "Grants permission to delete a RuleGroup", "privilege": "DeleteRuleGroup", "resource_types": [ { @@ -162512,7 +166570,7 @@ }, { "access_level": "Write", - "description": "Permanently deletes a SizeConstraintSet.", + "description": "Grants permission to delete a SizeConstraintSet", "privilege": "DeleteSizeConstraintSet", "resource_types": [ { @@ -162524,7 +166582,7 @@ }, { "access_level": "Write", - "description": "Permanently deletes a SqlInjectionMatchSet.", + "description": "Grants permission to delete an SqlInjectionMatchSet", "privilege": "DeleteSqlInjectionMatchSet", "resource_types": [ { @@ -162536,7 +166594,7 @@ }, { "access_level": "Permissions management", - "description": "Permanently deletes a WebACL.", + "description": "Grants permission to delete a WebACL", "privilege": "DeleteWebACL", "resource_types": [ { @@ -162548,7 +166606,7 @@ }, { "access_level": "Write", - "description": "Permanently deletes an XssMatchSet.", + "description": "Grants permission to delete an XssMatchSet", "privilege": "DeleteXssMatchSet", "resource_types": [ { @@ -162560,7 +166618,7 @@ }, { "access_level": "Write", - "description": "Removes a WebACL from the specified resource.", + "description": "Grants permission to delete an association between a web ACL and a resource", "privilege": "DisassociateWebACL", "resource_types": [ { @@ -162572,7 +166630,7 @@ }, { "access_level": "Read", - "description": "Returns the ByteMatchSet specified by ByteMatchSetId.", + "description": "Grants permission to retrieve a ByteMatchSet", "privilege": "GetByteMatchSet", "resource_types": [ { @@ -162584,7 +166642,7 @@ }, { "access_level": "Read", - "description": "When you want to create, update, or delete AWS WAF objects, get a change token and include the change token in the create, update, or delete equest.", + "description": "Grants permission to retrieve a change token to use in create, update, and delete requests", "privilege": "GetChangeToken", "resource_types": [ { @@ -162596,7 +166654,7 @@ }, { "access_level": "Read", - "description": "Returns the status of a ChangeToken that you got by calling GetChangeToken.", + "description": "Grants permission to retrieve the status of a change token", "privilege": "GetChangeTokenStatus", "resource_types": [ { @@ -162608,7 +166666,7 @@ }, { "access_level": "Read", - "description": "Returns the GeoMatchSet specified by GeoMatchSetId.", + "description": "Grants permission to retrieve a GeoMatchSet", "privilege": "GetGeoMatchSet", "resource_types": [ { @@ -162620,7 +166678,7 @@ }, { "access_level": "Read", - "description": "Returns the IPSet that is specified by IPSetId.", + "description": "Grants permission to retrieve an IPSet", "privilege": "GetIPSet", "resource_types": [ { @@ -162632,7 +166690,7 @@ }, { "access_level": "Read", - "description": "Returns the LoggingConfiguration for the specified web ACL.", + "description": "Grants permission to retrieve a LoggingConfiguration", "privilege": "GetLoggingConfiguration", "resource_types": [ { @@ -162644,7 +166702,7 @@ }, { "access_level": "Read", - "description": "Returns the IAM policy attached to the RuleGroup.", + "description": "Grants permission to retrieve an IAM policy attached to a RuleGroup", "privilege": "GetPermissionPolicy", "resource_types": [ { @@ -162656,7 +166714,7 @@ }, { "access_level": "Read", - "description": "Returns the RateBasedRule that is specified by the RuleId that you included in the GetRateBasedRule request.", + "description": "Grants permission to retrieve a RateBasedRule", "privilege": "GetRateBasedRule", "resource_types": [ { @@ -162668,7 +166726,7 @@ }, { "access_level": "Read", - "description": "Returns an array of IP addresses currently being blocked by the RateBasedRule that is specified by the RuleId.", + "description": "Grants permission to retrieve the array of IP addresses that are currently being blocked by a RateBasedRule", "privilege": "GetRateBasedRuleManagedKeys", "resource_types": [ { @@ -162680,7 +166738,7 @@ }, { "access_level": "Read", - "description": "Returns the RegexMatchSet specified by RegexMatchSetId.", + "description": "Grants permission to retrieve a RegexMatchSet", "privilege": "GetRegexMatchSet", "resource_types": [ { @@ -162692,7 +166750,7 @@ }, { "access_level": "Read", - "description": "Returns the RegexPatternSet specified by RegexPatternSetId.", + "description": "Grants permission to retrieve a RegexPatternSet", "privilege": "GetRegexPatternSet", "resource_types": [ { @@ -162704,7 +166762,7 @@ }, { "access_level": "Read", - "description": "Returns the Rule that is specified by the RuleId that you included in the GetRule request.", + "description": "Grants permission to retrieve a Rule", "privilege": "GetRule", "resource_types": [ { @@ -162716,7 +166774,7 @@ }, { "access_level": "Read", - "description": "Returns the RuleGroup that is specified by the RuleGroupId that you included in the GetRuleGroup request.", + "description": "Grants permission to retrieve a RuleGroup", "privilege": "GetRuleGroup", "resource_types": [ { @@ -162728,7 +166786,7 @@ }, { "access_level": "Read", - "description": "Gets detailed information about a specified number of requests--a sample--that AWS WAF randomly selects from among the first 5,000 requests hat your AWS resource received during a time range that you choose.", + "description": "Grants permission to retrieve detailed information for a sample set of web requests", "privilege": "GetSampledRequests", "resource_types": [ { @@ -162745,7 +166803,7 @@ }, { "access_level": "Read", - "description": "Returns the SizeConstraintSet specified by SizeConstraintSetId.", + "description": "Grants permission to retrieve a SizeConstraintSet", "privilege": "GetSizeConstraintSet", "resource_types": [ { @@ -162757,7 +166815,7 @@ }, { "access_level": "Read", - "description": "Returns the SqlInjectionMatchSet that is specified by SqlInjectionMatchSetId.", + "description": "Grants permission to retrieve an SqlInjectionMatchSet", "privilege": "GetSqlInjectionMatchSet", "resource_types": [ { @@ -162769,7 +166827,7 @@ }, { "access_level": "Read", - "description": "Returns the WebACL that is specified by WebACLId.", + "description": "Grants permission to retrieve a WebACL", "privilege": "GetWebACL", "resource_types": [ { @@ -162781,7 +166839,7 @@ }, { "access_level": "Read", - "description": "Returns the WebACL for the specified resource.", + "description": "Grants permission to retrieve a WebACL that's associated with a specified resource", "privilege": "GetWebACLForResource", "resource_types": [ { @@ -162793,7 +166851,7 @@ }, { "access_level": "Read", - "description": "Returns the XssMatchSet that is specified by XssMatchSetId.", + "description": "Grants permission to retrieve an XssMatchSet", "privilege": "GetXssMatchSet", "resource_types": [ { @@ -162805,7 +166863,7 @@ }, { "access_level": "List", - "description": "Returns an array of ActivatedRule objects.", + "description": "Grants permission to retrieve an array of ActivatedRule objects", "privilege": "ListActivatedRulesInRuleGroup", "resource_types": [ { @@ -162817,7 +166875,7 @@ }, { "access_level": "List", - "description": "Returns an array of ByteMatchSetSummary objects.", + "description": "Grants permission to retrieve an array of ByteMatchSetSummary objects", "privilege": "ListByteMatchSets", "resource_types": [ { @@ -162829,7 +166887,7 @@ }, { "access_level": "List", - "description": "Returns an array of GeoMatchSetSummary objects.", + "description": "Grants permission to retrieve an array of GeoMatchSetSummary objects", "privilege": "ListGeoMatchSets", "resource_types": [ { @@ -162841,7 +166899,7 @@ }, { "access_level": "List", - "description": "Returns an array of IPSetSummary objects in the response.", + "description": "Grants permission to retrieve an array of IPSetSummary objects", "privilege": "ListIPSets", "resource_types": [ { @@ -162853,7 +166911,7 @@ }, { "access_level": "List", - "description": "Returns an array of LoggingConfiguration objects.", + "description": "Grants permission to retrieve an array of LoggingConfiguration objects", "privilege": "ListLoggingConfigurations", "resource_types": [ { @@ -162865,7 +166923,7 @@ }, { "access_level": "List", - "description": "Returns an array of RuleSummary objects.", + "description": "Grants permission to retrieve an array of RuleSummary objects", "privilege": "ListRateBasedRules", "resource_types": [ { @@ -162877,7 +166935,7 @@ }, { "access_level": "List", - "description": "Returns an array of RegexMatchSetSummary objects.", + "description": "Grants permission to retrieve an array of RegexMatchSetSummary objects", "privilege": "ListRegexMatchSets", "resource_types": [ { @@ -162889,7 +166947,7 @@ }, { "access_level": "List", - "description": "Returns an array of RegexPatternSetSummary objects.", + "description": "Grants permission to retrieve an array of RegexPatternSetSummary objects", "privilege": "ListRegexPatternSets", "resource_types": [ { @@ -162901,7 +166959,7 @@ }, { "access_level": "List", - "description": "Returns an array of resources associated with the specified WebACL.", + "description": "Grants permission to retrieve an array of resources associated with a specified WebACL", "privilege": "ListResourcesForWebACL", "resource_types": [ { @@ -162913,7 +166971,7 @@ }, { "access_level": "List", - "description": "Returns an array of RuleGroup objects.", + "description": "Grants permission to retrieve an array of RuleGroup objects", "privilege": "ListRuleGroups", "resource_types": [ { @@ -162925,7 +166983,7 @@ }, { "access_level": "List", - "description": "Returns an array of RuleSummary objects.", + "description": "Grants permission to retrieve an array of RuleSummary objects", "privilege": "ListRules", "resource_types": [ { @@ -162937,7 +166995,7 @@ }, { "access_level": "List", - "description": "Returns an array of SizeConstraintSetSummary objects.", + "description": "Grants permission to retrieve an array of SizeConstraintSetSummary objects", "privilege": "ListSizeConstraintSets", "resource_types": [ { @@ -162949,7 +167007,7 @@ }, { "access_level": "List", - "description": "Returns an array of SqlInjectionMatchSet objects.", + "description": "Grants permission to retrieve an array of SqlInjectionMatchSet objects", "privilege": "ListSqlInjectionMatchSets", "resource_types": [ { @@ -162961,7 +167019,7 @@ }, { "access_level": "List", - "description": "Returns an array of RuleGroup objects that you are subscribed to.", + "description": "Grants permission to retrieve an array of RuleGroup objects that you are subscribed to", "privilege": "ListSubscribedRuleGroups", "resource_types": [ { @@ -162973,7 +167031,7 @@ }, { "access_level": "Read", - "description": "Lists the Tags for a given resource.", + "description": "Grants permission to lists the Tags for a resource", "privilege": "ListTagsForResource", "resource_types": [ { @@ -163000,7 +167058,7 @@ }, { "access_level": "List", - "description": "Returns an array of WebACLSummary objects in the response.", + "description": "Grants permission to retrieve an array of WebACLSummary objects", "privilege": "ListWebACLs", "resource_types": [ { @@ -163012,7 +167070,7 @@ }, { "access_level": "List", - "description": "Returns an array of XssMatchSet objects.", + "description": "Grants permission to retrieve an array of XssMatchSet objects", "privilege": "ListXssMatchSets", "resource_types": [ { @@ -163024,7 +167082,7 @@ }, { "access_level": "Write", - "description": "Associates a LoggingConfiguration with a specified web ACL.", + "description": "Grants permission to associates a LoggingConfiguration with a web ACL", "privilege": "PutLoggingConfiguration", "resource_types": [ { @@ -163038,7 +167096,7 @@ }, { "access_level": "Permissions management", - "description": "Attaches a IAM policy to the specified resource. The only supported use for this action is to share a RuleGroup across accounts.", + "description": "Grants permission to attach an IAM policy to a specified rule group, to support rule group sharing between accounts", "privilege": "PutPermissionPolicy", "resource_types": [ { @@ -163050,7 +167108,7 @@ }, { "access_level": "Tagging", - "description": "Adds a Tag to a given resource.", + "description": "Grants permission to add a Tag to a resource", "privilege": "TagResource", "resource_types": [ { @@ -163085,7 +167143,7 @@ }, { "access_level": "Tagging", - "description": "Removes a Tag from a given resource.", + "description": "Grants permission to remove a Tag from a resource", "privilege": "UntagResource", "resource_types": [ { @@ -163119,7 +167177,7 @@ }, { "access_level": "Write", - "description": "Inserts or deletes ByteMatchTuple objects (filters) in a ByteMatchSet.", + "description": "Grants permission to insert or delete ByteMatchTuple objects in a ByteMatchSet", "privilege": "UpdateByteMatchSet", "resource_types": [ { @@ -163131,7 +167189,7 @@ }, { "access_level": "Write", - "description": "Inserts or deletes GeoMatchConstraint objects in a GeoMatchSet.", + "description": "Grants permission to insert or delete GeoMatchConstraint objects in a GeoMatchSet", "privilege": "UpdateGeoMatchSet", "resource_types": [ { @@ -163143,7 +167201,7 @@ }, { "access_level": "Write", - "description": "Inserts or deletes IPSetDescriptor objects in an IPSet.", + "description": "Grants permission to insert or delete IPSetDescriptor objects in an IPSet", "privilege": "UpdateIPSet", "resource_types": [ { @@ -163155,7 +167213,7 @@ }, { "access_level": "Write", - "description": "Inserts or deletes Predicate objects in a rule and updates the RateLimit in the rule.", + "description": "Grants permission to insert or delete predicate objects in a rate based rule and update the RateLimit in the rule", "privilege": "UpdateRateBasedRule", "resource_types": [ { @@ -163167,7 +167225,7 @@ }, { "access_level": "Write", - "description": "Inserts or deletes RegexMatchTuple objects (filters) in a RegexMatchSet.", + "description": "Grants permission to insert or delete RegexMatchTuple objects in a RegexMatchSet", "privilege": "UpdateRegexMatchSet", "resource_types": [ { @@ -163179,7 +167237,7 @@ }, { "access_level": "Write", - "description": "Inserts or deletes RegexPatternStrings in a RegexPatternSet.", + "description": "Grants permission to insert or delete RegexPatternStrings in a RegexPatternSet", "privilege": "UpdateRegexPatternSet", "resource_types": [ { @@ -163191,7 +167249,7 @@ }, { "access_level": "Write", - "description": "Inserts or deletes Predicate objects in a Rule.", + "description": "Grants permission to insert or delete predicate objects in a Rule", "privilege": "UpdateRule", "resource_types": [ { @@ -163203,7 +167261,7 @@ }, { "access_level": "Write", - "description": "Inserts or deletes ActivatedRule objects in a RuleGroup.", + "description": "Grants permission to insert or delete ActivatedRule objects in a RuleGroup", "privilege": "UpdateRuleGroup", "resource_types": [ { @@ -163215,7 +167273,7 @@ }, { "access_level": "Write", - "description": "Inserts or deletes SizeConstraint objects (filters) in a SizeConstraintSet.", + "description": "Grants permission to insert or delete SizeConstraint objects in a SizeConstraintSet", "privilege": "UpdateSizeConstraintSet", "resource_types": [ { @@ -163227,7 +167285,7 @@ }, { "access_level": "Write", - "description": "Inserts or deletes SqlInjectionMatchTuple objects (filters) in a SqlInjectionMatchSet.", + "description": "Grants permission to insert or delete SqlInjectionMatchTuple objects in an SqlInjectionMatchSet", "privilege": "UpdateSqlInjectionMatchSet", "resource_types": [ { @@ -163239,7 +167297,7 @@ }, { "access_level": "Permissions management", - "description": "Inserts or deletes ActivatedRule objects in a WebACL.", + "description": "Grants permission to insert or delete ActivatedRule objects in a WebACL", "privilege": "UpdateWebACL", "resource_types": [ { @@ -163251,7 +167309,7 @@ }, { "access_level": "Write", - "description": "Inserts or deletes XssMatchTuple objects (filters) in an XssMatchSet.", + "description": "Grants permission to insert or delete XssMatchTuple objects in an XssMatchSet", "privilege": "UpdateXssMatchSet", "resource_types": [ { @@ -163348,7 +167406,7 @@ }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on tag-value assoicated with the resource", + "description": "Filters actions based on tag-value associated with the resource", "type": "String" }, { @@ -163361,7 +167419,7 @@ "privileges": [ { "access_level": "Write", - "description": "Grants permission to associate a WebACL with a resource.", + "description": "Grants permission to associate a WebACL with a resource", "privilege": "AssociateWebACL", "resource_types": [ { @@ -163388,7 +167446,7 @@ }, { "access_level": "Read", - "description": "Grants permission to calculate web ACL capacity unit (WCU) requirements for a specified scope and set of rules.", + "description": "Grants permission to calculate web ACL capacity unit (WCU) requirements for a specified scope and set of rules", "privilege": "CheckCapacity", "resource_types": [ { @@ -163400,7 +167458,7 @@ }, { "access_level": "Write", - "description": "Grants permission to create an IPSet.", + "description": "Grants permission to create an IPSet", "privilege": "CreateIPSet", "resource_types": [ { @@ -163420,7 +167478,7 @@ }, { "access_level": "Write", - "description": "Grants permission to create a RegexPatternSet.", + "description": "Grants permission to create a RegexPatternSet", "privilege": "CreateRegexPatternSet", "resource_types": [ { @@ -163440,7 +167498,7 @@ }, { "access_level": "Write", - "description": "Grants permission to create a RuleGroup.", + "description": "Grants permission to create a RuleGroup", "privilege": "CreateRuleGroup", "resource_types": [ { @@ -163460,7 +167518,7 @@ }, { "access_level": "Permissions management", - "description": "Grants permission to create a WebACL.", + "description": "Grants permission to create a WebACL", "privilege": "CreateWebACL", "resource_types": [ { @@ -163480,7 +167538,7 @@ }, { "access_level": "Write", - "description": "Grants permission to delete specified FirewallManagedRulesGroups from the specified WebACL if not managed by Firewall Manager anymore.", + "description": "Grants permission to delete FirewallManagedRulesGroups from a WebACL if not managed by Firewall Manager anymore", "privilege": "DeleteFirewallManagerRuleGroups", "resource_types": [ { @@ -163492,7 +167550,7 @@ }, { "access_level": "Write", - "description": "Grants permission to delete the specified IPSet.", + "description": "Grants permission to delete an IPSet", "privilege": "DeleteIPSet", "resource_types": [ { @@ -163504,7 +167562,7 @@ }, { "access_level": "Write", - "description": "Grants permission to delete the LoggingConfiguration from the specified WebACL.", + "description": "Grants permission to delete the LoggingConfiguration from a WebACL", "privilege": "DeleteLoggingConfiguration", "resource_types": [ { @@ -163516,7 +167574,7 @@ }, { "access_level": "Permissions management", - "description": "Grants permission to delete the PermissionPolicy on the specified RuleGroup.", + "description": "Grants permission to delete the PermissionPolicy on a RuleGroup", "privilege": "DeletePermissionPolicy", "resource_types": [ { @@ -163528,7 +167586,7 @@ }, { "access_level": "Write", - "description": "Grants permission to delete the specified RegexPatternSet.", + "description": "Grants permission to delete a RegexPatternSet", "privilege": "DeleteRegexPatternSet", "resource_types": [ { @@ -163540,7 +167598,7 @@ }, { "access_level": "Write", - "description": "Grants permission to delete the specified RuleGroup.", + "description": "Grants permission to delete a RuleGroup", "privilege": "DeleteRuleGroup", "resource_types": [ { @@ -163552,7 +167610,7 @@ }, { "access_level": "Permissions management", - "description": "Grants permission to delete the specified WebACL.", + "description": "Grants permission to delete a WebACL", "privilege": "DeleteWebACL", "resource_types": [ { @@ -163564,7 +167622,7 @@ }, { "access_level": "List", - "description": "Grants permission to view high-level information for a managed rule group.", + "description": "Grants permission to retrieve high-level information for a managed rule group", "privilege": "DescribeManagedRuleGroup", "resource_types": [ { @@ -163576,7 +167634,7 @@ }, { "access_level": "Write", - "description": "Grants permission to disassociate Firewall Manager from the specified WebACL.", + "description": "Grants permission to disassociate Firewall Manager from a WebACL", "privilege": "DisassociateFirewallManager", "resource_types": [ { @@ -163588,7 +167646,7 @@ }, { "access_level": "Write", - "description": "Grants permission disassociate a WebACL from an application resource.", + "description": "Grants permission disassociate a WebACL from an application resource", "privilege": "DisassociateWebACL", "resource_types": [ { @@ -163610,7 +167668,7 @@ }, { "access_level": "Read", - "description": "Grants permission to view details about the specified IPSet.", + "description": "Grants permission to retrieve details about an IPSet", "privilege": "GetIPSet", "resource_types": [ { @@ -163629,7 +167687,7 @@ }, { "access_level": "Read", - "description": "Grants permission to view LoggingConfiguration about the specified WebACL.", + "description": "Grants permission to retrieve LoggingConfiguration for a WebACL", "privilege": "GetLoggingConfiguration", "resource_types": [ { @@ -163648,7 +167706,7 @@ }, { "access_level": "Read", - "description": "Grants permission to view PermissionPolicy on the specified RuleGroup.", + "description": "Grants permission to retrieve a PermissionPolicy for a RuleGroup", "privilege": "GetPermissionPolicy", "resource_types": [ { @@ -163660,7 +167718,7 @@ }, { "access_level": "Read", - "description": "Grants permission to view the keys that are currently blocked by a rate-based rule.", + "description": "Grants permission to retrieve the keys that are currently blocked by a rate-based rule", "privilege": "GetRateBasedStatementManagedKeys", "resource_types": [ { @@ -163679,7 +167737,7 @@ }, { "access_level": "Read", - "description": "Grants permission to view details about the specified RegexPatternSet.", + "description": "Grants permission to retrieve details about a RegexPatternSet", "privilege": "GetRegexPatternSet", "resource_types": [ { @@ -163698,7 +167756,7 @@ }, { "access_level": "Read", - "description": "Grants permission to view details about the specified RuleGroup.", + "description": "Grants permission to retrieve details about a RuleGroup", "privilege": "GetRuleGroup", "resource_types": [ { @@ -163717,7 +167775,7 @@ }, { "access_level": "Read", - "description": "Grants permission to view detailed information about a specified number of requests--a sample--that AWS WAF randomly selects from among the first 5,000 requests that your AWS resource received during a time range that you choose.", + "description": "Grants permission to retrieve detailed information about a sampling of web requests", "privilege": "GetSampledRequests", "resource_types": [ { @@ -163729,7 +167787,7 @@ }, { "access_level": "Read", - "description": "Grants permission to view details about the specified GetWebACL.", + "description": "Grants permission to retrieve details about a WebACL", "privilege": "GetWebACL", "resource_types": [ { @@ -163748,7 +167806,7 @@ }, { "access_level": "Read", - "description": "Grants permission to view the WebACL for the specified resource.", + "description": "Grants permission to retrieve the WebACL that's associated with a resource", "privilege": "GetWebACLForResource", "resource_types": [ { @@ -163770,7 +167828,7 @@ }, { "access_level": "List", - "description": "Grants permission to view an array of managed rule groups that are available for you to use.", + "description": "Grants permission to retrieve an array of managed rule groups that are available for you to use", "privilege": "ListAvailableManagedRuleGroups", "resource_types": [ { @@ -163782,7 +167840,7 @@ }, { "access_level": "List", - "description": "Grants permission to view an array of IPSetSummary objects for the IP sets that you manage.", + "description": "Grants permission to retrieve an array of IPSetSummary objects for the IP sets that you manage", "privilege": "ListIPSets", "resource_types": [ { @@ -163794,7 +167852,7 @@ }, { "access_level": "List", - "description": "Grants permission to view an array of your LoggingConfiguration objects.", + "description": "Grants permission to retrieve an array of your LoggingConfiguration objects", "privilege": "ListLoggingConfigurations", "resource_types": [ { @@ -163806,7 +167864,7 @@ }, { "access_level": "List", - "description": "Grants permission to view an array of RegexPatternSetSummary objects for the regex pattern sets that you manage.", + "description": "Grants permission to retrieve an array of RegexPatternSetSummary objects for the regex pattern sets that you manage", "privilege": "ListRegexPatternSets", "resource_types": [ { @@ -163818,7 +167876,7 @@ }, { "access_level": "List", - "description": "Grants permission to view an array of the Amazon Resource Names (ARNs) for the resources that are associated with the specified web ACL.", + "description": "Grants permission to retrieve an array of the Amazon Resource Names (ARNs) for the resources that are associated with a web ACL", "privilege": "ListResourcesForWebACL", "resource_types": [ { @@ -163830,7 +167888,7 @@ }, { "access_level": "List", - "description": "Grants permission to view an array of RuleGroupSummary objects for the rule groups that you manage.", + "description": "Grants permission to retrieve an array of RuleGroupSummary objects for the rule groups that you manage", "privilege": "ListRuleGroups", "resource_types": [ { @@ -163842,7 +167900,7 @@ }, { "access_level": "Read", - "description": "Grants permission to lists tag for the specified resource.", + "description": "Grants permission to list tags for a resource", "privilege": "ListTagsForResource", "resource_types": [ { @@ -163876,7 +167934,7 @@ }, { "access_level": "List", - "description": "Grants permission to view an array of WebACLSummary objects for the web ACLs that you manage.", + "description": "Grants permission to retrieve an array of WebACLSummary objects for the web ACLs that you manage", "privilege": "ListWebACLs", "resource_types": [ { @@ -163888,7 +167946,7 @@ }, { "access_level": "Write", - "description": "Grants permission to create FirewallManagedRulesGroups in the specified WebACL.", + "description": "Grants permission to create FirewallManagedRulesGroups in a WebACL", "privilege": "PutFirewallManagerRuleGroups", "resource_types": [ { @@ -163900,7 +167958,7 @@ }, { "access_level": "Write", - "description": "Grants permission to enables the specified LoggingConfiguration, to start logging from a web ACL.", + "description": "Grants permission to enable a LoggingConfiguration, to start logging for a web ACL", "privilege": "PutLoggingConfiguration", "resource_types": [ { @@ -163914,7 +167972,7 @@ }, { "access_level": "Permissions management", - "description": "Grants permission to attach the specified IAM policy to the specified resource. The only supported use for this action is to share a RuleGroup across accounts.", + "description": "Grants permission to attach an IAM policy to a resource, used to share rule groups between accounts", "privilege": "PutPermissionPolicy", "resource_types": [ { @@ -163926,7 +167984,7 @@ }, { "access_level": "Tagging", - "description": "Grants permission to associates tags with the specified AWS resource.", + "description": "Grants permission to associate tags with a AWS resource", "privilege": "TagResource", "resource_types": [ { @@ -163962,7 +168020,7 @@ }, { "access_level": "Tagging", - "description": "Grants permission to disassociates tags from an AWS resource.", + "description": "Grants permission to disassociate tags from an AWS resource", "privilege": "UntagResource", "resource_types": [ { @@ -163996,7 +168054,7 @@ }, { "access_level": "Write", - "description": "Grants permission to update the specified IPSet.", + "description": "Grants permission to update an IPSet", "privilege": "UpdateIPSet", "resource_types": [ { @@ -164015,7 +168073,7 @@ }, { "access_level": "Write", - "description": "Grants permission to update the specified RegexPatternSet.", + "description": "Grants permission to update a RegexPatternSet", "privilege": "UpdateRegexPatternSet", "resource_types": [ { @@ -164034,7 +168092,7 @@ }, { "access_level": "Write", - "description": "Grants permission to update the specified RuleGroup.", + "description": "Grants permission to update a RuleGroup", "privilege": "UpdateRuleGroup", "resource_types": [ { @@ -164053,7 +168111,7 @@ }, { "access_level": "Permissions management", - "description": "Grants permission to update the specified WebACL.", + "description": "Grants permission to update a WebACL", "privilege": "UpdateWebACL", "resource_types": [ { @@ -168207,5 +172265,109 @@ } ], "service_name": "AWS X-Ray" + }, + { + "conditions": [], + "prefix": "finspace", + "privileges": [ + { + "access_level": "Unknown", + "description": "", + "privilege": "CreateEnvironment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "DeleteEnvironment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "GetEnvironment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "ListEnvironments", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "UpdateEnvironment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + } + ], + "resources": [], + "service_name": "Amazon FinSpace" } -] +] \ No newline at end of file diff --git a/iamlivecore/map.json b/iamlivecore/map.json index 929e9610..d686b75a 100644 --- a/iamlivecore/map.json +++ b/iamlivecore/map.json @@ -1,5 +1,5 @@ { - "info": "This file is sourced from https://github.com/iann0036/sdk-iam-map", + "info": "This file is sourced from https://github.com/iann0036/iam-dataset", "sdk_permissionless_actions": [ "DynamoDB.DescribeEndpoints", "STS.GetCallerIdentity" @@ -3241,97 +3241,71 @@ "Route53.ActivateKeySigningKey": [ { "action": "route53:ActivateKeySigningKey", - "undocumented": true - }, - { - "action": "kms:DescribeKey" - }, - { - "action": "kms:GetPublicKey" - }, - { - "action": "kms:Sign" + "resource_mappings": { + "Id": { + "template": "${HostedZoneId}" + } + } } ], "Route53.CreateKeySigningKey": [ { "action": "route53:CreateKeySigningKey", - "undocumented": true - }, - { - "action": "kms:DescribeKey" - }, - { - "action": "kms:GetPublicKey" - }, - { - "action": "kms:Sign" + "resource_mappings": { + "Id": { + "template": "${HostedZoneId}" + } + } } ], "Route53.DeactivateKeySigningKey": [ { "action": "route53:DeactivateKeySigningKey", - "undocumented": true - }, - { - "action": "kms:DescribeKey" - }, - { - "action": "kms:GetPublicKey" - }, - { - "action": "kms:Sign" + "resource_mappings": { + "Id": { + "template": "${HostedZoneId}" + } + } } ], "Route53.DeleteKeySigningKey": [ { "action": "route53:DeleteKeySigningKey", - "undocumented": true - }, - { - "action": "kms:DescribeKey" - }, - { - "action": "kms:GetPublicKey" - }, - { - "action": "kms:Sign" + "resource_mappings": { + "Id": { + "template": "${HostedZoneId}" + } + } } ], "Route53.DisableHostedZoneDNSSEC": [ { "action": "route53:DisableHostedZoneDNSSEC", - "undocumented": true - }, - { - "action": "kms:DescribeKey" - }, - { - "action": "kms:GetPublicKey" - }, - { - "action": "kms:Sign" + "resource_mappings": { + "Id": { + "template": "${HostedZoneId}" + } + } } ], "Route53.EnableHostedZoneDNSSEC": [ { "action": "route53:EnableHostedZoneDNSSEC", - "undocumented": true - }, - { - "action": "kms:DescribeKey" - }, - { - "action": "kms:GetPublicKey" - }, - { - "action": "kms:Sign" + "resource_mappings": { + "Id": { + "template": "${HostedZoneId}" + } + } } ], "Route53.GetDNSSEC": [ { "action": "route53:GetDNSSEC", - "undocumented": true + "resource_mappings": { + "Id": { + "template": "${HostedZoneId}" + } + } } ], "S3.CompleteMultipartUpload": [ @@ -42020,11 +41994,6 @@ } } ], - "SSM.GetInventory": [ - { - "action": "ssm:GetInventory" - } - ], "SSM.GetInventorySchema": [ { "action": "ssm:GetInventory", @@ -42088,11 +42057,6 @@ } } ], - "SSM.GetOpsSummary": [ - { - "action": "ssm:GetOpsSummary" - } - ], "SSM.GetParameter": [ { "action": "ssm:GetParameter", @@ -49947,81 +49911,6 @@ "resource_mappings": {} } ], - "CostExplorer.GetCostAndUsage": [ - { - "action": "ce:GetCostAndUsage" - } - ], - "CostExplorer.GetCostAndUsageWithResources": [ - { - "action": "ce:GetCostAndUsageWithResources" - } - ], - "CostExplorer.GetCostCategories": [ - { - "action": "ce:GetCostCategories" - } - ], - "CostExplorer.GetCostForecast": [ - { - "action": "ce:GetCostForecast" - } - ], - "CostExplorer.GetDimensionValues": [ - { - "action": "ce:GetDimensionValues" - } - ], - "CostExplorer.GetReservationCoverage": [ - { - "action": "ce:GetReservationCoverage" - } - ], - "CostExplorer.GetReservationPurchaseRecommendation": [ - { - "action": "ce:GetReservationPurchaseRecommendation" - } - ], - "CostExplorer.GetReservationUtilization": [ - { - "action": "ce:GetReservationUtilization" - } - ], - "CostExplorer.GetRightsizingRecommendation": [ - { - "action": "ce:GetRightsizingRecommendation" - } - ], - "CostExplorer.GetSavingsPlansCoverage": [ - { - "action": "ce:GetSavingsPlansCoverage" - } - ], - "CostExplorer.GetSavingsPlansPurchaseRecommendation": [ - { - "action": "ce:GetSavingsPlansPurchaseRecommendation" - } - ], - "CostExplorer.GetSavingsPlansUtilization": [ - { - "action": "ce:GetSavingsPlansUtilization" - } - ], - "CostExplorer.GetSavingsPlansUtilizationDetails": [ - { - "action": "ce:GetSavingsPlansUtilizationDetails" - } - ], - "CostExplorer.GetTags": [ - { - "action": "ce:GetTags" - } - ], - "CostExplorer.GetUsageForecast": [ - { - "action": "ce:GetUsageForecast" - } - ], "CostExplorer.ListCostCategoryDefinitions": [ { "action": "ce:ListCostCategoryDefinitions", @@ -54890,11 +54779,6 @@ } } ], - "SageMaker.Search": [ - { - "action": "sagemaker:Search" - } - ], "SageMaker.StartMonitoringSchedule": [ { "action": "sagemaker:StartMonitoringSchedule", @@ -76572,11 +76456,6 @@ } } ], - "Kendra.Query": [ - { - "action": "kendra:Query" - } - ], "Kendra.StartDataSourceSyncJob": [ { "action": "kendra:Query", @@ -82720,11 +82599,6 @@ "resource_mappings": {} } ], - "EMRcontainers.StartJobRun": [ - { - "action": "emr-containers:StartJobRun" - } - ], "SagemakerEdge.GetDeviceRegistration": [ { "action": "sagemaker:GetDeviceRegistration", @@ -91901,6 +91775,4318 @@ "connection": "${SourceConfiguration.AuthenticationConfiguration.ConnectionArn}" } } + ], + "Iot.CreateJobTemplate": [ + { + "action": "iot:CreateJobTemplate", + "resource_mappings": { + "JobTemplateId": { + "template": "${jobTemplateId}" + } + }, + "resourcearn_mappings": { + "job": "${jobArn}" + } + } + ], + "Iot.DeleteJobTemplate": [ + { + "action": "iot:DeleteJobTemplate", + "resource_mappings": { + "JobTemplateId": { + "template": "${jobTemplateId}" + } + } + } + ], + "Iot.DescribeJobTemplate": [ + { + "action": "iot:DescribeJobTemplate", + "resource_mappings": { + "JobTemplateId": { + "template": "${jobTemplateId}" + } + } + } + ], + "Iot.ListJobTemplates": [ + { + "action": "iot:ListJobTemplates", + "resource_mappings": {} + } + ], + "IoTEvents.CreateAlarmModel": [ + { + "action": "iotevents:CreateAlarmModel", + "resource_mappings": { + "AlarmModelName": { + "template": "${alarmModelName}" + } + } + } + ], + "IoTEvents.DeleteAlarmModel": [ + { + "action": "iotevents:DeleteAlarmModel", + "resource_mappings": { + "AlarmModelName": { + "template": "${alarmModelName}" + } + } + } + ], + "IoTEvents.DescribeAlarmModel": [ + { + "action": "iotevents:DescribeAlarmModel", + "resource_mappings": { + "AlarmModelName": { + "template": "${alarmModelName}" + } + } + } + ], + "IoTEvents.ListAlarmModelVersions": [ + { + "action": "iotevents:ListAlarmModelVersions", + "resource_mappings": { + "AlarmModelName": { + "template": "${alarmModelName}" + } + } + } + ], + "IoTEvents.ListAlarmModels": [ + { + "action": "iotevents:ListAlarmModels", + "resource_mappings": {} + } + ], + "IoTEvents.ListInputRoutings": [ + { + "action": "iotevents:ListInputRoutings", + "resource_mappings": {} + } + ], + "IoTEvents.UpdateAlarmModel": [ + { + "action": "iotevents:UpdateAlarmModel", + "resource_mappings": { + "AlarmModelName": { + "template": "${alarmModelName}" + } + } + } + ], + "QLDB.UpdateLedgerPermissionsMode": [ + { + "action": "qldb:UpdateLedgerPermissionsMode", + "resource_mappings": { + "LedgerName": { + "template": "${Name}" + } + } + } + ], + "Kendra.ClearQuerySuggestions": [ + { + "action": "kendra:ClearQuerySuggestions", + "resource_mappings": { + "IndexId": { + "template": "${IndexId}" + } + } + } + ], + "Kendra.CreateQuerySuggestionsBlockList": [ + { + "action": "kendra:CreateQuerySuggestionsBlockList", + "resource_mappings": { + "IndexId": { + "template": "${IndexId}" + } + } + } + ], + "Kendra.DeleteQuerySuggestionsBlockList": [ + { + "action": "kendra:DeleteQuerySuggestionsBlockList", + "resource_mappings": { + "IndexId": { + "template": "${IndexId}" + }, + "QuerySuggestionsBlockListId": { + "template": "${Id}" + } + } + } + ], + "Kendra.DescribeQuerySuggestionsBlockList": [ + { + "action": "kendra:DescribeQuerySuggestionsBlockList", + "resource_mappings": { + "IndexId": { + "template": "${IndexId}" + }, + "QuerySuggestionsBlockListId": { + "template": "${Id}" + } + } + } + ], + "Kendra.DescribeQuerySuggestionsConfig": [ + { + "action": "kendra:DescribeQuerySuggestionsConfig", + "resource_mappings": { + "IndexId": { + "template": "${IndexId}" + } + } + } + ], + "Kendra.GetQuerySuggestions": [ + { + "action": "kendra:GetQuerySuggestions", + "resource_mappings": { + "IndexId": { + "template": "${IndexId}" + } + } + } + ], + "Kendra.ListQuerySuggestionsBlockLists": [ + { + "action": "kendra:ListQuerySuggestionsBlockLists", + "resource_mappings": { + "IndexId": { + "template": "${IndexId}" + } + } + } + ], + "Kendra.UpdateQuerySuggestionsBlockList": [ + { + "action": "kendra:UpdateQuerySuggestionsBlockList", + "resource_mappings": { + "IndexId": { + "template": "${IndexId}" + }, + "QuerySuggestionsBlockListId": { + "template": "${Id}" + } + } + } + ], + "Kendra.UpdateQuerySuggestionsConfig": [ + { + "action": "kendra:UpdateQuerySuggestionsConfig", + "resource_mappings": { + "IndexId": { + "template": "${IndexId}" + } + } + } + ], + "Nimble.ListEulaAcceptances": [ + { + "action": "nimble:ListEulaAcceptances", + "resource_mappings": { + "eulaAcceptanceId": { + "template": "${eulaIds}[]" + } + } + } + ], + "CognitoIdentity.GetPrincipalTagAttributeMap": [ + { + "action": "cognito-identity:GetPrincipalTagAttributeMap", + "resource_mappings": { + "IdentityPoolId": { + "template": "${IdentityPoolId}" + } + } + } + ], + "CognitoIdentity.SetPrincipalTagAttributeMap": [ + { + "action": "cognito-identity:SetPrincipalTagAttributeMap", + "resource_mappings": {} + } + ], + "OpsWorksCM.ExportServerEngineAttribute": [ + { + "action": "opsworks-cm:ExportServerEngineAttribute", + "resource_mappings": {} + } + ], + "LicenseManager.CreateLicenseManagerReportGenerator": [ + { + "action": "license-manager:CreateLicenseManagerReportGenerator", + "resource_mappings": {} + } + ], + "LicenseManager.DeleteLicenseManagerReportGenerator": [ + { + "action": "license-manager:DeleteLicenseManagerReportGenerator", + "resource_mappings": {}, + "resourcearn_mappings": { + "report-generator": "${LicenseManagerReportGeneratorArn}" + } + } + ], + "LicenseManager.GetLicenseManagerReportGenerator": [ + { + "action": "license-manager:GetLicenseManagerReportGenerator", + "resource_mappings": {}, + "resourcearn_mappings": { + "report-generator": "${LicenseManagerReportGeneratorArn}" + } + } + ], + "LicenseManager.ListLicenseManagerReportGenerators": [ + { + "action": "license-manager:ListLicenseManagerReportGenerators", + "resource_mappings": { + "LicenseConfigurationId": { + "template": "*" + } + } + } + ], + "LicenseManager.UpdateLicenseManagerReportGenerator": [ + { + "action": "license-manager:UpdateLicenseManagerReportGenerator", + "resource_mappings": {}, + "resourcearn_mappings": { + "report-generator": "${LicenseManagerReportGeneratorArn}" + } + } + ], + "MediaPackageVod.UpdatePackagingGroup": [ + { + "action": "mediapackage-vod:UpdatePackagingGroup", + "resource_mappings": { + "PackagingGroupIdentifier": { + "template": "${Id}" + } + } + } + ], + "EC2InstanceConnect.SendSerialConsoleSSHPublicKey": [ + { + "action": "ec2-instance-connect:SendSerialConsoleSSHPublicKey", + "resource_mappings": { + "InstanceId": { + "template": "${InstanceId}" + } + } + } + ], + "ElasticInference.DescribeAcceleratorOfferings": [ + { + "action": "elastic-inference:DescribeAcceleratorOfferings", + "resource_mappings": {} + } + ], + "ElasticInference.DescribeAcceleratorTypes": [ + { + "action": "elastic-inference:DescribeAcceleratorTypes", + "resource_mappings": {} + } + ], + "ElasticInference.DescribeAccelerators": [ + { + "action": "elastic-inference:DescribeAccelerators", + "resource_mappings": {} + } + ], + "ElasticInference.ListTagsForResource": [ + { + "action": "elastic-inference:ListTagsForResource", + "resource_mappings": {} + } + ], + "ElasticInference.TagResource": [ + { + "action": "elastic-inference:TagResource", + "resource_mappings": {} + } + ], + "ElasticInference.UntagResource": [ + { + "action": "elastic-inference:UntagResource", + "resource_mappings": {} + } + ], + "AccessAnalyzer.CancelPolicyGeneration": [ + { + "action": "access-analyzer:CancelPolicyGeneration", + "resource_mappings": {} + } + ], + "AccessAnalyzer.CreateAccessPreview": [ + { + "action": "access-analyzer:CreateAccessPreview", + "resource_mappings": {}, + "resourcearn_mappings": { + "Analyzer": "${analyzerArn}" + } + } + ], + "AccessAnalyzer.GetAccessPreview": [ + { + "action": "access-analyzer:GetAccessPreview", + "resource_mappings": {}, + "resourcearn_mappings": { + "Analyzer": "${analyzerArn}" + } + } + ], + "AccessAnalyzer.GetGeneratedPolicy": [ + { + "action": "access-analyzer:GetGeneratedPolicy", + "resource_mappings": {} + } + ], + "AccessAnalyzer.ListAccessPreviewFindings": [ + { + "action": "access-analyzer:ListAccessPreviewFindings", + "resource_mappings": {}, + "resourcearn_mappings": { + "Analyzer": "${analyzerArn}" + } + } + ], + "AccessAnalyzer.ListAccessPreviews": [ + { + "action": "access-analyzer:ListAccessPreviews", + "resource_mappings": {}, + "resourcearn_mappings": { + "Analyzer": "${analyzerArn}" + } + } + ], + "AccessAnalyzer.ListPolicyGenerations": [ + { + "action": "access-analyzer:ListPolicyGenerations", + "resource_mappings": {} + } + ], + "AccessAnalyzer.StartPolicyGeneration": [ + { + "action": "access-analyzer:StartPolicyGeneration", + "resource_mappings": {} + } + ], + "AccessAnalyzer.ValidatePolicy": [ + { + "action": "access-analyzer:ValidatePolicy", + "resource_mappings": {} + } + ], + "CodeGuruReviewer.AssociateRepository": [ + { + "action": "codeguru-reviewer:AssociateRepository", + "resource_mappings": { + "ResourceId": { + "template": "*" + }, + "RepositoryName": { + "template": "${Repository.CodeCommit.Name}" + } + }, + "resourcearn_mappings": { + "connection": "%%many%${Repository.Bitbucket.ConnectionArn}%${Repository.GitHubEnterpriseServer.ConnectionArn}%%" + } + }, + { + "action": "codecommit:ListRepositories", + "resource_mappings": {} + }, + { + "action": "codecommit:TagResource", + "resource_mappings": { + "RepositoryName": { + "template": "${Repository.CodeCommit.Name}" + } + } + }, + { + "action": "events:PutRule", + "resource_mappings": { + "EventBusName": { + "template": "*" + }, + "RuleName": { + "template": "*" + } + } + }, + { + "action": "events:PutTargets", + "resource_mappings": { + "EventBusName": { + "template": "*" + }, + "RuleName": { + "template": "*" + } + } + }, + { + "action": "iam:CreateServiceLinkedRole", + "resource_mappings": { + "RoleNameWithPath": { + "template": "*" + } + } + }, + { + "action": "s3:CreateBucket", + "resource_mappings": { + "BucketName": { + "template": "*" + } + } + }, + { + "action": "s3:ListBucket", + "resource_mappings": { + "BucketName": { + "template": "*" + } + } + }, + { + "action": "s3:PutBucketPolicy", + "resource_mappings": { + "BucketName": { + "template": "*" + } + } + }, + { + "action": "s3:PutLifecycleConfiguration", + "resource_mappings": { + "BucketName": { + "template": "*" + } + } + } + ], + "CodeGuruReviewer.CreateCodeReview": [ + { + "action": "codeguru-reviewer:CreateCodeReview", + "resource_mappings": {}, + "resourcearn_mappings": { + "association": "${RepositoryAssociationArn}" + } + }, + { + "action": "s3:GetObject", + "resource_mappings": { + "BucketName": { + "template": "*" + }, + "ObjectName": { + "template": "*" + } + } + } + ], + "CodeGuruReviewer.DescribeCodeReview": [ + { + "action": "codeguru-reviewer:DescribeCodeReview", + "resource_mappings": {}, + "resourcearn_mappings": { + "association": "${CodeReviewArn}" + } + } + ], + "CodeGuruReviewer.DescribeRecommendationFeedback": [ + { + "action": "codeguru-reviewer:DescribeRecommendationFeedback", + "resource_mappings": { + "ResourceId": { + "template": "*" + } + } + } + ], + "CodeGuruReviewer.ListRecommendationFeedback": [ + { + "action": "codeguru-reviewer:ListRecommendationFeedback", + "resource_mappings": { + "ResourceId": { + "template": "*" + } + } + } + ], + "CodeGuruReviewer.ListRecommendations": [ + { + "action": "codeguru-reviewer:ListRecommendations", + "resource_mappings": { + "ResourceId": { + "template": "*" + } + } + } + ], + "CodeGuruReviewer.ListTagsForResource": [ + { + "action": "codeguru-reviewer:ListTagsForResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "association": "%%iftruthy%${resourceArn}%%" + } + } + ], + "CodeGuruReviewer.PutRecommendationFeedback": [ + { + "action": "codeguru-reviewer:PutRecommendationFeedback", + "resource_mappings": { + "ResourceId": { + "template": "*" + } + } + } + ], + "CodeGuruReviewer.TagResource": [ + { + "action": "codeguru-reviewer:TagResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "association": "%%iftruthy%${resourceArn}%%" + } + } + ], + "CodeGuruReviewer.UntagResource": [ + { + "action": "codeguru-reviewer:UnTagResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "association": "%%iftruthy%${resourceArn}%%" + } + } + ], + "DevOpsGuru.DescribeFeedback": [ + { + "action": "devops-guru:DescribeFeedback", + "resource_mappings": {} + } + ], + "DevOpsGuru.GetCostEstimation": [ + { + "action": "devops-guru:GetCostEstimation", + "resource_mappings": {} + } + ], + "DevOpsGuru.StartCostEstimation": [ + { + "action": "devops-guru:StartCostEstimation", + "resource_mappings": {} + } + ], + "ECRPUBLIC.ListTagsForResource": [ + { + "action": "ecr-public:ListTagsForResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "repository": "%%iftruthy%${resourceArn}%%" + } + } + ], + "ECRPUBLIC.TagResource": [ + { + "action": "ecr-public:TagResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "repository": "%%iftruthy%${resourceArn}%%" + } + } + ], + "ECRPUBLIC.UntagResource": [ + { + "action": "ecr-public:UntagResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "repository": "%%iftruthy%${resourceArn}%%" + } + } + ], + "EMRcontainers.DeleteManagedEndpoint": [ + { + "action": "emr-containers:DeleteManagedEndpoint", + "resource_mappings": { + "virtualClusterId": { + "template": "${virtualClusterId}" + }, + "endpointId": { + "template": "${id}" + } + } + } + ], + "EMRcontainers.DescribeManagedEndpoint": [ + { + "action": "emr-containers:DescribeManagedEndpoint", + "resource_mappings": { + "virtualClusterId": { + "template": "${virtualClusterId}" + }, + "endpointId": { + "template": "${id}" + } + } + } + ], + "EMRcontainers.ListManagedEndpoints": [ + { + "action": "emr-containers:ListManagedEndpoints", + "resource_mappings": { + "virtualClusterId": { + "template": "${virtualClusterId}" + } + } + } + ], + "EMRcontainers.ListTagsForResource": [ + { + "action": "emr-containers:ListTagsForResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "jobRun": "%%iftruthy%${resourceArn}%%", + "managedEndpoint": "%%iftruthy%${resourceArn}%%", + "virtualCluster": "%%iftruthy%${resourceArn}%%" + } + } + ], + "EMRcontainers.TagResource": [ + { + "action": "emr-containers:TagResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "jobRun": "%%iftruthy%${resourceArn}%%", + "managedEndpoint": "%%iftruthy%${resourceArn}%%", + "virtualCluster": "%%iftruthy%${resourceArn}%%" + } + } + ], + "EMRcontainers.UntagResource": [ + { + "action": "emr-containers:UntagResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "jobRun": "%%iftruthy%${resourceArn}%%", + "managedEndpoint": "%%iftruthy%${resourceArn}%%", + "virtualCluster": "%%iftruthy%${resourceArn}%%" + } + } + ], + "SSMContacts.AcceptPage": [ + { + "action": "ssm-contacts:AcceptPage", + "resource_mappings": { + "ContactAlias": { + "template": "*" + }, + "pageId": { + "template": "${PageId}" + } + } + } + ], + "SSMContacts.ActivateContactChannel": [ + { + "action": "ssm-contacts:ActivateContactChannel", + "resource_mappings": { + "ContactAlias": { + "template": "*" + }, + "ContactChannelId": { + "template": "${ContactChannelId}" + } + } + } + ], + "SSMContacts.CreateContact": [ + { + "action": "ssm-contacts:CreateContact", + "resource_mappings": { + "ContactAlias": { + "template": "${Alias}" + } + } + }, + { + "action": "ssm-contacts:AssociateContact", + "resource_mappings": { + "ContactAlias": { + "template": "${Alias}" + } + } + } + ], + "SSMContacts.CreateContactChannel": [ + { + "action": "ssm-contacts:CreateContactChannel", + "resource_mappings": { + "ContactAlias": { + "template": "*" + } + } + } + ], + "SSMContacts.DeactivateContactChannel": [ + { + "action": "ssm-contacts:DeactivateContactChannel", + "resource_mappings": { + "ContactAlias": { + "template": "*" + }, + "ContactChannelId": { + "template": "${ContactChannelId}" + } + } + } + ], + "SSMContacts.DeleteContact": [ + { + "action": "ssm-contacts:DeleteContact", + "resource_mappings": { + "ContactAlias": { + "template": "*" + } + } + } + ], + "SSMContacts.DeleteContactChannel": [ + { + "action": "ssm-contacts:DeleteContactChannel", + "resource_mappings": { + "ContactAlias": { + "template": "*" + }, + "ContactChannelId": { + "template": "${ContactChannelId}" + } + } + } + ], + "SSMContacts.DescribeEngagement": [ + { + "action": "ssm-contacts:DescribeEngagement", + "resource_mappings": { + "EngagementId": { + "template": "${EngagementId}" + } + } + } + ], + "SSMContacts.DescribePage": [ + { + "action": "ssm-contacts:DescribePage", + "resource_mappings": { + "ContactAlias": { + "template": "*" + }, + "pageId": { + "template": "${PageId}" + } + } + } + ], + "SSMContacts.GetContact": [ + { + "action": "ssm-contacts:GetContact", + "resource_mappings": { + "ContactAlias": { + "template": "*" + } + } + } + ], + "SSMContacts.GetContactChannel": [ + { + "action": "ssm-contacts:GetContactChannel", + "resource_mappings": { + "ContactAlias": { + "template": "*" + }, + "ContactChannelId": { + "template": "${ContactChannelId}" + } + } + } + ], + "SSMContacts.ListContactChannels": [ + { + "action": "ssm-contacts:ListContactChannels", + "resource_mappings": { + "ContactAlias": { + "template": "*" + } + } + } + ], + "SSMContacts.ListContacts": [ + { + "action": "ssm-contacts:ListContacts", + "resource_mappings": {} + } + ], + "SSMContacts.ListEngagements": [ + { + "action": "ssm-contacts:ListEngagements", + "resource_mappings": {} + } + ], + "SSMContacts.ListPageReceipts": [ + { + "action": "ssm-contacts:ListPageReceipts", + "resource_mappings": { + "ContactAlias": { + "template": "*" + }, + "pageId": { + "template": "${PageId}" + } + } + } + ], + "SSMContacts.ListPagesByContact": [ + { + "action": "ssm-contacts:ListPagesByContact", + "resource_mappings": { + "ContactAlias": { + "template": "*" + } + } + } + ], + "SSMContacts.ListPagesByEngagement": [ + { + "action": "ssm-contacts:ListPagesByEngagement", + "resource_mappings": { + "EngagementId": { + "template": "${EngagementId}" + } + } + } + ], + "SSMContacts.PutContactPolicy": [ + { + "action": "ssm-contacts:PutContactPolicy", + "resource_mappings": {}, + "resourcearn_mappings": { + "contact": "${ContactArn}" + } + } + ], + "SSMContacts.SendActivationCode": [ + { + "action": "ssm-contacts:SendActivationCode", + "resource_mappings": { + "ContactAlias": { + "template": "*" + }, + "ContactChannelId": { + "template": "${ContactChannelId}" + } + } + } + ], + "SSMContacts.StartEngagement": [ + { + "action": "ssm-contacts:StartEngagement", + "resource_mappings": { + "ContactAlias": { + "template": "*" + } + } + } + ], + "SSMContacts.StopEngagement": [ + { + "action": "ssm-contacts:StopEngagement", + "resource_mappings": { + "EngagementId": { + "template": "${EngagementId}" + } + } + } + ], + "SSMContacts.UpdateContact": [ + { + "action": "ssm-contacts:UpdateContact", + "resource_mappings": { + "ContactAlias": { + "template": "*" + } + } + }, + { + "action": "ssm-contacts:AssociateContact", + "resource_mappings": { + "ContactAlias": { + "template": "*" + } + } + } + ], + "SSMContacts.UpdateContactChannel": [ + { + "action": "ssm-contacts:UpdateContactChannel", + "resource_mappings": { + "ContactAlias": { + "template": "*" + }, + "ContactChannelId": { + "template": "${ContactChannelId}" + } + } + } + ], + "SSMIncidents.CreateReplicationSet": [ + { + "action": "ssm-incidents:CreateReplicationSet", + "resource_mappings": {} + } + ], + "SSMIncidents.CreateResponsePlan": [ + { + "action": "ssm-incidents:CreateResponsePlan", + "resource_mappings": {} + }, + { + "action": "iam:PassRole", + "resource_mappings": {}, + "resourcearn_mappings": { + "role": "${actions[].ssmAutomation.roleArn}" + } + } + ], + "SSMIncidents.CreateTimelineEvent": [ + { + "action": "ssm-incidents:CreateTimelineEvent", + "resource_mappings": { + "ResponsePlan": { + "template": "*" + } + }, + "resourcearn_mappings": { + "incident-record": "${incidentRecordArn}" + } + } + ], + "SSMIncidents.DeleteIncidentRecord": [ + { + "action": "ssm-incidents:DeleteIncidentRecord", + "resource_mappings": {}, + "resourcearn_mappings": { + "incident-record": "${arn}" + } + } + ], + "SSMIncidents.DeleteReplicationSet": [ + { + "action": "ssm-incidents:DeleteReplicationSet", + "resource_mappings": {}, + "resourcearn_mappings": { + "replication-set": "${arn}" + } + } + ], + "SSMIncidents.DeleteResourcePolicy": [ + { + "action": "ssm-incidents:DeleteResourcePolicy", + "resource_mappings": {}, + "resourcearn_mappings": { + "response-plan": "%%iftruthy%${resourceArn}%%" + } + } + ], + "SSMIncidents.DeleteResponsePlan": [ + { + "action": "ssm-incidents:DeleteResponsePlan", + "resource_mappings": {}, + "resourcearn_mappings": { + "response-plan": "${arn}" + } + } + ], + "SSMIncidents.DeleteTimelineEvent": [ + { + "action": "ssm-incidents:DeleteTimelineEvent", + "resource_mappings": {}, + "resourcearn_mappings": { + "incident-record": "${incidentRecordArn}" + } + } + ], + "SSMIncidents.GetIncidentRecord": [ + { + "action": "ssm-incidents:GetIncidentRecord", + "resource_mappings": { + "ResponsePlan": { + "template": "*" + } + }, + "resourcearn_mappings": { + "incident-record": "${arn}" + } + } + ], + "SSMIncidents.GetReplicationSet": [ + { + "action": "ssm-incidents:GetReplicationSet", + "resource_mappings": {}, + "resourcearn_mappings": { + "replication-set": "${arn}" + } + } + ], + "SSMIncidents.GetResourcePolicies": [ + { + "action": "ssm-incidents:GetResourcePolicies", + "resource_mappings": {}, + "resourcearn_mappings": { + "response-plan": "${resourceArn}" + } + } + ], + "SSMIncidents.GetResponsePlan": [ + { + "action": "ssm-incidents:GetResponsePlan", + "resource_mappings": {}, + "resourcearn_mappings": { + "response-plan": "${arn}" + } + } + ], + "SSMIncidents.GetTimelineEvent": [ + { + "action": "ssm-incidents:GetTimelineEvent", + "resource_mappings": { + "ResponsePlan": { + "template": "*" + } + }, + "resourcearn_mappings": { + "incident-record": "${incidentRecordArn}" + } + } + ], + "SSMIncidents.ListIncidentRecords": [ + { + "action": "ssm-incidents:ListIncidentRecords", + "resource_mappings": {} + } + ], + "SSMIncidents.ListRelatedItems": [ + { + "action": "ssm-incidents:ListRelatedItems", + "resource_mappings": { + "ResponsePlan": { + "template": "*" + } + }, + "resourcearn_mappings": { + "incident-record": "${incidentRecordArn}" + } + } + ], + "SSMIncidents.ListReplicationSets": [ + { + "action": "ssm-incidents:ListReplicationSets", + "resource_mappings": {} + } + ], + "SSMIncidents.ListResponsePlans": [ + { + "action": "ssm-incidents:ListResponsePlans", + "resource_mappings": {} + } + ], + "SSMIncidents.ListTagsForResource": [ + { + "action": "ssm-incidents:ListTagsForResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "response-plan": "%%iftruthy%${resourceArn}%%" + } + } + ], + "SSMIncidents.ListTimelineEvents": [ + { + "action": "ssm-incidents:ListTimelineEvents", + "resource_mappings": { + "ResponsePlan": { + "template": "*" + } + }, + "resourcearn_mappings": { + "incident-record": "${incidentRecordArn}" + } + } + ], + "SSMIncidents.PutResourcePolicy": [ + { + "action": "ssm-incidents:PutResourcePolicy", + "resource_mappings": {}, + "resourcearn_mappings": { + "response-plan": "%%iftruthy%${resourceArn}%%" + } + } + ], + "SSMIncidents.StartIncident": [ + { + "action": "ssm-incidents:StartIncident", + "resource_mappings": {}, + "resourcearn_mappings": { + "response-plan": "${responsePlanArn}" + } + } + ], + "SSMIncidents.TagResource": [ + { + "action": "ssm-incidents:TagResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "response-plan": "%%iftruthy%${resourceArn}%%" + } + } + ], + "SSMIncidents.UntagResource": [ + { + "action": "ssm-incidents:UntagResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "response-plan": "%%iftruthy%${resourceArn}%%" + } + } + ], + "SSMIncidents.UpdateDeletionProtection": [ + { + "action": "ssm-incidents:UpdateDeletionProtection", + "resource_mappings": {}, + "resourcearn_mappings": { + "replication-set": "${arn}" + } + } + ], + "SSMIncidents.UpdateIncidentRecord": [ + { + "action": "ssm-incidents:UpdateIncidentRecord", + "resource_mappings": { + "ResponsePlan": { + "template": "*" + } + }, + "resourcearn_mappings": { + "incident-record": "${arn}" + } + } + ], + "SSMIncidents.UpdateRelatedItems": [ + { + "action": "ssm-incidents:UpdateRelatedItems", + "resource_mappings": { + "ResponsePlan": { + "template": "*" + } + }, + "resourcearn_mappings": { + "incident-record": "${incidentRecordArn}" + } + } + ], + "SSMIncidents.UpdateReplicationSet": [ + { + "action": "ssm-incidents:UpdateReplicationSet", + "resource_mappings": {}, + "resourcearn_mappings": { + "replication-set": "${arn}" + } + } + ], + "SSMIncidents.UpdateResponsePlan": [ + { + "action": "ssm-incidents:UpdateResponsePlan", + "resource_mappings": {}, + "resourcearn_mappings": { + "response-plan": "${arn}" + } + }, + { + "action": "iam:PassRole", + "resource_mappings": {}, + "resourcearn_mappings": { + "role": "${actions[].ssmAutomation.roleArn}" + } + } + ], + "SSMIncidents.UpdateTimelineEvent": [ + { + "action": "ssm-incidents:UpdateTimelineEvent", + "resource_mappings": { + "ResponsePlan": { + "template": "*" + } + }, + "resourcearn_mappings": { + "incident-record": "${incidentRecordArn}" + } + } + ], + "ApplicationCostProfiler.DeleteReportDefinition": [ + { + "action": "application-cost-profiler:DeleteReportDefinition", + "resource_mappings": {} + } + ], + "ApplicationCostProfiler.GetReportDefinition": [ + { + "action": "application-cost-profiler:GetReportDefinition", + "resource_mappings": {} + } + ], + "ApplicationCostProfiler.ImportApplicationUsage": [ + { + "action": "application-cost-profiler:ImportApplicationUsage", + "resource_mappings": {} + } + ], + "ApplicationCostProfiler.ListReportDefinitions": [ + { + "action": "application-cost-profiler:ListReportDefinitions", + "resource_mappings": {} + } + ], + "ApplicationCostProfiler.PutReportDefinition": [ + { + "action": "application-cost-profiler:PutReportDefinition", + "resource_mappings": {} + } + ], + "ApplicationCostProfiler.UpdateReportDefinition": [ + { + "action": "application-cost-profiler:UpdateReportDefinition", + "resource_mappings": {} + } + ], + "SSMContacts.GetContactPolicy": [ + { + "action": "ssm-contacts:GetContactPolicy", + "undocumented": true + } + ], + "SSMContacts.ListTagsForResource": [ + { + "action": "ssm-contacts:ListTagsForResource", + "undocumented": true + } + ], + "SSMContacts.TagResource": [ + { + "action": "ssm-contacts:TagResource", + "undocumented": true + } + ], + "SSMContacts.UntagResource": [ + { + "action": "ssm-contacts:UntagResource", + "undocumented": true + } + ], + "Finspace.CreateEnvironment": [ + { + "action": "finspace:CreateEnvironment", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:finspace:${Region}:${Account}:environment/*" + } + } + ], + "Finspace.DeleteEnvironment": [ + { + "action": "finspace:DeleteEnvironment", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:finspace:${Region}:${Account}:environment/${environmentId}" + } + } + ], + "Finspace.GetEnvironment": [ + { + "action": "finspace:GetEnvironment", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:finspace:${Region}:${Account}:environment/${environmentId}" + } + } + ], + "Finspace.ListEnvironments": [ + { + "action": "finspace:ListEnvironments", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:finspace:${Region}:${Account}:environment/*" + } + } + ], + "Finspace.ListTagsForResource": [ + { + "action": "finspace:ListTagsForResource", + "undocumented": true + } + ], + "Finspace.TagResource": [ + { + "action": "finspace:TagResource", + "undocumented": true + } + ], + "Finspace.UntagResource": [ + { + "action": "finspace:UntagResource", + "undocumented": true + } + ], + "Finspace.UpdateEnvironment": [ + { + "action": "finspace:UpdateEnvironment", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:finspace:${Region}:${Account}:environment/${environmentId}" + } + } + ], + "LakeFormation.AddLFTagsToResource": [ + { + "action": "lakeformation:AddLFTagsToResource", + "undocumented": true + } + ], + "LakeFormation.CreateLFTag": [ + { + "action": "lakeformation:CreateLFTag", + "undocumented": true + } + ], + "LakeFormation.DeleteLFTag": [ + { + "action": "lakeformation:DeleteLFTag", + "undocumented": true + } + ], + "LakeFormation.GetLFTag": [ + { + "action": "lakeformation:GetLFTag", + "undocumented": true + } + ], + "LakeFormation.GetResourceLFTags": [ + { + "action": "lakeformation:GetResourceLFTags", + "undocumented": true + } + ], + "LakeFormation.ListLFTags": [ + { + "action": "lakeformation:ListLFTags", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:lakeformation:${Region}:${Account}:catalog:${Account}" + } + } + ], + "LakeFormation.RemoveLFTagsFromResource": [ + { + "action": "lakeformation:RemoveLFTagsFromResource", + "undocumented": true + } + ], + "LakeFormation.SearchDatabasesByLFTags": [ + { + "action": "lakeformation:SearchDatabasesByLFTags", + "undocumented": true + } + ], + "LakeFormation.SearchTablesByLFTags": [ + { + "action": "lakeformation:SearchTablesByLFTags", + "undocumented": true + } + ], + "LakeFormation.UpdateLFTag": [ + { + "action": "lakeformation:UpdateLFTag", + "undocumented": true + } + ], + "Personalize.CreateDatasetExportJob": [ + { + "action": "personalize:CreateDatasetExportJob", + "undocumented": true + } + ], + "Personalize.DescribeDatasetExportJob": [ + { + "action": "personalize:DescribeDatasetExportJob", + "undocumented": true + } + ], + "Personalize.ListDatasetExportJobs": [ + { + "action": "personalize:ListDatasetExportJobs", + "undocumented": true + } + ], + "Personalize.StopSolutionVersionCreation": [ + { + "action": "personalize:StopSolutionVersionCreation", + "undocumented": true + } + ], + "Transfer.CreateAccess": [ + { + "action": "transfer:CreateAccess", + "undocumented": true + } + ], + "Transfer.DeleteAccess": [ + { + "action": "transfer:DeleteAccess", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:transfer:${Region}:${Account}:server/${ServerId}" + } + } + ], + "Transfer.DescribeAccess": [ + { + "action": "transfer:DescribeAccess", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:transfer:${Region}:${Account}:server/${ServerId}" + } + } + ], + "Transfer.ListAccesses": [ + { + "action": "transfer:ListAccesses", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:transfer:${Region}:${Account}:server/${ServerId}" + } + } + ], + "Transfer.UpdateAccess": [ + { + "action": "transfer:UpdateAccess", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:transfer:${Region}:${Account}:server/${ServerId}" + } + } + ], + "MediaTailor.CreateChannel": [ + { + "action": "mediatailor:CreateChannel", + "undocumented": true + } + ], + "MediaTailor.CreateProgram": [ + { + "action": "mediatailor:CreateProgram", + "undocumented": true + } + ], + "MediaTailor.CreateSourceLocation": [ + { + "action": "mediatailor:CreateSourceLocation", + "undocumented": true + } + ], + "MediaTailor.CreateVodSource": [ + { + "action": "mediatailor:CreateVodSource", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:mediatailor:${Region}:${Account}:vodSource/${SourceLocationName}/${VodSourceName}" + } + } + ], + "MediaTailor.DeleteChannel": [ + { + "action": "mediatailor:DeleteChannel", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:mediatailor:${Region}:${Account}:channel/${ChannelName}" + } + } + ], + "MediaTailor.DeleteChannelPolicy": [ + { + "action": "mediatailor:DeleteChannelPolicy", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:mediatailor:${Region}:${Account}:channel/${ChannelName}" + } + } + ], + "MediaTailor.DeleteProgram": [ + { + "action": "mediatailor:DeleteProgram", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:mediatailor:${Region}:${Account}:program/${ChannelName}/${ProgramName}" + } + } + ], + "MediaTailor.DeleteSourceLocation": [ + { + "action": "mediatailor:DeleteSourceLocation", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:mediatailor:${Region}:${Account}:sourceLocation/${SourceLocationName}" + } + } + ], + "MediaTailor.DeleteVodSource": [ + { + "action": "mediatailor:DeleteVodSource", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:mediatailor:${Region}:${Account}:vodSource/${SourceLocationName}/${VodSourceName}" + } + } + ], + "MediaTailor.DescribeChannel": [ + { + "action": "mediatailor:DescribeChannel", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:mediatailor:${Region}:${Account}:channel/${ChannelName}" + } + } + ], + "MediaTailor.DescribeProgram": [ + { + "action": "mediatailor:DescribeProgram", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:mediatailor:${Region}:${Account}:program/${ChannelName}/${ProgramName}" + } + } + ], + "MediaTailor.DescribeSourceLocation": [ + { + "action": "mediatailor:DescribeSourceLocation", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:mediatailor:${Region}:${Account}:sourceLocation/${SourceLocationName}" + } + } + ], + "MediaTailor.DescribeVodSource": [ + { + "action": "mediatailor:DescribeVodSource", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:mediatailor:${Region}:${Account}:vodSource/${SourceLocationName}/${VodSourceName}" + } + } + ], + "MediaTailor.GetChannelPolicy": [ + { + "action": "mediatailor:GetChannelPolicy", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:mediatailor:${Region}:${Account}:channel/${ChannelName}" + } + } + ], + "MediaTailor.GetChannelSchedule": [ + { + "action": "mediatailor:GetChannelSchedule", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:mediatailor:${Region}:${Account}:channel/${ChannelName}" + } + } + ], + "MediaTailor.ListChannels": [ + { + "action": "mediatailor:ListChannels", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:mediatailor:${Region}:${Account}:channel/*" + } + } + ], + "MediaTailor.ListSourceLocations": [ + { + "action": "mediatailor:ListSourceLocations", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:mediatailor:${Region}:${Account}:sourceLocation/*" + } + } + ], + "MediaTailor.ListVodSources": [ + { + "action": "mediatailor:ListVodSources", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:mediatailor:${Region}:${Account}:vodSource/${SourceLocationName}/*" + } + } + ], + "MediaTailor.PutChannelPolicy": [ + { + "action": "mediatailor:PutChannelPolicy", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:mediatailor:${Region}:${Account}:channel/${ChannelName}" + } + } + ], + "MediaTailor.StartChannel": [ + { + "action": "mediatailor:StartChannel", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:mediatailor:${Region}:${Account}:channel/${ChannelName}" + } + } + ], + "MediaTailor.StopChannel": [ + { + "action": "mediatailor:StopChannel", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:mediatailor:${Region}:${Account}:channel/${ChannelName}" + } + } + ], + "MediaTailor.UpdateChannel": [ + { + "action": "mediatailor:UpdateChannel", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:mediatailor:${Region}:${Account}:channel/${ChannelName}" + } + } + ], + "MediaTailor.UpdateSourceLocation": [ + { + "action": "mediatailor:UpdateSourceLocation", + "undocumented": true + } + ], + "MediaTailor.UpdateVodSource": [ + { + "action": "mediatailor:UpdateVodSource", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:mediatailor:${Region}:${Account}:vodSource/${SourceLocationName}/${VodSourceName}" + } + } + ], + "Finspacedata.CreateChangeset": [ + { + "action": "finspace-api:CreateChangeset", + "undocumented": true + } + ], + "Finspacedata.GetProgrammaticAccessCredentials": [ + { + "action": "finspace-api:GetProgrammaticAccessCredentials", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:finspace-api:${Region}:${Account}:/credentials/programmatic" + } + } + ], + "Finspacedata.GetWorkingLocation": [ + { + "action": "finspace-api:GetWorkingLocation", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:finspace-api:${Region}:${Account}:/workingLocationV1" + } + } + ], + "Snowball.CreateLongTermPricing": [ + { + "action": "snowball:CreateLongTermPricing", + "undocumented": true + } + ], + "Snowball.ListLongTermPricing": [ + { + "action": "snowball:ListLongTermPricing", + "undocumented": true + } + ], + "Snowball.UpdateLongTermPricing": [ + { + "action": "snowball:UpdateLongTermPricing", + "undocumented": true + } + ], + "CloudFront.CreateFunction": [ + { + "action": "cloudfront:CreateFunction", + "resource_mappings": {} + } + ], + "CloudFront.DeleteFunction": [ + { + "action": "cloudfront:DeleteFunction", + "resource_mappings": {} + } + ], + "CloudFront.DescribeFunction": [ + { + "action": "cloudfront:DescribeFunction", + "resource_mappings": {} + } + ], + "CloudFront.GetFunction": [ + { + "action": "cloudfront:GetFunction", + "resource_mappings": {} + } + ], + "CloudFront.ListFunctions": [ + { + "action": "cloudfront:ListFunctions", + "resource_mappings": {} + } + ], + "CloudFront.PublishFunction": [ + { + "action": "cloudfront:PublishFunction", + "resource_mappings": {} + } + ], + "CloudFront.TestFunction": [ + { + "action": "cloudfront:TestFunction", + "resource_mappings": {} + } + ], + "CloudFront.UpdateFunction": [ + { + "action": "cloudfront:UpdateFunction", + "resource_mappings": {} + } + ], + "Redshift.AddPartner": [ + { + "action": "redshift:AddPartner", + "undocumented": true, + "arn_override": { + "template": "*" + } + } + ], + "Redshift.AuthorizeEndpointAccess": [ + { + "action": "redshift:AuthorizeEndpointAccess", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:redshift:${Region}:${Account}:cluster:*" + } + } + ], + "Redshift.CreateEndpointAccess": [ + { + "action": "redshift:CreateEndpointAccess", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:redshift:${Region}:${Account}:managedvpcendpoint:${EndpointName}" + } + } + ], + "Redshift.DeleteEndpointAccess": [ + { + "action": "redshift:DeleteEndpointAccess", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:redshift:${Region}:${Account}:managedvpcendpoint:${EndpointName}" + } + } + ], + "Redshift.DeletePartner": [ + { + "action": "redshift:DeletePartner", + "undocumented": true, + "arn_override": { + "template": "*" + } + } + ], + "Redshift.DescribeEndpointAccess": [ + { + "action": "redshift:DescribeEndpointAccess", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:redshift:${Region}:${Account}:managedvpcendpoint:*" + } + } + ], + "Redshift.DescribeEndpointAuthorization": [ + { + "action": "redshift:DescribeEndpointAuthorization", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:redshift:${Region}:${Account}:cluster:*" + } + } + ], + "Redshift.DescribePartners": [ + { + "action": "redshift:DescribePartners", + "undocumented": true, + "arn_override": { + "template": "*" + } + } + ], + "Redshift.ModifyEndpointAccess": [ + { + "action": "redshift:ModifyEndpointAccess", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:redshift:${Region}:${Account}:managedvpcendpoint:${EndpointName}" + } + } + ], + "Redshift.RevokeEndpointAccess": [ + { + "action": "redshift:RevokeEndpointAccess", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:redshift:${Region}:${Account}:cluster:*" + } + } + ], + "Redshift.UpdatePartnerStatus": [ + { + "action": "redshift:UpdatePartnerStatus", + "undocumented": true, + "arn_override": { + "template": "*" + } + } + ], + "KMS.ReplicateKey": [ + { + "action": "kms:ReplicateKey", + "resource_mappings": { + "KeyId": { + "template": "${KeyId}" + } + } + }, + { + "action": "kms:CreateKey", + "resource_mappings": {} + } + ], + "KMS.UpdatePrimaryRegion": [ + { + "action": "kms:UpdatePrimaryRegion", + "resource_mappings": { + "KeyId": { + "template": "${KeyId}" + } + } + } + ], + "SNS.CreateSMSSandboxPhoneNumber": [ + { + "action": "sns:CreateSMSSandboxPhoneNumber", + "resource_mappings": {} + } + ], + "SNS.DeleteSMSSandboxPhoneNumber": [ + { + "action": "sns:DeleteSMSSandboxPhoneNumber", + "resource_mappings": {} + } + ], + "SNS.GetSMSSandboxAccountStatus": [ + { + "action": "sns:GetSMSSandboxAccountStatus", + "resource_mappings": {} + } + ], + "SNS.ListOriginationNumbers": [ + { + "action": "sns:ListOriginationNumbers", + "resource_mappings": {} + } + ], + "SNS.ListSMSSandboxPhoneNumbers": [ + { + "action": "sns:ListSMSSandboxPhoneNumbers", + "resource_mappings": {} + } + ], + "SNS.VerifySMSSandboxPhoneNumber": [ + { + "action": "sns:VerifySMSSandboxPhoneNumber", + "resource_mappings": {} + } + ], + "Connect.AssociateBot": [ + { + "action": "connect:AssociateBot", + "resource_mappings": { + "InstanceId": { + "template": "${InstanceId}" + } + } + }, + { + "action": "iam:AttachRolePolicy", + "resource_mappings": { + "RoleNameWithPath": { + "template": "*" + } + } + }, + { + "action": "iam:CreateServiceLinkedRole", + "resource_mappings": { + "RoleNameWithPath": { + "template": "*" + } + } + }, + { + "action": "iam:PutRolePolicy", + "resource_mappings": { + "RoleNameWithPath": { + "template": "*" + } + } + }, + { + "action": "lex:DeleteResourcePolicy", + "resource_mappings": { + "BotId": { + "template": "" + }, + "BotAliasId": { + "template": "" + } + } + }, + { + "action": "lex:DescribeBotAlias", + "resource_mappings": { + "BotId": { + "template": "" + }, + "BotAliasId": { + "template": "" + } + } + }, + { + "action": "lex:GetBot", + "resource_mappings": { + "BotName": { + "template": "*" + }, + "BotVersion": { + "template": "*" + } + }, + "resourcearn_mappings": { + "bot alias": "${LexV2Bot.AliasArn}" + } + }, + { + "action": "lex:UpdateResourcePolicy", + "resource_mappings": { + "BotId": { + "template": "*" + }, + "BotAliasId": { + "template": "*" + } + } + } + ], + "Connect.DisassociateBot": [ + { + "action": "connect:DisassociateBot", + "resource_mappings": { + "InstanceId": { + "template": "${InstanceId}" + } + } + }, + { + "action": "iam:AttachRolePolicy", + "resource_mappings": { + "RoleNameWithPath": { + "template": "*" + } + } + }, + { + "action": "iam:CreateServiceLinkedRole", + "resource_mappings": { + "RoleNameWithPath": { + "template": "*" + } + } + }, + { + "action": "iam:PutRolePolicy", + "resource_mappings": { + "RoleNameWithPath": { + "template": "*" + } + } + }, + { + "action": "lex:DeleteResourcePolicy", + "resource_mappings": { + "BotId": { + "template": "*" + } + }, + "resourcearn_mappings": { + "bot alias": "${LexV2Bot.AliasArn}" + } + }, + { + "action": "lex:UpdateResourcePolicy", + "resource_mappings": { + "BotId": { + "template": "*" + }, + "BotAliasId": { + "template": "*" + } + } + } + ], + "Connect.ListBots": [ + { + "action": "connect:ListBots", + "resource_mappings": { + "InstanceId": { + "template": "${InstanceId}" + } + } + } + ], + "PI.GetDimensionKeyDetails": [ + { + "action": "pi:GetDimensionKeyDetails", + "resource_mappings": { + "ServiceType": { + "template": "${ServiceType}" + }, + "Identifier": { + "template": "${Identifier}" + } + } + } + ], + "Chime.BatchCreateChannelMembership": [ + { + "action": "chime:BatchCreateChannelMembership", + "resource_mappings": {}, + "resourcearn_mappings": { + "app-instance-user": "${MemberArns}[]", + "channel": "${ChannelArn}" + } + } + ], + "Macie2.DisassociateFromAdministratorAccount": [ + { + "action": "macie2:DisassociateFromAdministratorAccount", + "resource_mappings": {} + } + ], + "Macie2.GetAdministratorAccount": [ + { + "action": "macie2:GetAdministratorAccount", + "resource_mappings": {} + } + ], + "Macie2.GetFindingsPublicationConfiguration": [ + { + "action": "macie2:GetFindingsPublicationConfiguration", + "resource_mappings": {} + } + ], + "Macie2.PutFindingsPublicationConfiguration": [ + { + "action": "macie2:PutFindingsPublicationConfiguration", + "resource_mappings": {} + } + ], + "Macie2.SearchResources": [ + { + "action": "macie2:SearchResources", + "resource_mappings": {} + } + ], + "IoTWireless.GetLogLevelsByResourceTypes": [ + { + "action": "iotwireless:GetLogLevelsByResourceTypes", + "resource_mappings": {} + } + ], + "IoTWireless.GetResourceLogLevel": [ + { + "action": "iotwireless:GetResourceLogLevel", + "resource_mappings": { + "WirelessDeviceId": { + "template": "*" + }, + "WirelessGatewayId": { + "template": "*" + } + } + } + ], + "IoTWireless.PutResourceLogLevel": [ + { + "action": "iotwireless:PutResourceLogLevel", + "resource_mappings": { + "WirelessDeviceId": { + "template": "*" + }, + "WirelessGatewayId": { + "template": "*" + } + } + } + ], + "IoTWireless.ResetAllResourceLogLevels": [ + { + "action": "iotwireless:ResetAllResourceLogLevels", + "resource_mappings": {} + } + ], + "IoTWireless.ResetResourceLogLevel": [ + { + "action": "iotwireless:ResetResourceLogLevel", + "resource_mappings": { + "WirelessDeviceId": { + "template": "*" + }, + "WirelessGatewayId": { + "template": "*" + } + } + } + ], + "IoTWireless.UpdateLogLevelsByResourceTypes": [ + { + "action": "iotwireless:UpdateLogLevelsByResourceTypes", + "resource_mappings": {} + } + ], + "Proton.CreateEnvironment": [ + { + "action": "proton:CreateEnvironment", + "resource_mappings": { + "EnvironmentName": { + "template": "${name}" + } + } + }, + { + "action": "iam:PassRole", + "resource_mappings": {}, + "resourcearn_mappings": { + "role": "${protonServiceRoleArn}" + } + } + ], + "Proton.CreateEnvironmentTemplate": [ + { + "action": "proton:CreateEnvironmentTemplate", + "resource_mappings": { + "TemplateName": { + "template": "${name}" + } + } + } + ], + "Proton.CreateService": [ + { + "action": "proton:CreateService", + "resource_mappings": { + "ServiceName": { + "template": "${name}" + } + } + }, + { + "action": "codestar-connections:PassConnection", + "resource_mappings": {}, + "resourcearn_mappings": { + "Connection": "${repositoryConnectionArn}" + } + } + ], + "Proton.CreateServiceTemplate": [ + { + "action": "proton:CreateServiceTemplate", + "resource_mappings": { + "TemplateName": { + "template": "${name}" + } + } + } + ], + "Proton.DeleteEnvironment": [ + { + "action": "proton:DeleteEnvironment", + "resource_mappings": { + "EnvironmentName": { + "template": "${name}" + } + } + } + ], + "Proton.DeleteEnvironmentTemplate": [ + { + "action": "proton:DeleteEnvironmentTemplate", + "resource_mappings": { + "TemplateName": { + "template": "${name}" + } + } + } + ], + "Proton.DeleteService": [ + { + "action": "proton:DeleteService", + "resource_mappings": { + "ServiceName": { + "template": "${name}" + } + } + } + ], + "Proton.DeleteServiceTemplate": [ + { + "action": "proton:DeleteServiceTemplate", + "resource_mappings": { + "TemplateName": { + "template": "${name}" + } + } + } + ], + "Proton.GetEnvironment": [ + { + "action": "proton:GetEnvironment", + "resource_mappings": { + "EnvironmentName": { + "template": "${name}" + } + } + } + ], + "Proton.GetEnvironmentTemplate": [ + { + "action": "proton:GetEnvironmentTemplate", + "resource_mappings": { + "TemplateName": { + "template": "${name}" + } + } + } + ], + "Proton.GetService": [ + { + "action": "proton:GetService", + "resource_mappings": { + "ServiceName": { + "template": "${name}" + } + } + } + ], + "Proton.GetServiceInstance": [ + { + "action": "proton:GetServiceInstance", + "resource_mappings": { + "ServiceName": { + "template": "${serviceName}" + }, + "ServiceInstanceName": { + "template": "${name}" + } + } + } + ], + "Proton.GetServiceTemplate": [ + { + "action": "proton:GetServiceTemplate", + "resource_mappings": { + "TemplateName": { + "template": "${name}" + } + } + } + ], + "Proton.ListEnvironmentTemplates": [ + { + "action": "proton:ListEnvironmentTemplates", + "resource_mappings": {} + } + ], + "Proton.ListEnvironments": [ + { + "action": "proton:ListEnvironments", + "resource_mappings": {} + } + ], + "Proton.ListServiceInstances": [ + { + "action": "proton:ListServiceInstances", + "resource_mappings": {} + } + ], + "Proton.ListServiceTemplates": [ + { + "action": "proton:ListServiceTemplates", + "resource_mappings": {} + } + ], + "Proton.ListServices": [ + { + "action": "proton:ListServices", + "resource_mappings": {} + } + ], + "Proton.ListTagsForResource": [ + { + "action": "proton:ListTagsForResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "environment": "%%iftemplatematch%${resourceArn}%%", + "environment-template": "%%iftemplatematch%${resourceArn}%%", + "environment-template-major-version": "%%iftemplatematch%${resourceArn}%%", + "environment-template-minor-version": "%%iftemplatematch%${resourceArn}%%", + "service": "%%iftemplatematch%${resourceArn}%%", + "service-instance": "%%iftemplatematch%${resourceArn}%%", + "service-template": "%%iftemplatematch%${resourceArn}%%", + "service-template-major-version": "%%iftemplatematch%${resourceArn}%%", + "service-template-minor-version": "%%iftemplatematch%${resourceArn}%%" + } + } + ], + "Proton.TagResource": [ + { + "action": "proton:TagResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "environment": "%%iftemplatematch%${resourceArn}%%", + "environment-template": "%%iftemplatematch%${resourceArn}%%", + "environment-template-major-version": "%%iftemplatematch%${resourceArn}%%", + "environment-template-minor-version": "%%iftemplatematch%${resourceArn}%%", + "service": "%%iftemplatematch%${resourceArn}%%", + "service-instance": "%%iftemplatematch%${resourceArn}%%", + "service-template": "%%iftemplatematch%${resourceArn}%%", + "service-template-major-version": "%%iftemplatematch%${resourceArn}%%", + "service-template-minor-version": "%%iftemplatematch%${resourceArn}%%" + } + } + ], + "Proton.UntagResource": [ + { + "action": "proton:UntagResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "environment": "%%iftemplatematch%${resourceArn}%%", + "environment-template": "%%iftemplatematch%${resourceArn}%%", + "environment-template-major-version": "%%iftemplatematch%${resourceArn}%%", + "environment-template-minor-version": "%%iftemplatematch%${resourceArn}%%", + "service": "%%iftemplatematch%${resourceArn}%%", + "service-instance": "%%iftemplatematch%${resourceArn}%%", + "service-template": "%%iftemplatematch%${resourceArn}%%", + "service-template-major-version": "%%iftemplatematch%${resourceArn}%%", + "service-template-minor-version": "%%iftemplatematch%${resourceArn}%%" + } + } + ], + "Proton.UpdateEnvironment": [ + { + "action": "proton:UpdateEnvironment", + "resource_mappings": { + "EnvironmentName": { + "template": "${name}" + } + } + }, + { + "action": "iam:PassRole", + "resource_mappings": {}, + "resourcearn_mappings": { + "role": "${protonServiceRoleArn}" + } + } + ], + "Proton.UpdateEnvironmentTemplate": [ + { + "action": "proton:UpdateEnvironmentTemplate", + "resource_mappings": { + "TemplateName": { + "template": "${name}" + } + } + } + ], + "Proton.UpdateService": [ + { + "action": "proton:UpdateService", + "resource_mappings": { + "ServiceName": { + "template": "${name}" + } + } + } + ], + "Proton.UpdateServiceInstance": [ + { + "action": "proton:UpdateServiceInstance", + "resource_mappings": { + "ServiceName": { + "template": "${serviceName}" + }, + "ServiceInstanceName": { + "template": "${name}" + } + } + } + ], + "Proton.UpdateServicePipeline": [ + { + "action": "proton:UpdateServicePipeline", + "resource_mappings": { + "ServiceName": { + "template": "${serviceName}" + } + } + } + ], + "Proton.UpdateServiceTemplate": [ + { + "action": "proton:UpdateServiceTemplate", + "resource_mappings": { + "TemplateName": { + "template": "${name}" + } + } + } + ], + "EC2.CreateReplaceRootVolumeTask": [ + { + "action": "ec2:CreateReplaceRootVolumeTask", + "resource_mappings": { + "InstanceId": { + "template": "${InstanceId}" + }, + "SnapshotId": { + "template": "${SnapshotId}" + } + } + } + ], + "EC2.CreateRestoreImageTask": [ + { + "action": "ec2:CreateRestoreImageTask", + "resource_mappings": { + "ImageId": { + "template": "*" + } + } + } + ], + "EC2.CreateStoreImageTask": [ + { + "action": "ec2:CreateStoreImageTask", + "resource_mappings": { + "ImageId": { + "template": "${ImageId}" + } + } + } + ], + "EC2.DescribeReplaceRootVolumeTasks": [ + { + "action": "ec2:DescribeReplaceRootVolumeTasks", + "resource_mappings": {} + } + ], + "EC2.DescribeStoreImageTasks": [ + { + "action": "ec2:DescribeStoreImageTasks", + "resource_mappings": {} + } + ], + "EC2.GetFlowLogsIntegrationTemplate": [ + { + "action": "ec2:GetFlowLogsIntegrationTemplate", + "resource_mappings": { + "VpcFlowLogId": { + "template": "${FlowLogId}" + } + } + } + ], + "Chime.UpdateSipMediaApplicationCall": [ + { + "action": "chime:UpdateSipMediaApplicationCall", + "resource_mappings": {} + } + ], + "EC2.DisableImageDeprecation": [ + { + "action": "ec2:DisableImageDeprecation", + "resource_mappings": { + "ImageId": { + "template": "${ImageId}" + } + } + } + ], + "EC2.EnableImageDeprecation": [ + { + "action": "ec2:EnableImageDeprecation", + "resource_mappings": { + "ImageId": { + "template": "${ImageId}" + } + } + } + ], + "Chime.CreateMediaCapturePipeline": [ + { + "action": "chime:CreateMediaCapturePipeline", + "resource_mappings": {} + } + ], + "Chime.DeleteMediaCapturePipeline": [ + { + "action": "chime:DeleteMediaCapturePipeline", + "resource_mappings": {} + } + ], + "Chime.GetMediaCapturePipeline": [ + { + "action": "chime:GetMediaCapturePipeline", + "resource_mappings": {} + } + ], + "Chime.ListMediaCapturePipelines": [ + { + "action": "chime:ListMediaCapturePipelines", + "resource_mappings": {} + } + ], + "MediaConnect.AddFlowMediaStreams": [ + { + "action": "mediaconnect:AddFlowMediaStreams", + "resource_mappings": {} + } + ], + "MediaConnect.RemoveFlowMediaStream": [ + { + "action": "mediaconnect:RemoveFlowMediaStream", + "resource_mappings": {} + } + ], + "MediaConnect.UpdateFlowMediaStream": [ + { + "action": "mediaconnect:UpdateFlowMediaStream", + "resource_mappings": {} + } + ], + "ComputeOptimizer.ExportEBSVolumeRecommendations": [ + { + "action": "compute-optimizer:ExportEBSVolumeRecommendations", + "resource_mappings": {} + }, + { + "action": "compute-optimizer:GetEBSVolumeRecommendations", + "resource_mappings": {} + }, + { + "action": "ec2:DescribeVolumes", + "resource_mappings": {} + } + ], + "AppStream.CreateUpdatedImage": [ + { + "action": "appstream:CreateUpdatedImage", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:appstream:${Region}:${Account}:image/${existingImageName}" + } + } + ], + "CloudFormation.DeactivateType": [ + { + "action": "cloudformation:DeactivateType", + "undocumented": true + } + ], + "CloudFormation.DescribePublisher": [ + { + "action": "cloudformation:DescribePublisher", + "undocumented": true + } + ], + "CloudFormation.PublishType": [ + { + "action": "cloudformation:PublishType", + "undocumented": true + } + ], + "CloudFormation.RegisterPublisher": [ + { + "action": "cloudformation:RegisterPublisher", + "undocumented": true + } + ], + "CloudFormation.SetTypeConfiguration": [ + { + "action": "cloudformation:SetTypeConfiguration", + "undocumented": true + } + ], + "CloudFormation.TestType": [ + { + "action": "cloudformation:TestType", + "undocumented": true + } + ], + "CloudFront.AssociateAlias": [ + { + "action": "cloudfront:AssociateAlias", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:cloudfront::${Account}:distribution/${TargetDistributionId}" + } + } + ], + "CloudFront.ListConflictingAliases": [ + { + "action": "cloudfront:ListConflictingAliases", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:cloudfront::${Account}:distribution/${DistributionId}" + } + } + ], + "DirectConnect.AssociateMacSecKey": [ + { + "action": "directconnect:AssociateMacSecKey", + "undocumented": true + } + ], + "DirectConnect.DisassociateMacSecKey": [ + { + "action": "directconnect:DisassociateMacSecKey", + "undocumented": true + } + ], + "DirectConnect.UpdateConnection": [ + { + "action": "directconnect:UpdateConnection", + "undocumented": true + } + ], + "DMS.DescribeEndpointSettings": [ + { + "action": "dms:DescribeEndpointSettings", + "undocumented": true + } + ], + "DMS.DescribePendingMaintenanceActions": [ + { + "action": "dms:DescribePendingMaintenanceActions", + "undocumented": true + } + ], + "ES.DescribeDomainAutoTunes": [ + { + "action": "es:DescribeDomainAutoTunes", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:es:${Region}:${Account}:domain/${DomainName}" + } + } + ], + "MediaLive.CreatePartnerInput": [ + { + "action": "medialive:CreatePartnerInput", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:medialive:${Region}:${Account}:input:${InputId}" + } + } + ], + "MediaTailor.ListAlerts": [ + { + "action": "mediatailor:ListAlerts", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:mediatailor:${Region}:${Account}:alerts/*" + } + } + ], + "KinesisAnalyticsV2.ListApplicationVersions": [ + { + "action": "kinesisanalytics:ListApplicationVersions", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:kinesisanalytics:${Region}:${Account}:application/${ApplicationName}" + } + } + ], + "IoTEvents.DescribeDetectorModelAnalysis": [ + { + "action": "iotevents:DescribeDetectorModelAnalysis", + "undocumented": true, + "arn_override": { + "template": "*" + } + } + ], + "IoTEvents.GetDetectorModelAnalysisResults": [ + { + "action": "iotevents:GetDetectorModelAnalysisResults", + "undocumented": true, + "arn_override": { + "template": "*" + } + } + ], + "IoTSiteWise.DescribeStorageConfiguration": [ + { + "action": "iotsitewise:DescribeStorageConfiguration", + "undocumented": true, + "arn_override": { + "template": "*" + } + } + ], + "AmplifyBackend.ImportBackendAuth": [ + { + "action": "amplifybackend:ImportBackendAuth", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:amplifybackend:${Region}:${Account}:/backend/${AppId}/auth/${BackendEnvironmentName}/import/*" + } + } + ], + "CustomerProfiles.GetMatches": [ + { + "action": "profile:GetMatches", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:profile:${Region}:${Account}:/domains/${DomainName}/matches" + } + } + ], + "GreengrassV2.BatchAssociateClientDeviceWithCoreDevice": [ + { + "action": "greengrass:BatchAssociateClientDeviceWithCoreDevice", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/v2/coreDevices/${coreDeviceThingName}/associateClientDevices" + } + } + ], + "GreengrassV2.BatchDisassociateClientDeviceFromCoreDevice": [ + { + "action": "greengrass:BatchDisassociateClientDeviceFromCoreDevice", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/v2/coreDevices/${coreDeviceThingName}/disassociateClientDevices" + } + } + ], + "GreengrassV2.ListClientDevicesAssociatedWithCoreDevice": [ + { + "action": "greengrass:ListClientDevicesAssociatedWithCoreDevice", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/v2/coreDevices/${coreDeviceThingName}/associatedClientDevices" + } + } + ], + "Proton.CancelEnvironmentDeployment": [ + { + "action": "proton:CancelEnvironmentDeployment", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:proton:${Region}:${Account}:environment/${environmentName}" + } + } + ], + "Proton.CancelServiceInstanceDeployment": [ + { + "action": "proton:CancelServiceInstanceDeployment", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:proton:${Region}:${Account}:service/${serviceName}/service-instance/${serviceInstanceName}" + } + } + ], + "Proton.CancelServicePipelineDeployment": [ + { + "action": "proton:CancelServicePipelineDeployment", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:proton:${Region}:${Account}:service/${serviceName}" + } + } + ], + "Proton.DeleteEnvironmentTemplateVersion": [ + { + "action": "proton:DeleteEnvironmentTemplateVersion", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:proton:${Region}:${Account}:environment-template/${templateName}" + } + } + ], + "Proton.DeleteServiceTemplateVersion": [ + { + "action": "proton:DeleteServiceTemplateVersion", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:proton:${Region}:${Account}:service-template/${templateName}" + } + } + ], + "Proton.GetAccountSettings": [ + { + "action": "proton:GetAccountSettings", + "undocumented": true + } + ], + "Proton.GetEnvironmentTemplateVersion": [ + { + "action": "proton:GetEnvironmentTemplateVersion", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:proton:${Region}:${Account}:environment-template/${templateName}" + } + } + ], + "Proton.GetServiceTemplateVersion": [ + { + "action": "proton:GetServiceTemplateVersion", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:proton:${Region}:${Account}:service-template/${templateName}" + } + } + ], + "Proton.ListEnvironmentAccountConnections": [ + { + "action": "proton:ListEnvironmentAccountConnections", + "undocumented": true + } + ], + "Proton.ListEnvironmentTemplateVersions": [ + { + "action": "proton:ListEnvironmentTemplateVersions", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:proton:${Region}:${Account}:environment-template/${templateName}" + } + } + ], + "Proton.ListServiceTemplateVersions": [ + { + "action": "proton:ListServiceTemplateVersions", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:proton:${Region}:${Account}:service-template/${templateName}" + } + } + ], + "Proton.UpdateAccountSettings": [ + { + "action": "proton:UpdateAccountSettings", + "undocumented": true + } + ], + "Proton.UpdateEnvironmentTemplateVersion": [ + { + "action": "proton:UpdateEnvironmentTemplateVersion", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:proton:${Region}:${Account}:environment-template/${templateName}" + } + } + ], + "Proton.UpdateServiceTemplateVersion": [ + { + "action": "proton:UpdateServiceTemplateVersion", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:proton:${Region}:${Account}:service-template/${templateName}" + } + } + ], + "CloudWatchEvents.CreateApiDestination": [ + { + "action": "events:CreateApiDestination", + "resource_mappings": { + "ApiDestinationName": { + "template": "${Name}" + } + }, + "resourcearn_mappings": { + "connection": "${ConnectionArn}" + } + } + ], + "CloudWatchEvents.CreateConnection": [ + { + "action": "events:CreateConnection", + "resource_mappings": { + "ConnectionName": { + "template": "${Name}" + } + } + } + ], + "CloudWatchEvents.DeauthorizeConnection": [ + { + "action": "events:DeauthorizeConnection", + "resource_mappings": { + "ConnectionName": { + "template": "${Name}" + } + } + } + ], + "CloudWatchEvents.DeleteApiDestination": [ + { + "action": "events:DeleteApiDestination", + "resource_mappings": { + "ApiDestinationName": { + "template": "${Name}" + } + } + } + ], + "CloudWatchEvents.DeleteConnection": [ + { + "action": "events:DeleteConnection", + "resource_mappings": { + "ConnectionName": { + "template": "${Name}" + } + } + } + ], + "CloudWatchEvents.DescribeApiDestination": [ + { + "action": "events:DescribeApiDestination", + "resource_mappings": { + "ApiDestinationName": { + "template": "${Name}" + }, + "ConnectionName": { + "template": "*" + } + } + } + ], + "CloudWatchEvents.DescribeConnection": [ + { + "action": "events:DescribeConnection", + "resource_mappings": { + "ConnectionName": { + "template": "${Name}" + } + } + } + ], + "CloudWatchEvents.ListApiDestinations": [ + { + "action": "events:ListApiDestinations", + "resource_mappings": {} + } + ], + "CloudWatchEvents.ListConnections": [ + { + "action": "events:ListConnections", + "resource_mappings": {} + } + ], + "CloudWatchEvents.UpdateApiDestination": [ + { + "action": "events:UpdateApiDestination", + "resource_mappings": { + "ApiDestinationName": { + "template": "${Name}" + } + } + } + ], + "CloudWatchEvents.UpdateConnection": [ + { + "action": "events:UpdateConnection", + "resource_mappings": { + "ConnectionName": { + "template": "${Name}" + } + } + } + ], + "CloudWatchLogs.DeleteQueryDefinition": [ + { + "action": "logs:DeleteQueryDefinition", + "resource_mappings": {} + } + ], + "CloudWatchLogs.DescribeQueryDefinitions": [ + { + "action": "logs:DescribeQueryDefinitions", + "resource_mappings": {} + } + ], + "CloudWatchLogs.PutQueryDefinition": [ + { + "action": "logs:PutQueryDefinition", + "resource_mappings": {} + } + ], + "ConfigService.DescribeAggregateComplianceByConformancePacks": [ + { + "action": "config:DescribeAggregateComplianceByConformancePacks", + "resource_mappings": { + "AggregatorId": { + "template": "*" + } + } + } + ], + "ConfigService.GetAggregateConformancePackComplianceSummary": [ + { + "action": "config:GetAggregateConformancePackComplianceSummary", + "resource_mappings": { + "AggregatorId": { + "template": "*" + } + } + } + ], + "DirectoryService.AddRegion": [ + { + "action": "ds:AddRegion", + "resource_mappings": { + "DirectoryId": { + "template": "${DirectoryId}" + } + } + } + ], + "DirectoryService.DescribeRegions": [ + { + "action": "ds:DescribeRegions", + "resource_mappings": { + "DirectoryId": { + "template": "${DirectoryId}" + } + } + } + ], + "DirectoryService.DisableClientAuthentication": [ + { + "action": "ds:DisableClientAuthentication", + "resource_mappings": { + "DirectoryId": { + "template": "${DirectoryId}" + } + } + } + ], + "DirectoryService.EnableClientAuthentication": [ + { + "action": "ds:EnableClientAuthentication", + "resource_mappings": { + "DirectoryId": { + "template": "${DirectoryId}" + } + } + } + ], + "DirectoryService.RemoveRegion": [ + { + "action": "ds:RemoveRegion", + "resource_mappings": { + "DirectoryId": { + "template": "${DirectoryId}" + } + } + } + ], + "EFS.DescribeAccountPreferences": [ + { + "action": "elasticfilesystem:DescribeAccountPreferences", + "resource_mappings": {} + } + ], + "EFS.PutAccountPreferences": [ + { + "action": "elasticfilesystem:PutAccountPreferences", + "resource_mappings": {} + } + ], + "EMR.CreateStudio": [ + { + "action": "elasticmapreduce:CreateStudio", + "resource_mappings": {} + } + ], + "EMR.CreateStudioSessionMapping": [ + { + "action": "elasticmapreduce:CreateStudioSessionMapping", + "resource_mappings": { + "StudioId": { + "template": "${StudioId}" + } + } + } + ], + "EMR.DeleteStudio": [ + { + "action": "elasticmapreduce:DeleteStudio", + "resource_mappings": { + "StudioId": { + "template": "${StudioId}" + } + } + } + ], + "EMR.DeleteStudioSessionMapping": [ + { + "action": "elasticmapreduce:DeleteStudioSessionMapping", + "resource_mappings": { + "StudioId": { + "template": "${StudioId}" + } + } + } + ], + "EMR.DescribeNotebookExecution": [ + { + "action": "elasticmapreduce:DescribeNotebookExecution", + "resource_mappings": { + "NotebookExecutionId": { + "template": "${NotebookExecutionId}" + } + } + } + ], + "EMR.DescribeStudio": [ + { + "action": "elasticmapreduce:DescribeStudio", + "resource_mappings": { + "StudioId": { + "template": "${StudioId}" + } + } + } + ], + "EMR.GetStudioSessionMapping": [ + { + "action": "elasticmapreduce:GetStudioSessionMapping", + "resource_mappings": { + "StudioId": { + "template": "${StudioId}" + } + } + } + ], + "EMR.ListNotebookExecutions": [ + { + "action": "elasticmapreduce:ListNotebookExecutions", + "resource_mappings": {} + } + ], + "EMR.ListStudioSessionMappings": [ + { + "action": "elasticmapreduce:ListStudioSessionMappings", + "resource_mappings": {} + } + ], + "EMR.ListStudios": [ + { + "action": "elasticmapreduce:ListStudios", + "resource_mappings": {} + } + ], + "EMR.StartNotebookExecution": [ + { + "action": "elasticmapreduce:StartNotebookExecution", + "resource_mappings": { + "ClusterId": { + "template": "*" + }, + "EditorId": { + "template": "${EditorId}" + } + } + } + ], + "EMR.StopNotebookExecution": [ + { + "action": "elasticmapreduce:StopNotebookExecution", + "resource_mappings": { + "NotebookExecutionId": { + "template": "${NotebookExecutionId}" + } + } + } + ], + "EMR.UpdateStudio": [ + { + "action": "elasticmapreduce:UpdateStudio", + "resource_mappings": { + "StudioId": { + "template": "${StudioId}" + } + } + } + ], + "EMR.UpdateStudioSessionMapping": [ + { + "action": "elasticmapreduce:UpdateStudioSessionMapping", + "resource_mappings": { + "StudioId": { + "template": "${StudioId}" + } + } + } + ], + "Pinpoint.GetApplicationDateRangeKpi": [ + { + "action": "mobiletargeting:GetApplicationDateRangeKpi", + "resource_mappings": { + "AppId": { + "template": "${ApplicationId}" + } + } + } + ], + "Pinpoint.GetCampaignDateRangeKpi": [ + { + "action": "mobiletargeting:GetCampaignDateRangeKpi", + "resource_mappings": { + "AppId": { + "template": "${ApplicationId}" + }, + "CampaignId": { + "template": "${CampaignId}" + } + } + } + ], + "Pinpoint.GetJourneyDateRangeKpi": [ + { + "action": "mobiletargeting:GetJourneyDateRangeKpi", + "resource_mappings": { + "AppId": { + "template": "${ApplicationId}" + }, + "JourneyId": { + "template": "${JourneyId}" + } + } + } + ], + "Pinpoint.GetJourneyExecutionActivityMetrics": [ + { + "action": "mobiletargeting:GetJourneyExecutionActivityMetrics", + "resource_mappings": { + "AppId": { + "template": "${ApplicationId}" + }, + "JourneyId": { + "template": "${JourneyId}" + } + } + } + ], + "Pinpoint.GetJourneyExecutionMetrics": [ + { + "action": "mobiletargeting:GetJourneyExecutionMetrics", + "resource_mappings": { + "AppId": { + "template": "${ApplicationId}" + }, + "JourneyId": { + "template": "${JourneyId}" + } + } + } + ], + "Pinpoint.PhoneNumberValidate": [ + { + "action": "mobiletargeting:PhoneNumberValidate", + "resource_mappings": {} + } + ], + "MigrationHub.ListApplicationStates": [ + { + "action": "mgh:ListApplicationStates", + "resource_mappings": {} + } + ], + "CloudHSMV2.ModifyBackupAttributes": [ + { + "action": "cloudhsm:ModifyBackupAttributes", + "resource_mappings": { + "CloudHsmBackupInstanceName": { + "template": "*" + } + } + } + ], + "CloudHSMV2.ModifyCluster": [ + { + "action": "cloudhsm:ModifyCluster", + "resource_mappings": { + "CloudHsmClusterInstanceName": { + "template": "*" + } + } + } + ], + "AlexaForBusiness.AssociateDeviceWithNetworkProfile": [ + { + "action": "a4b:AssociateDeviceWithNetworkProfile", + "resource_mappings": {}, + "resourcearn_mappings": { + "device": "${DeviceArn}", + "networkprofile": "${NetworkProfileArn}" + } + } + ], + "AlexaForBusiness.CreateGatewayGroup": [ + { + "action": "a4b:CreateGatewayGroup", + "resource_mappings": {} + } + ], + "AlexaForBusiness.CreateNetworkProfile": [ + { + "action": "a4b:CreateNetworkProfile", + "resource_mappings": {} + } + ], + "AlexaForBusiness.DeleteDeviceUsageData": [ + { + "action": "a4b:DeleteDeviceUsageData", + "resource_mappings": {}, + "resourcearn_mappings": { + "device": "${DeviceArn}" + } + } + ], + "AlexaForBusiness.DeleteGatewayGroup": [ + { + "action": "a4b:DeleteGatewayGroup", + "resource_mappings": {}, + "resourcearn_mappings": { + "gatewaygroup": "${GatewayGroupArn}" + } + } + ], + "AlexaForBusiness.DeleteNetworkProfile": [ + { + "action": "a4b:DeleteNetworkProfile", + "resource_mappings": {}, + "resourcearn_mappings": { + "networkprofile": "${NetworkProfileArn}" + } + } + ], + "AlexaForBusiness.GetGateway": [ + { + "action": "a4b:GetGateway", + "resource_mappings": {}, + "resourcearn_mappings": { + "gateway": "${GatewayArn}" + } + } + ], + "AlexaForBusiness.GetGatewayGroup": [ + { + "action": "a4b:GetGatewayGroup", + "resource_mappings": {}, + "resourcearn_mappings": { + "gatewaygroup": "${GatewayGroupArn}" + } + } + ], + "AlexaForBusiness.GetInvitationConfiguration": [ + { + "action": "a4b:GetInvitationConfiguration", + "resource_mappings": {} + } + ], + "AlexaForBusiness.ListGatewayGroups": [ + { + "action": "a4b:ListGatewayGroups", + "resource_mappings": {} + } + ], + "AlexaForBusiness.ListGateways": [ + { + "action": "a4b:ListGateways", + "resource_mappings": {}, + "resourcearn_mappings": { + "gatewaygroup": "${GatewayGroupArn}" + } + } + ], + "AlexaForBusiness.PutInvitationConfiguration": [ + { + "action": "a4b:PutInvitationConfiguration", + "resource_mappings": {} + } + ], + "AlexaForBusiness.SendAnnouncement": [ + { + "action": "a4b:SendAnnouncement", + "resource_mappings": {} + } + ], + "AlexaForBusiness.UpdateGateway": [ + { + "action": "a4b:UpdateGateway", + "resource_mappings": {}, + "resourcearn_mappings": { + "gateway": "${GatewayArn}" + } + } + ], + "AlexaForBusiness.UpdateGatewayGroup": [ + { + "action": "a4b:UpdateGatewayGroup", + "resource_mappings": {}, + "resourcearn_mappings": { + "gatewaygroup": "${GatewayGroupArn}" + } + } + ], + "AlexaForBusiness.UpdateNetworkProfile": [ + { + "action": "a4b:UpdateNetworkProfile", + "resource_mappings": {}, + "resourcearn_mappings": { + "networkprofile": "${NetworkProfileArn}" + } + } + ], + "PinpointEmail.GetDomainDeliverabilityCampaign": [ + { + "action": "ses:GetDomainDeliverabilityCampaign", + "resource_mappings": {} + }, + { + "action": "ses:GetDomainDeliverabilityCampaign", + "resource_mappings": {} + } + ], + "PinpointEmail.ListDomainDeliverabilityCampaigns": [ + { + "action": "ses:ListDomainDeliverabilityCampaigns", + "resource_mappings": {} + }, + { + "action": "ses:ListDomainDeliverabilityCampaigns", + "resource_mappings": {} + } + ], + "RDSDataService.BeginTransaction": [ + { + "action": "rds-data:BeginTransaction", + "resource_mappings": {}, + "resourcearn_mappings": { + "cluster": "${resourceArn}" + } + } + ], + "RDSDataService.CommitTransaction": [ + { + "action": "rds-data:CommitTransaction", + "resource_mappings": {}, + "resourcearn_mappings": { + "cluster": "${resourceArn}" + } + }, + { + "action": "rds-data:BeginTransaction", + "resource_mappings": {}, + "resourcearn_mappings": { + "cluster": "${resourceArn}" + } + } + ], + "RDSDataService.ExecuteSql": [ + { + "action": "rds-data:ExecuteSql", + "resource_mappings": {}, + "resourcearn_mappings": { + "cluster": "%%iftemplatematch%${dbClusterOrInstanceArn}%%" + } + } + ], + "RDSDataService.RollbackTransaction": [ + { + "action": "rds-data:RollbackTransaction", + "resource_mappings": {}, + "resourcearn_mappings": { + "cluster": "${resourceArn}" + } + }, + { + "action": "rds-data:BeginTransaction", + "resource_mappings": {}, + "resourcearn_mappings": { + "cluster": "${resourceArn}" + } + } + ], + "KinesisAnalyticsV2.CreateApplicationPresignedUrl": [ + { + "action": "kinesisanalytics:CreateApplicationPresignedUrl", + "resource_mappings": { + "ApplicationName": { + "template": "${ApplicationName}" + } + } + } + ], + "DocDB.AddSourceIdentifierToSubscription": [ + { + "action": "rds:AddSourceIdentifierToSubscription", + "resource_mappings": { + "SubscriptionName": { + "template": "${SubscriptionName}" + } + } + } + ], + "DocDB.DeleteEventSubscription": [ + { + "action": "rds:DeleteEventSubscription", + "resource_mappings": { + "SubscriptionName": { + "template": "${SubscriptionName}" + } + } + } + ], + "DocDB.DeleteGlobalCluster": [ + { + "action": "rds:DeleteGlobalCluster", + "resource_mappings": { + "GlobalCluster": { + "template": "${GlobalClusterIdentifier}" + } + } + } + ], + "DocDB.DescribeEventSubscriptions": [ + { + "action": "rds:DescribeEventSubscriptions", + "resource_mappings": { + "SubscriptionName": { + "template": "${SubscriptionName}" + } + } + } + ], + "DocDB.DescribeGlobalClusters": [ + { + "action": "rds:DescribeGlobalClusters", + "resource_mappings": { + "GlobalCluster": { + "template": "${GlobalClusterIdentifier}" + } + } + } + ], + "DocDB.ModifyEventSubscription": [ + { + "action": "rds:ModifyEventSubscription", + "resource_mappings": { + "SubscriptionName": { + "template": "${SubscriptionName}" + } + } + } + ], + "DocDB.RemoveFromGlobalCluster": [ + { + "action": "rds:RemoveFromGlobalCluster", + "resource_mappings": { + "DbClusterInstanceName": { + "template": "${DbClusterIdentifier}" + }, + "GlobalCluster": { + "template": "${GlobalClusterIdentifier}" + } + } + } + ], + "DocDB.RemoveSourceIdentifierFromSubscription": [ + { + "action": "rds:RemoveSourceIdentifierFromSubscription", + "resource_mappings": { + "SubscriptionName": { + "template": "${SubscriptionName}" + } + } + } + ], + "IoTEventsData.DescribeAlarm": [ + { + "action": "iotevents:DescribeAlarm", + "resource_mappings": { + "AlarmModelName": { + "template": "${alarmModelName}" + } + } + } + ], + "IoTEventsData.ListAlarms": [ + { + "action": "iotevents:ListAlarms", + "resource_mappings": { + "AlarmModelName": { + "template": "${alarmModelName}" + } + } + } + ], + "EventBridge.CreateApiDestination": [ + { + "action": "events:CreateApiDestination", + "resource_mappings": { + "ApiDestinationName": { + "template": "${Name}" + } + }, + "resourcearn_mappings": { + "connection": "${ConnectionArn}" + } + } + ], + "EventBridge.CreateConnection": [ + { + "action": "events:CreateConnection", + "resource_mappings": { + "ConnectionName": { + "template": "${Name}" + } + } + } + ], + "EventBridge.DeauthorizeConnection": [ + { + "action": "events:DeauthorizeConnection", + "resource_mappings": { + "ConnectionName": { + "template": "${Name}" + } + } + } + ], + "EventBridge.DeleteApiDestination": [ + { + "action": "events:DeleteApiDestination", + "resource_mappings": { + "ApiDestinationName": { + "template": "${Name}" + } + } + } + ], + "EventBridge.DeleteConnection": [ + { + "action": "events:DeleteConnection", + "resource_mappings": { + "ConnectionName": { + "template": "${Name}" + } + } + } + ], + "EventBridge.DescribeApiDestination": [ + { + "action": "events:DescribeApiDestination", + "resource_mappings": { + "ApiDestinationName": { + "template": "${Name}" + }, + "ConnectionName": { + "template": "*" + } + } + } + ], + "EventBridge.DescribeConnection": [ + { + "action": "events:DescribeConnection", + "resource_mappings": { + "ConnectionName": { + "template": "${Name}" + } + } + } + ], + "EventBridge.ListApiDestinations": [ + { + "action": "events:ListApiDestinations", + "resource_mappings": {} + } + ], + "EventBridge.ListConnections": [ + { + "action": "events:ListConnections", + "resource_mappings": {} + } + ], + "EventBridge.UpdateApiDestination": [ + { + "action": "events:UpdateApiDestination", + "resource_mappings": { + "ApiDestinationName": { + "template": "${Name}" + } + } + } + ], + "EventBridge.UpdateConnection": [ + { + "action": "events:UpdateConnection", + "resource_mappings": { + "ConnectionName": { + "template": "${Name}" + } + } + } + ], + "SESV2.CreateContact": [ + { + "action": "ses:CreateContact", + "resource_mappings": { + "ContactListName": { + "template": "${ContactListName}" + } + } + } + ], + "SESV2.CreateContactList": [ + { + "action": "ses:CreateContactList", + "resource_mappings": {} + } + ], + "SESV2.CreateEmailTemplate": [ + { + "action": "ses:CreateEmailTemplate", + "resource_mappings": {} + } + ], + "SESV2.CreateImportJob": [ + { + "action": "ses:CreateImportJob", + "resource_mappings": {} + } + ], + "SESV2.DeleteContact": [ + { + "action": "ses:DeleteContact", + "resource_mappings": { + "ContactListName": { + "template": "${ContactListName}" + } + } + } + ], + "SESV2.DeleteContactList": [ + { + "action": "ses:DeleteContactList", + "resource_mappings": { + "ContactListName": { + "template": "${ContactListName}" + } + } + } + ], + "SESV2.DeleteEmailTemplate": [ + { + "action": "ses:DeleteEmailTemplate", + "resource_mappings": { + "TemplateName": { + "template": "${TemplateName}" + } + } + } + ], + "SESV2.DeleteSuppressedDestination": [ + { + "action": "ses:DeleteSuppressedDestination", + "resource_mappings": {} + } + ], + "SESV2.GetContact": [ + { + "action": "ses:GetContact", + "resource_mappings": { + "ContactListName": { + "template": "${ContactListName}" + } + } + } + ], + "SESV2.GetContactList": [ + { + "action": "ses:GetContactList", + "resource_mappings": { + "ContactListName": { + "template": "${ContactListName}" + } + } + } + ], + "SESV2.GetDomainDeliverabilityCampaign": [ + { + "action": "ses:GetDomainDeliverabilityCampaign", + "resource_mappings": {} + }, + { + "action": "ses:GetDomainDeliverabilityCampaign", + "resource_mappings": {} + } + ], + "SESV2.GetEmailTemplate": [ + { + "action": "ses:GetEmailTemplate", + "resource_mappings": { + "TemplateName": { + "template": "${TemplateName}" + } + } + } + ], + "SESV2.GetImportJob": [ + { + "action": "ses:GetImportJob", + "resource_mappings": { + "ImportJobId": { + "template": "${JobId}" + } + } + } + ], + "SESV2.GetSuppressedDestination": [ + { + "action": "ses:GetSuppressedDestination", + "resource_mappings": {} + } + ], + "SESV2.ListContactLists": [ + { + "action": "ses:ListContactLists", + "resource_mappings": {} + } + ], + "SESV2.ListContacts": [ + { + "action": "ses:ListContacts", + "resource_mappings": { + "ContactListName": { + "template": "${ContactListName}" + } + } + } + ], + "SESV2.ListDomainDeliverabilityCampaigns": [ + { + "action": "ses:ListDomainDeliverabilityCampaigns", + "resource_mappings": {} + }, + { + "action": "ses:ListDomainDeliverabilityCampaigns", + "resource_mappings": {} + } + ], + "SESV2.ListEmailTemplates": [ + { + "action": "ses:ListEmailTemplates", + "resource_mappings": {} + } + ], + "SESV2.ListImportJobs": [ + { + "action": "ses:ListImportJobs", + "resource_mappings": {} + } + ], + "SESV2.ListSuppressedDestinations": [ + { + "action": "ses:ListSuppressedDestinations", + "resource_mappings": {} + } + ], + "SESV2.PutAccountDetails": [ + { + "action": "ses:PutAccountDetails", + "resource_mappings": {} + } + ], + "SESV2.PutAccountSuppressionAttributes": [ + { + "action": "ses:PutAccountSuppressionAttributes", + "resource_mappings": {} + } + ], + "SESV2.PutConfigurationSetSuppressionOptions": [ + { + "action": "ses:PutConfigurationSetSuppressionOptions", + "resource_mappings": { + "ConfigurationSetName": { + "template": "${ConfigurationSetName}" + } + } + } + ], + "SESV2.PutSuppressedDestination": [ + { + "action": "ses:PutSuppressedDestination", + "resource_mappings": {} + } + ], + "SESV2.SendBulkEmail": [ + { + "action": "ses:SendBulkEmail", + "resource_mappings": {} + } + ], + "SESV2.TestRenderEmailTemplate": [ + { + "action": "ses:TestRenderEmailTemplate", + "resource_mappings": { + "TemplateName": { + "template": "${TemplateName}" + } + } + } + ], + "SESV2.UpdateContact": [ + { + "action": "ses:UpdateContact", + "resource_mappings": { + "ContactListName": { + "template": "${ContactListName}" + } + } + } + ], + "SESV2.UpdateContactList": [ + { + "action": "ses:UpdateContactList", + "resource_mappings": { + "ContactListName": { + "template": "${ContactListName}" + } + } + } + ], + "SESV2.UpdateEmailTemplate": [ + { + "action": "ses:UpdateEmailTemplate", + "resource_mappings": { + "TemplateName": { + "template": "${TemplateName}" + } + } + } + ], + "ServiceCatalogAppRegistry.CreateApplication": [ + { + "action": "servicecatalog:CreateApplication", + "resource_mappings": { + "ApplicationId": { + "template": "*" + } + } + }, + { + "action": "iam:CreateServiceLinkedRole", + "resource_mappings": { + "RoleNameWithPath": { + "template": "*" + } + } + } + ], + "ConnectContactLens.ListRealtimeContactAnalysisSegments": [ + { + "action": "connect:ListRealtimeContactAnalysisSegments", + "resource_mappings": { + "InstanceId": { + "template": "${InstanceId}" + }, + "ContactId": { + "template": "${ContactId}" + } + } + } + ], + "SageMakerFeatureStoreRuntime.BatchGetRecord": [ + { + "action": "sagemaker:BatchGetRecord", + "resource_mappings": { + "FeatureGroupName": { + "template": "${Identifiers[].FeatureGroupName}" + } + } + } + ], + "GreengrassV2.GetComponentVersionArtifact": [ + { + "action": "greengrass:GetComponentVersionArtifact", + "resource_mappings": {}, + "resourcearn_mappings": { + "componentVersion": "${arn}" + } + } + ], + "GreengrassV2.ResolveComponentCandidates": [ + { + "action": "greengrass:ResolveComponentCandidates", + "resource_mappings": { + "ComponentName": { + "template": "${componentCandidates[].componentName}" + }, + "ComponentVersion": { + "template": "${componentCandidates[].componentVersion}" + } + } + } + ], + "Location.BatchDeleteDevicePositionHistory": [ + { + "action": "geo:BatchDeleteDevicePositionHistory", + "resource_mappings": { + "TrackerName": { + "template": "${TrackerName}" + } + } + } + ], + "Location.CalculateRoute": [ + { + "action": "geo:CalculateRoute", + "resource_mappings": { + "CalculatorName": { + "template": "${CalculatorName}" + } + } + } + ], + "Location.CreateRouteCalculator": [ + { + "action": "geo:CreateRouteCalculator", + "resource_mappings": { + "CalculatorName": { + "template": "${CalculatorName}" + } + } + } + ], + "Location.DeleteRouteCalculator": [ + { + "action": "geo:DeleteRouteCalculator", + "resource_mappings": { + "CalculatorName": { + "template": "${CalculatorName}" + } + } + } + ], + "Location.DescribeRouteCalculator": [ + { + "action": "geo:DescribeRouteCalculator", + "resource_mappings": { + "CalculatorName": { + "template": "${CalculatorName}" + } + } + } + ], + "Location.ListDevicePositions": [ + { + "action": "geo:ListDevicePositions", + "resource_mappings": { + "TrackerName": { + "template": "${TrackerName}" + } + } + } + ], + "Location.ListRouteCalculators": [ + { + "action": "geo:ListRouteCalculators", + "resource_mappings": {} + } + ], + "Location.ListTagsForResource": [ + { + "action": "geo:ListTagsForResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "geofence-collection": "%%iftemplatematch%${ResourceArn}%%", + "map": "%%iftemplatematch%${ResourceArn}%%", + "place-index": "%%iftemplatematch%${ResourceArn}%%", + "route-calculator": "%%iftemplatematch%${ResourceArn}%%", + "tracker": "%%iftemplatematch%${ResourceArn}%%" + } + } + ], + "Location.TagResource": [ + { + "action": "geo:TagResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "geofence-collection": "%%iftemplatematch%${ResourceArn}%%", + "map": "%%iftemplatematch%${ResourceArn}%%", + "place-index": "%%iftemplatematch%${ResourceArn}%%", + "route-calculator": "%%iftemplatematch%${ResourceArn}%%", + "tracker": "%%iftemplatematch%${ResourceArn}%%" + } + } + ], + "Location.UntagResource": [ + { + "action": "geo:UntagResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "geofence-collection": "%%iftemplatematch%${ResourceArn}%%", + "map": "%%iftemplatematch%${ResourceArn}%%", + "place-index": "%%iftemplatematch%${ResourceArn}%%", + "route-calculator": "%%iftemplatematch%${ResourceArn}%%", + "tracker": "%%iftemplatematch%${ResourceArn}%%" + } + } + ], + "LexModelsV2.CreateUploadUrl": [ + { + "action": "lex:CreateUploadUrl", + "resource_mappings": {} + } + ], + "LexModelsV2.ListExports": [ + { + "action": "lex:ListExports", + "resource_mappings": {} + } + ], + "LexModelsV2.ListImports": [ + { + "action": "lex:ListImports", + "resource_mappings": {} + } + ], + "ServiceDiscovery.UpdatePrivateDnsNamespace": [ + { + "action": "servicediscovery:UpdatePrivateDnsNamespace", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:servicediscovery:${Region}:${Account}:namespace/${Id}" + } + } + ], + "ServiceDiscovery.UpdatePublicDnsNamespace": [ + { + "action": "servicediscovery:UpdatePublicDnsNamespace", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:servicediscovery:${Region}:${Account}:namespace/${Id}" + } + } + ], + "KinesisAnalyticsV2.DescribeApplicationVersion": [ + { + "action": "kinesisanalytics:DescribeApplicationVersion", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:kinesisanalytics:${Region}:${Account}:application/${ApplicationName}" + } + } + ], + "KinesisAnalyticsV2.RollbackApplication": [ + { + "action": "kinesisanalytics:RollbackApplication", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:kinesisanalytics:${Region}:${Account}:application/${ApplicationName}" + } + } + ], + "Kendra.BatchGetDocumentStatus": [ + { + "action": "kendra:BatchGetDocumentStatus", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:kendra:${Region}:${Account}:index/${IndexId}" + } + } + ], + "CustomerProfiles.MergeProfiles": [ + { + "action": "profile:MergeProfiles", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:profile:${Region}:${Account}:/domains/${DomainName}/profiles/objects/merge" + } + } + ], + "MediaPackageVod.ConfigureLogs": [ + { + "action": "mediapackage-vod:ConfigureLogs", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:mediapackage-vod:${Region}:${Account}:packaging-groups/${Id}" + } + } ] }, "sdk_service_mappings": { @@ -91926,6 +96112,7 @@ "Application Discovery Service": "discovery", "Application Insights": "applicationinsights", "ApplicationAutoScaling": "application-autoscaling", + "ApplicationCostProfiler": "application-cost-profiler", "AuditManager": "auditmanager", "AugmentedAIRuntime": "sagemaker", "Auto Scaling": "autoscaling", @@ -92023,6 +96210,7 @@ "IoT Events Data": "iotevents", "IoT Events": "iotevents", "IoT Jobs Data Plane": "iot", + "IoTWireless": "iot", "IoT Wireless": "iot", "IoT": "iot", "IoT1ClickDevicesService": "iot1click", @@ -92126,6 +96314,8 @@ "SES": "ses", "SESV2": "ses", "SESv2": "ses", + "SSMContacts": "ssm-contacts", + "SSMIncidents": "ssm-incidents", "SSO Admin": "sso", "SSO OIDC": "sso-directory", "SSO": "sso",