diff --git a/iamlivecore/iam_definition.json b/iamlivecore/iam_definition.json index 3d5f558f..34ece11d 100644 --- a/iamlivecore/iam_definition.json +++ b/iamlivecore/iam_definition.json @@ -6033,12 +6033,12 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access based on the allowed set of values for a specified tag", + "description": "Filters access by the allowed set of values for a specified tag", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access based on a tag key-value pair assigned to the AWS resource", + "description": "Filters access by a tag key-value pair assigned to the AWS resource", "type": "String" }, { @@ -6407,6 +6407,25 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a deployed configuration", + "privilege": "GetLatestConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configuration*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list the applications in your account", @@ -6529,13 +6548,20 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to start a configuration session", "privilege": "StartConfigurationSession", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "configuration*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] @@ -6596,7 +6622,7 @@ }, { "access_level": "Tagging", - "description": "Grants permission to tag an appconfig resource.", + "description": "Grants permission to tag an appconfig resource", "privilege": "TagResource", "resource_types": [ { @@ -6637,7 +6663,7 @@ }, { "access_level": "Tagging", - "description": "Grants permission to untag an appconfig resource.", + "description": "Grants permission to untag an appconfig resource", "privilege": "UntagResource", "resource_types": [ { @@ -6818,6 +6844,13 @@ "arn": "arn:${Partition}:appconfig:${Region}:${Account}:application/${ApplicationId}/configurationprofile/${ConfigurationProfileId}/hostedconfigurationversion/${VersionNumber}", "condition_keys": [], "resource": "hostedconfigurationversion" + }, + { + "arn": "arn:${Partition}:appconfig:${Region}:${Account}:application/${ApplicationId}/environment/${EnvironmentId}/configuration/${ConfigurationProfileId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "configuration" } ], "service_name": "AWS AppConfig" @@ -7179,7 +7212,7 @@ "privileges": [ { "access_level": "Write", - "description": "Deletes an Application Auto Scaling scaling policy that was previously created.", + "description": "Grants permission to delete a scaling policy", "privilege": "DeleteScalingPolicy", "resource_types": [ { @@ -7191,7 +7224,7 @@ }, { "access_level": "Write", - "description": "Deletes an Application Auto Scaling scheduled action that was previously created.", + "description": "Grants permission to delete a scheduled action", "privilege": "DeleteScheduledAction", "resource_types": [ { @@ -7203,7 +7236,7 @@ }, { "access_level": "Write", - "description": "Deregisters a scalable target that was previously registered.", + "description": "Grants permission to deregister a scalable target", "privilege": "DeregisterScalableTarget", "resource_types": [ { @@ -7215,7 +7248,7 @@ }, { "access_level": "Read", - "description": "Provides descriptive information for scalable targets with a specified service namespace.", + "description": "Grants permission to describe one or more scalable targets in the specified namespace", "privilege": "DescribeScalableTargets", "resource_types": [ { @@ -7227,7 +7260,7 @@ }, { "access_level": "Read", - "description": "Provides descriptive information for scaling activities with a specified service namespace for the previous six weeks.", + "description": "Grants permission to describe a set of scaling activities or all scaling activities in the specified namespace", "privilege": "DescribeScalingActivities", "resource_types": [ { @@ -7239,7 +7272,7 @@ }, { "access_level": "Read", - "description": "Provides descriptive information for scaling policies with a specified service namespace.", + "description": "Grants permission to describe a set of scaling policies or all scaling policies in the specified namespace", "privilege": "DescribeScalingPolicies", "resource_types": [ { @@ -7251,7 +7284,7 @@ }, { "access_level": "Read", - "description": "Provides descriptive information for scheduled actions with a specified service namespace.", + "description": "Grants permission to describe a set of scheduled actions or all scheduled actions in the specified namespace", "privilege": "DescribeScheduledActions", "resource_types": [ { @@ -7263,7 +7296,7 @@ }, { "access_level": "Write", - "description": "Creates or updates a policy for an existing Application Auto Scaling scalable target.", + "description": "Grants permission to create and update a scaling policy for a scalable target", "privilege": "PutScalingPolicy", "resource_types": [ { @@ -7275,7 +7308,7 @@ }, { "access_level": "Write", - "description": "Creates or updates a scheduled action for an existing Application Auto Scaling scalable target.", + "description": "Grants permission to create and update a scheduled action for a scalable target", "privilege": "PutScheduledAction", "resource_types": [ { @@ -7287,7 +7320,7 @@ }, { "access_level": "Write", - "description": "Registers or updates a scalable target. A scalable target is a resource that can be scaled out or in with Application Auto Scaling.", + "description": "Grants permission to register AWS or custom resources as scalable targets with Application Auto Scaling and to update configuration parameters used to manage a scalable target", "privilege": "RegisterScalableTarget", "resource_types": [ { @@ -7299,7 +7332,7 @@ } ], "resources": [], - "service_name": "Application Auto Scaling" + "service_name": "AWS Application Auto Scaling" }, { "conditions": [], @@ -9472,6 +9505,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to associate the specified application to the specified entitlement", + "privilege": "AssociateApplicatonToEntitlement", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "stack*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to associate the specified fleet with the specified stack", @@ -9605,6 +9650,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create an entitlement to control access to applications based on user attributes", + "privilege": "CreateEntitlement", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "stack*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a fleet. A fleet is a group of streaming instances from which applications are launched and streamed to users", @@ -9812,6 +9869,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete the specified entitlement", + "privilege": "DeleteEntitlement", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "stack*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete the specified fleet", @@ -9984,6 +10053,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve one or all entitlements for the specified stack", + "privilege": "DescribeEntitlements", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "stack*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve a list that describes one or more specified fleets, if the fleet names are provided. Otherwise, all fleets in the account are described", @@ -10133,6 +10214,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to disassociate the specified application from the specified entitlement", + "privilege": "DisassociateApplicatonFromEntitlement", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "stack*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to disassociate the specified fleet from the specified stack", @@ -10205,6 +10298,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to retrieve the applications that are associated with the specified entitlement", + "privilege": "ListEntitledApplications", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "stack*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve a list of all tags for the specified AppStream 2.0 resource. The following resources can be tagged: Image builders, images, fleets, and stacks", @@ -10438,6 +10543,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update the specified fields for the specified entitlement", + "privilege": "UpdateEntitlement", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "stack*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update the specified fleet. All attributes except the fleet name can be updated when the fleet is in the STOPPED state", @@ -10551,22 +10668,34 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the presence of tag key-value pairs in the request", + "description": "Filters access by the tag key-value pairs in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on tag key-value pairs attached to the resource", + "description": "Filters access by the tag key-value pairs attached to the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters actions based on the presence of tag keys in the request", + "description": "Filters access by the presence of tag keys in the request", "type": "String" } ], "prefix": "appsync", "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to attach a GraphQL API to a custom domain name in AppSync", + "privilege": "AssociateApi", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create an API cache in AppSync", @@ -10603,6 +10732,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a custom domain name in AppSync", + "privilege": "CreateDomainName", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a new function", @@ -10692,6 +10833,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a custom domain name in AppSync", + "privilege": "DeleteDomainName", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a function", @@ -10747,6 +10900,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to dettach a GraphQL API to a custom domain name in AppSync", + "privilege": "DisassociateApi", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to flush an API cache in AppSync", @@ -10759,6 +10924,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to read custom domain name - GraphQL API association details in AppSync", + "privilege": "GetApiAssociation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to read information about an API cache in AppSync", @@ -10783,6 +10960,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to read information about a custom domain name in AppSync", + "privilege": "GetDomainName", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve a function", @@ -10903,6 +11092,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to enumerate custom domain names in AppSync", + "privilege": "ListDomainNames", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list the functions for a given API", @@ -11082,6 +11283,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update a custom domain name in AppSync", + "privilege": "UpdateDomainName", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update an existing function", @@ -11146,6 +11359,11 @@ "condition_keys": [], "resource": "datasource" }, + { + "arn": "arn:${Partition}:appsync:${Region}:${Account}:domainnames/${DomainName}", + "condition_keys": [], + "resource": "domain" + }, { "arn": "arn:${Partition}:appsync:${Region}:${Account}:apis/${GraphQLAPIId}", "condition_keys": [ @@ -14655,19 +14873,19 @@ }, { "access_level": "Write", - "description": "Cancels a running change set.", + "description": "Grants permission to cancel a running change set", "privilege": "CancelChangeSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ChangeSet*" } ] }, { "access_level": "Write", - "description": "Complete an existing task and submit the content to the associated change.", + "description": "Grants permission to complete an existing task and submit the content to the associated change", "privilege": "CompleteTask", "resource_types": [ { @@ -14679,31 +14897,31 @@ }, { "access_level": "Read", - "description": "Returns the details of an existing change set.", + "description": "Grants permission to return the details of an existing change set", "privilege": "DescribeChangeSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ChangeSet*" } ] }, { "access_level": "Read", - "description": "Returns the details of an existing entity.", + "description": "Grants permission to return the details of an existing entity", "privilege": "DescribeEntity", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Entity*" } ] }, { "access_level": "Read", - "description": "Returns the details of an existing task.", + "description": "Grants permission to return the details of an existing task", "privilege": "DescribeTask", "resource_types": [ { @@ -14714,8 +14932,8 @@ ] }, { - "access_level": "Read", - "description": "Lists existing change sets.", + "access_level": "List", + "description": "Grants permission to list existing change sets", "privilege": "ListChangeSets", "resource_types": [ { @@ -14726,8 +14944,8 @@ ] }, { - "access_level": "Read", - "description": "Lists existing entities.", + "access_level": "List", + "description": "Grants permission to list existing entities", "privilege": "ListEntities", "resource_types": [ { @@ -14739,7 +14957,7 @@ }, { "access_level": "List", - "description": "Lists existing tasks.", + "description": "Grants permission to list existing tasks", "privilege": "ListTasks", "resource_types": [ { @@ -14751,9 +14969,14 @@ }, { "access_level": "Write", - "description": "Requests a new change set.", + "description": "Grants permission to request a new change set. (Note: resource-level permissions for this action and condition context keys for this action are only supported when used with Catalog API and are not supported when used with AWS Marketplace Management Portal)", "privilege": "StartChangeSet", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Entity*" + }, { "condition_keys": [ "catalog:ChangeType" @@ -14765,7 +14988,7 @@ }, { "access_level": "Write", - "description": "Update the content of an existing task.", + "description": "Grants permission to update the contents of an existing task", "privilege": "UpdateTask", "resource_types": [ { @@ -17530,11 +17753,6 @@ ], "resource_type": "Event*" }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "codereview*" - }, { "condition_keys": [ "aws:ResourceTag/${TagKey}" @@ -17711,16 +17929,6 @@ ], "resource_type": "Event*" }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ProfilingGroup*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "codereview*" - }, { "condition_keys": [ "aws:ResourceTag/${TagKey}" @@ -17737,7 +17945,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "codeguru-reviewer:ListRecommendations" + ], "resource_type": "Event*" }, { @@ -17756,7 +17966,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "codeguru-reviewer:ListRecommendations" + ], "resource_type": "Event*" }, { @@ -17770,20 +17982,6 @@ } ], "resources": [ - { - "arn": "arn:${Partition}:codeguru-reviewer:${Region}:${Account}:association:${ResourceId}:codereview:${CodeReviewId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "codereview" - }, - { - "arn": "arn:${Partition}:codeguru-profiler:${Region}:${Account}:profilingGroup/${profilingGroupName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "ProfilingGroup" - }, { "arn": "arn:${Partition}:bugbust:${Region}:${Account}:events/${EventId}", "condition_keys": [ @@ -24592,17 +24790,17 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access based on the presence of tag key-value pairs in the request", + "description": "Filters access by the presence of tag key-value pairs in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access based on tag key-value pairs attached to the resource", + "description": "Filters access by tag key-value pairs attached to the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access based on the presence of tag keys in the request", + "description": "Filters access by the presence of tag keys in the request", "type": "String" } ], @@ -24628,7 +24826,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "cache-policy*" } ] }, @@ -24684,7 +24882,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "field-level-encryption*" } ] }, @@ -24696,7 +24894,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "field-level-encryption-profile*" } ] }, @@ -24708,7 +24906,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "function*" } ] }, @@ -24756,7 +24954,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "origin-request-policy*" } ] }, @@ -24780,7 +24978,19 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "realtime-log-config*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to add a new response headers policy to CloudFront", + "privilege": "CreateResponseHeadersPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "response-headers-policy*" } ] }, @@ -24824,7 +25034,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "cache-policy*" } ] }, @@ -24860,7 +25070,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "field-level-encryption*" } ] }, @@ -24872,7 +25082,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "field-level-encryption-profile*" } ] }, @@ -24884,7 +25094,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "function*" } ] }, @@ -24920,7 +25130,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "origin-request-policy*" } ] }, @@ -24944,19 +25154,19 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "realtime-log-config*" } ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to delete a response headers policy", "privilege": "DeleteResponseHeadersPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "response-headers-policy*" } ] }, @@ -24980,7 +25190,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "function*" } ] }, @@ -24992,7 +25202,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "cache-policy*" } ] }, @@ -25004,7 +25214,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "cache-policy*" } ] }, @@ -25064,7 +25274,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "field-level-encryption*" } ] }, @@ -25076,7 +25286,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "field-level-encryption*" } ] }, @@ -25088,7 +25298,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "field-level-encryption-profile*" } ] }, @@ -25100,7 +25310,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "field-level-encryption-profile*" } ] }, @@ -25112,7 +25322,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "function*" } ] }, @@ -25172,7 +25382,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "origin-request-policy*" } ] }, @@ -25184,7 +25394,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "origin-request-policy*" } ] }, @@ -25220,31 +25430,31 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "realtime-log-config*" } ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Read", + "description": "Grants permission to get the response headers policy", "privilege": "GetResponseHeadersPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "response-headers-policy*" } ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Read", + "description": "Grants permission to get the response headers policy configuration", "privilege": "GetResponseHeadersPolicyConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "response-headers-policy*" } ] }, @@ -25381,8 +25591,8 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "List", + "description": "Grants permission to list distribution IDs for distributions that have a cache behavior that's associated with the specified response headers policy", "privilege": "ListDistributionsByResponseHeadersPolicyId", "resource_types": [ { @@ -25501,8 +25711,8 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "List", + "description": "Grants permission to list all response headers policies that have been created in CloudFront for this account", "privilege": "ListResponseHeadersPolicies", "resource_types": [ { @@ -25549,7 +25759,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "function*" } ] }, @@ -25586,7 +25796,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "function*" } ] }, @@ -25622,7 +25832,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "cache-policy*" } ] }, @@ -25658,7 +25868,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "field-level-encryption*" } ] }, @@ -25670,7 +25880,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "field-level-encryption-profile*" } ] }, @@ -25682,7 +25892,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "function*" } ] }, @@ -25706,7 +25916,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "origin-request-policy*" } ] }, @@ -25730,7 +25940,19 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "realtime-log-config*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a response headers policy", + "privilege": "UpdateResponseHeadersPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "response-headers-policy*" } ] }, @@ -25796,6 +26018,11 @@ "arn": "arn:${Partition}:cloudfront::${Account}:function/${Name}", "condition_keys": [], "resource": "function" + }, + { + "arn": "arn:${Partition}:cloudfront::${Account}:response-headers-policy/${Id}", + "condition_keys": [], + "resource": "response-headers-policy" } ], "service_name": "Amazon CloudFront" @@ -26802,7 +27029,23 @@ "service_name": "AWS CloudShell" }, { - "conditions": [], + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by value associated with the resource", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by value associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by value associated with the resource", + "type": "String" + } + ], "prefix": "cloudtrail", "privileges": [ { @@ -26813,7 +27056,44 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "trail*" + "resource_type": "eventdatastore" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "trail" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to cancel a running query", + "privilege": "CancelQuery", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an event data store", + "privilege": "CreateEventDataStore", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "eventdatastore*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -26831,6 +27111,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete an event data store", + "privilege": "DeleteEventDataStore", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "eventdatastore*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a trail", @@ -26843,6 +27135,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to list details for the query", + "privilege": "DescribeQuery", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to list settings for the trails associated with the current region for your account", @@ -26855,6 +27159,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to list settings for the event data store", + "privilege": "GetEventDataStore", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to list settings for event selectors configured for a trail", @@ -26879,6 +27195,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to fetch results of a complete query", + "privilege": "GetQueryResults", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to list settings for the trail", @@ -26903,6 +27231,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list event data stores associated with the current region for your account", + "privilege": "ListEventDataStores", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to list the public keys whose private keys were used to sign trail digest files within a specified time range", @@ -26915,15 +27255,32 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list queries associated with an event data store", + "privilege": "ListQueries", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", - "description": "Grants permission to list the tags for trails in the current region", + "description": "Grants permission to list the tags for trails or event data stores in the current region", "privilege": "ListTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "trail*" + "resource_type": "eventdatastore" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "trail" } ] }, @@ -26983,7 +27340,24 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "trail*" + "resource_type": "eventdatastore" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "trail" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to restore an event data store", + "privilege": "RestoreEventDataStore", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "eventdatastore*" } ] }, @@ -26999,6 +27373,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to start a new query on a specified event data store", + "privilege": "StartQuery", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to stop the recording of AWS API calls and log file delivery for a trail", @@ -27011,6 +27397,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update an event data store", + "privilege": "UpdateEventDataStore", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "eventdatastore*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update the settings that specify delivery of log files", @@ -27029,6 +27427,13 @@ "arn": "arn:${Partition}:cloudtrail:${Region}:${Account}:trail/${TrailName}", "condition_keys": [], "resource": "trail" + }, + { + "arn": "arn:${Partition}:cloudtrail:${Region}:${Account}:eventdatastore/${EventDataStoreId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "eventdatastore" } ], "service_name": "AWS CloudTrail" @@ -27636,7 +28041,7 @@ }, { "access_level": "Write", - "description": "Grants permission to copy package versions from one repository to another repository in the same domain.", + "description": "Grants permission to copy package versions from one repository to another repository in the same domain", "privilege": "CopyPackageVersions", "resource_types": [ { @@ -45978,17 +46383,17 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the tags that are passed in the request", + "description": "Filters access by specifying the tags that are passed in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on the tags associated with the resource", + "description": "Filters access by specifying the tags associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters actions based on the tag keys that are passed in the request", + "description": "Filters access by specifying the tag keys that are passed in the request", "type": "String" } ], @@ -46057,6 +46462,34 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to view the current configuration related to the Amazon Detective integration with AWS Organizations", + "privilege": "DescribeOrganizationConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "organizations:DescribeOrganization" + ], + "resource_type": "Graph*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to remove the Amazon Detective delegated administrator account for an organization", + "privilege": "DisableOrganizationAdminAccount", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "organizations:DescribeOrganization" + ], + "resource_type": "Graph*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to remove the association of this account with a behavior graph", @@ -46069,6 +46502,23 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to designate the Amazon Detective delegated administrator account for an organization", + "privilege": "EnableOrganizationAdminAccount", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iam:CreateServiceLinkedRole", + "organizations:DescribeOrganization", + "organizations:EnableAWSServiceAccess", + "organizations:RegisterDelegatedAdministrator" + ], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve a behavior graph's eligibility for a free trial period", @@ -46165,6 +46615,20 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to view the current Amazon Detective delegated administrator account for an organization", + "privilege": "ListOrganizationAdminAccounts", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "organizations:DescribeOrganization" + ], + "resource_type": "Graph*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to list the tag values that are assigned to a behavior graph", @@ -46210,7 +46674,7 @@ }, { "access_level": "Write", - "description": "Grants permission to start data ingest for a member account that has a status of ACCEPTED_BUT_DISABLED.", + "description": "Grants permission to start data ingest for a member account that has a status of ACCEPTED_BUT_DISABLED", "privilege": "StartMonitoringMember", "resource_types": [ { @@ -46259,6 +46723,20 @@ "resource_type": "" } ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the current configuration related to the Amazon Detective integration with AWS Organizations", + "privilege": "UpdateOrganizationConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "organizations:DescribeOrganization" + ], + "resource_type": "Graph*" + } + ] } ], "resources": [ @@ -53453,7 +53931,7 @@ }, { "condition": "ec2:AllocationId", - "description": "Filters access by the Allocation Id of the Elastic Ip", + "description": "Filters access by the allocation ID of the Elastic IP address", "type": "String" }, { @@ -53528,7 +54006,7 @@ }, { "condition": "ec2:Domain", - "description": "Filters access by the domain of the Elastic Ip Address", + "description": "Filters access by the domain of the Elastic IP address", "type": "String" }, { @@ -53586,6 +54064,16 @@ "description": "Filters access by the type of instance", "type": "String" }, + { + "condition": "ec2:Ipv4IpamPoolId", + "description": "Filters access by the ID of an IPAM pool provided for IPv4 CIDR block allocation", + "type": "String" + }, + { + "condition": "ec2:Ipv6IpamPoolId", + "description": "Filters access by the ID of an IPAM pool provided for IPv6 CIDR block allocation", + "type": "String" + }, { "condition": "ec2:IsLaunchTemplateResource", "description": "Filters access by whether users are able to override resources that are specified in the launch template", @@ -53593,17 +54081,17 @@ }, { "condition": "ec2:KeyPairName", - "description": "Filters access by a key pair name", + "description": "Filters access by the name of a key pair", "type": "String" }, { "condition": "ec2:KeyPairType", - "description": "Filters access by a key pair type", + "description": "Filters access by the type of a key pair", "type": "String" }, { "condition": "ec2:KmsKeyId", - "description": "Filters access by an Id of your AWS Key Management Service", + "description": "Filters access by the ID of an AWS KMS key", "type": "String" }, { @@ -53723,7 +54211,7 @@ }, { "condition": "ec2:PublicIpAddress", - "description": "Filters access by the Public Ip", + "description": "Filters access by a public IP address", "type": "String" }, { @@ -54034,6 +54522,21 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to allocate a CIDR from an Amazon VPC IP Address Manager (IPAM) pool", + "privilege": "AllocateIpamPoolCidr", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-pool*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to apply a security group to the association between a Client VPN endpoint and a target network", @@ -54428,6 +54931,8 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", + "ec2:Ipv4IpamPoolId", + "ec2:Ipv6IpamPoolId", "ec2:Region", "ec2:ResourceTag/${TagKey}", "ec2:Tenancy" @@ -54435,6 +54940,14 @@ "dependent_actions": [], "resource_type": "vpc*" }, + { + "condition_keys": [ + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-pool" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", @@ -55463,6 +55976,76 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create an Amazon VPC IP Address Manager (IPAM)", + "privilege": "CreateIpam", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:Region" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "ipam*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an IP address pool for Amazon VPC IP Address Manager (IPAM), which is a collection of contiguous IP address CIDRs", + "privilege": "CreateIpamPool", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:Region" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "ipam-pool*" + }, + { + "condition_keys": [ + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-scope*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an Amazon VPC IP Address Manager (IPAM) scope, which is the highest-level container within IPAM", + "privilege": "CreateIpamScope", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "ipam*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "ipam-scope*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a 2048-bit RSA key pair", @@ -55682,6 +56265,24 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a Network Access Scope", + "privilege": "CreateNetworkInsightsAccessScope", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:Region" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "network-insights-access-scope*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a path to analyze for reachability", @@ -55857,6 +56458,24 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a public IPv4 address pool for public IPv4 CIDRs that you own and bring to Amazon to manage with Amazon VPC IP Address Manager (IPAM)", + "privilege": "CreatePublicIpv4Pool", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:Region" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "network-insights-access-scope*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a root volume replacement task", @@ -56396,6 +57015,30 @@ "dependent_actions": [], "resource_type": "internet-gateway" }, + { + "condition_keys": [ + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam" + }, + { + "condition_keys": [ + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-pool" + }, + { + "condition_keys": [ + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-scope" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", @@ -56507,6 +57150,22 @@ "dependent_actions": [], "resource_type": "network-acl" }, + { + "condition_keys": [ + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "network-insights-access-scope" + }, + { + "condition_keys": [ + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "network-insights-access-scope-analysis" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", @@ -57209,6 +57868,8 @@ "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", + "ec2:Ipv4IpamPoolId", + "ec2:Ipv6IpamPoolId", "ec2:Region" ], "dependent_actions": [ @@ -57216,6 +57877,14 @@ ], "resource_type": "vpc*" }, + { + "condition_keys": [ + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-pool" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", @@ -57646,6 +58315,51 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete an Amazon VPC IP Address Manager (IPAM) and remove all monitored data associated with the IPAM including the historical data for CIDRs", + "privilege": "DeleteIpam", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an Amazon VPC IP Address Manager (IPAM) pool", + "privilege": "DeleteIpamPool", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-pool*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the scope for an Amazon VPC IP Address Manager (IPAM)", + "privilege": "DeleteIpamScope", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-scope*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a key pair by removing the public key from Amazon EC2", @@ -57794,6 +58508,36 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a Network Access Scope", + "privilege": "DeleteNetworkInsightsAccessScope", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "network-insights-access-scope*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a Network Access Scope analysis", + "privilege": "DeleteNetworkInsightsAccessScopeAnalysis", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "network-insights-access-scope-analysis*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a network insights analysis", @@ -57883,6 +58627,22 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a public IPv4 address pool for public IPv4 CIDRs that you own and brought to Amazon to manage with Amazon VPC IP Address Manager (IPAM)", + "privilege": "DeletePublicIpv4Pool", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipv4pool-ec2*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete the queued purchases for the specified Reserved Instances", @@ -58204,6 +58964,30 @@ "dependent_actions": [], "resource_type": "internet-gateway" }, + { + "condition_keys": [ + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam" + }, + { + "condition_keys": [ + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-pool" + }, + { + "condition_keys": [ + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-scope" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", @@ -58312,6 +59096,22 @@ "dependent_actions": [], "resource_type": "network-acl" }, + { + "condition_keys": [ + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "network-insights-access-scope" + }, + { + "condition_keys": [ + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "network-insights-access-scope-analysis" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", @@ -58966,6 +59766,37 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to deprovision a CIDR provisioned from an Amazon VPC IP Address Manager (IPAM) pool", + "privilege": "DeprovisionIpamPoolCidr", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-pool*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to deprovision a CIDR from a public IPv4 pool", + "privilege": "DeprovisionPublicIpv4PoolCidr", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipv4pool-ec2*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to deregister an Amazon Machine Image (AMI)", @@ -59399,6 +60230,26 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to describe fast-launch enabled Windows AMIs", + "privilege": "DescribeFastLaunchImages", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ImageType", + "ec2:Owner", + "ec2:Public", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType" + ], + "dependent_actions": [], + "resource_type": "image" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe the state of fast snapshot restores for snapshots", @@ -59753,6 +60604,42 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to describe Amazon VPC IP Address Manager (IPAM) pools", + "privilege": "DescribeIpamPools", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe Amazon VPC IP Address Manager (IPAM) scopes", + "privilege": "DescribeIpamScopes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe an Amazon VPC IP Address Manager (IPAM)", + "privilege": "DescribeIpams", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to describe one or more IPv6 address pools", @@ -59921,6 +60808,30 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to describe one or more Network Access Scope analyses", + "privilege": "DescribeNetworkInsightsAccessScopeAnalyses", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the Network Access Scopes", + "privilege": "DescribeNetworkInsightsAccessScopes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to describe one or more network insights analyses", @@ -60185,6 +61096,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to describe the storage tier status for Amazon EBS snapshots", + "privilege": "DescribeSnapshotTierStatus", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to describe one or more EBS snapshots", @@ -60856,6 +61779,26 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to disable faster launching for Windows AMIs", + "privilege": "DisableFastLaunch", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ImageType", + "ec2:Owner", + "ec2:Public", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType" + ], + "dependent_actions": [], + "resource_type": "image" + } + ] + }, { "access_level": "Write", "description": "Grants permission to disable fast snapshot restores for one or more snapshots in specified Availability Zones", @@ -60898,6 +61841,20 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to disable an AWS Organizations member account as an Amazon VPC IP Address Manager (IPAM) admin account", + "privilege": "DisableIpamOrganizationAdminAccount", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "organizations:DeregisterDelegatedAdministrator" + ], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to disable access to the EC2 serial console of all instances for your account", @@ -61256,6 +62213,35 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to enable faster launching for Windows AMIs", + "privilege": "EnableFastLaunch", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ImageType", + "ec2:Owner", + "ec2:Public", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType" + ], + "dependent_actions": [], + "resource_type": "image" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "launch-template" + } + ] + }, { "access_level": "Write", "description": "Grants permission to enable fast snapshot restores for one or more snapshots in specified Availability Zones", @@ -61298,6 +62284,22 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to enable an AWS Organizations member account as an Amazon VPC IP Address Manager (IPAM) admin account", + "privilege": "EnableIpamOrganizationAdminAccount", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iam:CreateServiceLinkedRole", + "organizations:EnableAWSServiceAccess", + "organizations:RegisterDelegatedAdministrator" + ], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to enable access to the EC2 serial console of all instances for your account", @@ -61676,6 +62678,86 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to view a list of instance types with specified instance attributes", + "privilege": "GetInstanceTypesFromInstanceRequirements", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve historical information about a CIDR within an Amazon VPC IP Address Manager (IPAM) scope", + "privilege": "GetIpamAddressHistory", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-scope*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a list of all the CIDR allocations in an Amazon VPC IP Address Manager (IPAM) pool", + "privilege": "GetIpamPoolAllocations", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-pool*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the CIDRs provisioned to an Amazon VPC IP Address Manager (IPAM) pool", + "privilege": "GetIpamPoolCidrs", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-pool*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get information about the resources in an Amazon VPC IP Address Manager (IPAM) scope", + "privilege": "GetIpamResourceCidrs", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-pool*" + }, + { + "condition_keys": [ + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-scope*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get the configuration data of the specified instance for use with a new launch template or launch template version", @@ -61735,6 +62817,30 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get the findings for one or more Network Access Scope analyses", + "privilege": "GetNetworkInsightsAccessScopeAnalysisFindings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the content for a specified Network Access Scope", + "privilege": "GetNetworkInsightsAccessScopeContent", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve the encrypted administrator password for a running Windows instance", @@ -61786,6 +62892,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to calculate the Spot placement score for a Region or Availability Zone based on the specified target capacity and compute requirements", + "privilege": "GetSpotPlacementScores", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve information about the subnet CIDR reservations", @@ -62110,6 +63228,28 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list the Amazon EBS snapshots that are currently in the Recycle Bin", + "privilege": "ListSnapshotsInRecycleBin", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:Encrypted", + "ec2:Owner", + "ec2:ParentVolume", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:SnapshotTime", + "ec2:VolumeSize" + ], + "dependent_actions": [], + "resource_type": "snapshot" + } + ] + }, { "access_level": "Write", "description": "Grants permission to modify an attribute of the specified Elastic IP address", @@ -62647,6 +63787,66 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to modify the configurations of an Amazon VPC IP Address Manager (IPAM)", + "privilege": "ModifyIpam", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the configurations of an Amazon VPC IP Address Manager (IPAM) pool", + "privilege": "ModifyIpamPool", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-pool*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the configurations of an Amazon VPC IP Address Manager (IPAM) resource CIDR", + "privilege": "ModifyIpamResourceCidr", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-scope*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the configurations of an Amazon VPC IP Address Manager (IPAM) scope", + "privilege": "ModifyIpamScope", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-scope*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to modify a launch template", @@ -62731,6 +63931,35 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to modify the options for instance hostnames for the specified instance", + "privilege": "ModifyPrivateDnsNameOptions", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute/${AttributeName}", + "ec2:AvailabilityZone", + "ec2:EbsOptimized", + "ec2:InstanceMarketType", + "ec2:InstanceProfile", + "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", + "ec2:NewInstanceProfile", + "ec2:PlacementGroup", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType", + "ec2:Tenancy" + ], + "dependent_actions": [], + "resource_type": "instance*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to modify attributes of one or more Reserved Instances", @@ -62808,6 +64037,29 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to archive Amazon EBS snapshots", + "privilege": "ModifySnapshotTier", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute/${AttributeName}", + "ec2:AvailabilityZone", + "ec2:Encrypted", + "ec2:Owner", + "ec2:ParentVolume", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:SnapshotTime", + "ec2:VolumeSize" + ], + "dependent_actions": [], + "resource_type": "snapshot*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to modify a Spot Fleet request", @@ -63184,6 +64436,23 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to modify the payer responsibility for a VPC endpoint service", + "privilege": "ModifyVpcEndpointServicePayerResponsibility", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute/${AttributeName}", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "vpc-endpoint-service*" + } + ] + }, { "access_level": "Permissions management", "description": "Grants permission to modify the permissions for a VPC endpoint service", @@ -63379,6 +64648,21 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to move a BYOIP IPv4 CIDR to Amazon VPC IP Address Manager (IPAM) from a public IPv4 pool", + "privilege": "MoveByoipCidrToIpam", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-pool" + } + ] + }, { "access_level": "Write", "description": "Grants permission to provision an address range for use in AWS through bring your own IP addresses (BYOIP), and to create a corresponding address pool", @@ -63391,6 +64675,45 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to provision a CIDR to an Amazon VPC IP Address Manager (IPAM) pool", + "privilege": "ProvisionIpamPoolCidr", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-pool*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to provision a CIDR to a public IPv4 pool", + "privilege": "ProvisionPublicIpv4PoolCidr", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-pool*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipv4pool-ec2" + } + ] + }, { "access_level": "Write", "description": "Grants permission to purchase a reservation with configurations that match those of a Dedicated Host", @@ -63687,6 +65010,21 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to release an allocation within an Amazon VPC IP Address Manager (IPAM) pool", + "privilege": "ReleaseIpamPoolAllocation", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-pool*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to replace an IAM instance profile for an instance", @@ -64337,6 +65675,50 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to restore an Amazon EBS snapshot from the Recycle Bin", + "privilege": "RestoreSnapshotFromRecycleBin", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:Encrypted", + "ec2:Owner", + "ec2:ParentVolume", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:SnapshotTime", + "ec2:VolumeSize" + ], + "dependent_actions": [], + "resource_type": "snapshot*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to restore an archived Amazon EBS snapshot for use temporarily or permanently, or modify the restore period or restore type for a snapshot that was previously temporarily restored", + "privilege": "RestoreSnapshotTier", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:Encrypted", + "ec2:Owner", + "ec2:ParentVolume", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:SnapshotTime", + "ec2:VolumeSize" + ], + "dependent_actions": [], + "resource_type": "snapshot*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to remove an inbound authorization rule from a Client VPN endpoint", @@ -64782,6 +66164,23 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to start a Network Access Scope analysis", + "privilege": "StartNetworkInsightsAccessScopeAnalysis", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "network-insights-access-scope" + } + ] + }, { "access_level": "Write", "description": "Grants permission to start analyzing a specified path", @@ -65307,6 +66706,36 @@ ], "resource": "internet-gateway" }, + { + "arn": "arn:${Partition}:ec2::${Account}:ipam/${IpamId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "ipam" + }, + { + "arn": "arn:${Partition}:ec2::${Account}:ipam-pool/${IpamPoolId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "ipam-pool" + }, + { + "arn": "arn:${Partition}:ec2::${Account}:ipam-scope/${IpamScopeId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "ipam-scope" + }, { "arn": "arn:${Partition}:ec2:${Region}:${Account}:ipv4pool-ec2/${Ipv4PoolEc2Id}", "condition_keys": [ @@ -65447,6 +66876,26 @@ ], "resource": "network-acl" }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:network-insights-access-scope-analysis/${NetworkInsightsAccessScopeAnalysisId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "network-insights-access-scope-analysis" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:network-insights-access-scope/${NetworkInsightsAccessScopeId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "network-insights-access-scope" + }, { "arn": "arn:${Partition}:ec2:${Region}:${Account}:network-insights-analysis/${NetworkInsightsAnalysisId}", "condition_keys": [ @@ -65814,6 +67263,8 @@ "aws:ResourceTag/${TagKey}", "aws:TagKeys", "ec2:Attribute/${AttributeName}", + "ec2:Ipv4IpamPoolId", + "ec2:Ipv6IpamPoolId", "ec2:Region", "ec2:ResourceTag/${TagKey}", "ec2:Tenancy" @@ -68182,14 +69633,14 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to deregister an External cluster", "privilege": "DeregisterCluster", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "cluster*" } ] }, @@ -68413,6 +69864,21 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to register an External cluster", + "privilege": "RegisterCluster", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Tagging", "description": "Grants permission to tag the specified resource", @@ -71550,6 +73016,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a new replication configuration", + "privilege": "CreateReplicationConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "file-system*" + } + ] + }, { "access_level": "Tagging", "description": "Grants permission to create or overwrite tags associated with a file system; deprecated, see TagResource", @@ -71618,6 +73096,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a replication configuration", + "privilege": "DeleteReplicationConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "file-system*" + } + ] + }, { "access_level": "Tagging", "description": "Grants permission to delete the specified tags from a file system; deprecated, see UntagResource", @@ -71743,6 +73233,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to view the description of an Amazon EFS replication configuration specified by FileSystemId; or to view the description of all replication configurations owned by the caller's AWS account in the AWS region of the endpoint that is being called", + "privilege": "DescribeReplicationConfigurations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "file-system" + } + ] + }, { "access_level": "Read", "description": "Grants permission to view the tags associated with a file system", @@ -83128,11 +84630,6 @@ "description": "Grants permission to create a geofence-collection", "privilege": "CreateGeofenceCollection", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "geofence-collection*" - }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -83148,11 +84645,6 @@ "description": "Grants permission to create a map resource", "privilege": "CreateMap", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "map*" - }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -83168,11 +84660,6 @@ "description": "Grants permission to create a place index resource", "privilege": "CreatePlaceIndex", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "place-index*" - }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -83188,11 +84675,6 @@ "description": "Grants permission to create a route calculator resource", "privilege": "CreateRouteCalculator", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "route-calculator*" - }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -83208,11 +84690,6 @@ "description": "Grants permission to create a tracker resource", "privilege": "CreateTracker", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "tracker*" - }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -83381,7 +84858,7 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve the geofence details from a geofence-collection.", + "description": "Grants permission to retrieve the geofence details from a geofence-collection", "privilege": "GetGeofence", "resource_types": [ { @@ -83591,6 +85068,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to generate suggestions for addresses and points of interest based on partial or misspelled free-form text", + "privilege": "SearchPlaceIndexForSuggestions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "place-index*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to geocode free-form text, such as an address, name, city or region", @@ -83685,7 +85174,7 @@ }, { "access_level": "Write", - "description": "Grants permission to update the description of a geofence collection", + "description": "Grants permission to update a geofence collection", "privilege": "UpdateGeofenceCollection", "resource_types": [ { @@ -83696,44 +85185,44 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to update a map resource", "privilege": "UpdateMap", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "map*" } ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to update a place index resource", "privilege": "UpdatePlaceIndex", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "place-index*" } ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to update a route calculator resource", "privilege": "UpdateRouteCalculator", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "route-calculator*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the description of a tracker resource", + "description": "Grants permission to update a tracker resource", "privilege": "UpdateTracker", "resource_types": [ { @@ -84879,17 +86368,17 @@ { "condition": "glue:SecurityGroupIds", "description": "Filters access by the ID of security groups configured for the Glue job", - "type": "String" + "type": "ArrayOfString" }, { "condition": "glue:SubnetIds", "description": "Filters access by the ID of subnets configured for the Glue job", - "type": "String" + "type": "ArrayOfString" }, { "condition": "glue:VpcIds", "description": "Filters access by the ID of the VPC configured for the Glue job", - "type": "String" + "type": "ArrayOfString" } ], "prefix": "glue", @@ -84996,23 +86485,18 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "table*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "tableversion*" } ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Read", + "description": "Grants permission to retrieve one or more blueprints", "privilege": "BatchGetBlueprints", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "blueprint*" } ] }, @@ -85024,7 +86508,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "crawler*" } ] }, @@ -85036,7 +86520,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "devendpoint*" } ] }, @@ -85048,7 +86532,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "job*" } ] }, @@ -85082,7 +86566,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "trigger*" } ] }, @@ -85094,7 +86578,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "workflow*" } ] }, @@ -85110,6 +86594,28 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update one or more partitions", + "privilege": "BatchUpdatePartition", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "catalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to stop a running ML Task Run", @@ -85122,6 +86628,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to cancel a statement in an interactive session", + "privilege": "CancelStatement", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "session*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve a check the validity of schema version", @@ -85135,12 +86653,15 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to create a blueprint", "privilege": "CreateBlueprint", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -85169,9 +86690,12 @@ "resource_type": "catalog*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "connection*" + "resource_type": "" } ] }, @@ -85199,11 +86723,6 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "catalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "database*" } ] }, @@ -85246,7 +86765,10 @@ "privilege": "CreateMLTransform", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -85274,6 +86796,28 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a specified partition index in an existing table", + "privilege": "CreatePartitionIndex", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "catalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a new schema registry", @@ -85327,6 +86871,21 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create an interactive session", + "privilege": "CreateSession", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a table", @@ -85341,11 +86900,6 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "database*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" } ] }, @@ -85378,11 +86932,6 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "database*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "userdefinedfunction*" } ] }, @@ -85402,14 +86951,14 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to delete a blueprint", "privilege": "DeleteBlueprint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "blueprint*" } ] }, @@ -85425,6 +86974,50 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete the partition column statistics of a column", + "privilege": "DeleteColumnStatisticsForPartition", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "catalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the table statistics of columns", + "privilege": "DeleteColumnStatisticsForTable", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "catalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a connection", @@ -85450,7 +87043,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "crawler*" } ] }, @@ -85468,6 +87061,16 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "userdefinedfunction*" } ] }, @@ -85479,7 +87082,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "devendpoint*" } ] }, @@ -85491,7 +87094,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "job*" } ] }, @@ -85529,6 +87132,28 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a specified partition index from an existing table", + "privilege": "DeletePartitionIndex", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "catalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a schema registry", @@ -85599,6 +87224,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete an interactive session after stopping the session if not already stopped", + "privilege": "DeleteSession", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "session*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a table", @@ -85640,11 +87277,6 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "table*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "tableversion*" } ] }, @@ -85656,7 +87288,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "trigger*" } ] }, @@ -85690,43 +87322,43 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "workflow*" } ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Read", + "description": "Grants permission to retrieve a blueprint", "privilege": "GetBlueprint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "blueprint*" } ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Read", + "description": "Grants permission to retrieve a blueprint run", "privilege": "GetBlueprintRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "blueprint*" } ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Read", + "description": "Grants permission to retrieve all runs of a blueprint", "privilege": "GetBlueprintRuns", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "blueprint*" } ] }, @@ -85766,6 +87398,50 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve partition statistics of columns", + "privilege": "GetColumnStatisticsForPartition", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "catalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve table statistics of columns", + "privilege": "GetColumnStatisticsForTable", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "catalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve a connection", @@ -85808,7 +87484,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "crawler*" } ] }, @@ -85844,7 +87520,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "catalog*" } ] }, @@ -85902,7 +87578,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "devendpoint*" } ] }, @@ -85926,7 +87602,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "job*" } ] }, @@ -86022,7 +87698,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "mlTransform*" } ] }, @@ -86222,6 +87898,30 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve an interactive session", + "privilege": "GetSession", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "session*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve result and information about a statement in an interactive session", + "privilege": "GetStatement", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "session*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve a table", @@ -86263,11 +87963,6 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "table*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "tableversion*" } ] }, @@ -86290,11 +87985,6 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "table*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "tableversion*" } ] }, @@ -86360,7 +88050,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "trigger*" } ] }, @@ -86378,7 +88068,7 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve a function definition.", + "description": "Grants permission to retrieve a function definition", "privilege": "GetUserDefinedFunction", "resource_types": [ { @@ -86428,7 +88118,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "workflow*" } ] }, @@ -86440,7 +88130,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "workflow*" } ] }, @@ -86452,7 +88142,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "workflow*" } ] }, @@ -86464,7 +88154,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "workflow*" } ] }, @@ -86481,8 +88171,8 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "List", + "description": "Grants permission to retrieve all blueprints", "privilege": "ListBlueprints", "resource_types": [ { @@ -86536,7 +88226,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "mlTransform*" } ] }, @@ -86581,6 +88271,30 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to retrieve a list of interactive session", + "privilege": "ListSessions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve a list of statements in an interactive session", + "privilege": "ListStatements", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "session*" + } + ] + }, { "access_level": "List", "description": "Grants permission to retrieve all triggers", @@ -86625,7 +88339,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "catalog*" } ] }, @@ -86666,7 +88380,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "workflow*" } ] }, @@ -86741,7 +88455,19 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "workflow*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to run a code or statement in an interactive session", + "privilege": "RunStatement", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "session*" } ] }, @@ -86768,14 +88494,14 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to start running a blueprint", "privilege": "StartBlueprintRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "blueprint*" } ] }, @@ -86787,7 +88513,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "crawler*" } ] }, @@ -86871,7 +88597,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "trigger*" } ] }, @@ -86883,7 +88609,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "workflow*" } ] }, @@ -86895,7 +88621,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "crawler*" } ] }, @@ -86911,6 +88637,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to stop an interactive session", + "privilege": "StopSession", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "session*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to stop a trigger", @@ -86919,7 +88657,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "trigger*" } ] }, @@ -86931,7 +88669,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "workflow*" } ] }, @@ -87007,7 +88745,8 @@ }, { "condition_keys": [ - "aws:TagKeys" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -87015,14 +88754,14 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to update a blueprint", "privilege": "UpdateBlueprint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "blueprint*" } ] }, @@ -87038,6 +88777,50 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update partition statistics of columns", + "privilege": "UpdateColumnStatisticsForPartition", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "catalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update table statistics of columns", + "privilege": "UpdateColumnStatisticsForTable", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "catalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update a connection", @@ -87063,7 +88846,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "crawler*" } ] }, @@ -87104,7 +88887,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "devendpoint*" } ] }, @@ -87113,6 +88896,11 @@ "description": "Grants permission to update a job", "privilege": "UpdateJob", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "job*" + }, { "condition_keys": [ "glue:VpcIds", @@ -87217,7 +89005,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "trigger*" } ] }, @@ -87251,7 +89039,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "workflow*" } ] }, @@ -87334,6 +89122,13 @@ ], "resource": "workflow" }, + { + "arn": "arn:${Partition}:glue:${Region}:${Account}:blueprint/${BlueprintName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "blueprint" + }, { "arn": "arn:${Partition}:glue:${Region}:${Account}:mlTransform/${TransformId}", "condition_keys": [ @@ -87354,6 +89149,13 @@ "aws:ResourceTag/${TagKey}" ], "resource": "schema" + }, + { + "arn": "arn:${Partition}:glue:${Region}:${Account}:session/${SessionId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "session" } ], "service_name": "AWS Glue" @@ -100985,17 +102787,17 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the tags that are passed in the request", + "description": "Filters access by the tags that are passed in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on the tags associated with the resource", + "description": "Filters access by the tags associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters actions based on the tag keys that are passed in the request", + "description": "Filters access by the tag keys that are passed in the request", "type": "String" } ], @@ -101024,13 +102826,13 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "suitedefinition*" + "resource_type": "Suitedefinition*" } ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Read", + "description": "Grants permission to get a Device Advisor endpoint", "privilege": "GetEndpoint", "resource_types": [ { @@ -101048,7 +102850,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "suitedefinition*" + "resource_type": "Suitedefinition*" } ] }, @@ -101060,7 +102862,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "suiterun*" + "resource_type": "Suiterun*" } ] }, @@ -101072,7 +102874,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "suiterun*" + "resource_type": "Suiterun*" } ] }, @@ -101096,7 +102898,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "suitedefinition*" + "resource_type": "Suitedefinition*" } ] }, @@ -101108,12 +102910,12 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "suitedefinition" + "resource_type": "Suitedefinition" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "suiterun" + "resource_type": "Suiterun" } ] }, @@ -101140,7 +102942,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "suiterun*" + "resource_type": "Suiterun*" } ] }, @@ -101152,12 +102954,12 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "suitedefinition" + "resource_type": "Suitedefinition" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "suiterun" + "resource_type": "Suiterun" }, { "condition_keys": [ @@ -101177,12 +102979,12 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "suitedefinition" + "resource_type": "Suitedefinition" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "suiterun" + "resource_type": "Suiterun" }, { "condition_keys": [ @@ -101201,25 +103003,25 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "suitedefinition*" + "resource_type": "Suitedefinition*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:iotdeviceadvisor:${Region}:${Account}:suitedefinition/${suiteDefinitionId}", + "arn": "arn:${Partition}:iotdeviceadvisor:${Region}:${Account}:suitedefinition/${SuiteDefinitionId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "suitedefinition" + "resource": "Suitedefinition" }, { - "arn": "arn:${Partition}:iotdeviceadvisor:${Region}:${Account}:suiterun/${suiteDefinitionId}/${suiteRunId}", + "arn": "arn:${Partition}:iotdeviceadvisor:${Region}:${Account}:suiterun/${SuiteDefinitionId}/${SuiteRunId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "suiterun" + "resource": "Suiterun" } ], "service_name": "AWS IoT Core Device Advisor" @@ -105762,6 +107564,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete QueuedMessages", + "privilege": "DeleteQueuedMessages", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a ServiceProfile", @@ -106257,6 +108071,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to list the Queued Messages", + "privilege": "ListQueuedMessages", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to list information of available ServiceProfiles based on the AWS account", @@ -107803,6 +109629,21 @@ "aws:ResourceTag/${TagKey}" ], "resource": "cluster" + }, + { + "arn": "arn:${Partition}:kafka:${Region}:${Account}:topic/${ClusterName}/${ClusterUuid}/${TopicName}", + "condition_keys": [], + "resource": "topic" + }, + { + "arn": "arn:${Partition}:kafka:${Region}:${Account}:group/${ClusterName}/${ClusterUuid}/${GroupName}", + "condition_keys": [], + "resource": "group" + }, + { + "arn": "arn:${Partition}:kafka:${Region}:${Account}:transactional-id/${ClusterName}/${ClusterUuid}/${TransactionalId}", + "condition_keys": [], + "resource": "transactional-id" } ], "service_name": "Amazon Managed Streaming for Apache Kafka" @@ -110523,12 +112364,12 @@ }, { "condition": "kms:CustomerMasterKeySpec", - "description": "The kms:CustomerMasterKeySpec condition key is deprecated. Instead, use the kms:KeySpec condition key.", + "description": "The kms:CustomerMasterKeySpec condition key is deprecated. Instead, use the kms:KeySpec condition key", "type": "String" }, { "condition": "kms:CustomerMasterKeyUsage", - "description": "The kms:CustomerMasterKeyUsage condition key is deprecated. Instead, use the kms:KeyUsage condition key.", + "description": "The kms:CustomerMasterKeyUsage condition key is deprecated. Instead, use the kms:KeyUsage condition key", "type": "String" }, { @@ -110541,9 +112382,14 @@ "description": "Filters access to encryption operations based on the value of the encryption algorithm in the request", "type": "String" }, + { + "condition": "kms:EncryptionContext:${EncryptionContextKey}", + "description": "Filters access to a symmetric AWS KMS key based on the encryption context in a cryptographic operation. This condition evaluates the key and value in each key-value encryption context pair", + "type": "String" + }, { "condition": "kms:EncryptionContextKeys", - "description": "Filters access based on the presence of specified keys in the encryption context. The encryption context is an optional element in a cryptographic operation", + "description": "Filters access to a symmetric AWS KMS key based on the encryption context in a cryptographic operation. This condition key evaluates only the key in each key-value encryption context pair", "type": "ArrayOfString" }, { @@ -110611,6 +112457,11 @@ "description": "Filters access to the ReEncrypt operation when it uses the same AWS KMS key that was used for the Encrypt operation", "type": "Bool" }, + { + "condition": "kms:RecipientAttestation:ImageSha384", + "description": "Filters access to the Decrypt, GenerateDataKey, and GenerateRandom operations based on the image hash in the attestation document in the request", + "type": "String" + }, { "condition": "kms:ReplicaRegion", "description": "Filters access to the ReplicateKey operation based on the value of the ReplicaRegion parameter in the request", @@ -110791,7 +112642,9 @@ "condition_keys": [ "kms:CallerAccount", "kms:EncryptionAlgorithm", + "kms:EncryptionContext:${EncryptionContextKey}", "kms:EncryptionContextKeys", + "kms:RecipientAttestation:ImageSha384", "kms:RequestAlias", "kms:ViaService" ], @@ -111002,6 +112855,7 @@ "condition_keys": [ "kms:CallerAccount", "kms:EncryptionAlgorithm", + "kms:EncryptionContext:${EncryptionContextKey}", "kms:EncryptionContextKeys", "kms:RequestAlias", "kms:ViaService" @@ -111025,7 +112879,9 @@ "condition_keys": [ "kms:CallerAccount", "kms:EncryptionAlgorithm", + "kms:EncryptionContext:${EncryptionContextKey}", "kms:EncryptionContextKeys", + "kms:RecipientAttestation:ImageSha384", "kms:RequestAlias", "kms:ViaService" ], @@ -111049,6 +112905,7 @@ "kms:CallerAccount", "kms:DataKeyPairSpec", "kms:EncryptionAlgorithm", + "kms:EncryptionContext:${EncryptionContextKey}", "kms:EncryptionContextKeys", "kms:RequestAlias", "kms:ViaService" @@ -111073,6 +112930,7 @@ "kms:CallerAccount", "kms:DataKeyPairSpec", "kms:EncryptionAlgorithm", + "kms:EncryptionContext:${EncryptionContextKey}", "kms:EncryptionContextKeys", "kms:RequestAlias", "kms:ViaService" @@ -111096,6 +112954,7 @@ "condition_keys": [ "kms:CallerAccount", "kms:EncryptionAlgorithm", + "kms:EncryptionContext:${EncryptionContextKey}", "kms:EncryptionContextKeys", "kms:RequestAlias", "kms:ViaService" @@ -111111,7 +112970,9 @@ "privilege": "GenerateRandom", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "kms:RecipientAttestation:ImageSha384" + ], "dependent_actions": [], "resource_type": "" } @@ -111354,6 +113215,7 @@ "condition_keys": [ "kms:CallerAccount", "kms:EncryptionAlgorithm", + "kms:EncryptionContext:${EncryptionContextKey}", "kms:EncryptionContextKeys", "kms:ReEncryptOnSameKey", "kms:RequestAlias", @@ -111378,6 +113240,7 @@ "condition_keys": [ "kms:CallerAccount", "kms:EncryptionAlgorithm", + "kms:EncryptionContext:${EncryptionContextKey}", "kms:EncryptionContextKeys", "kms:ReEncryptOnSameKey", "kms:RequestAlias", @@ -111666,7 +113529,7 @@ "privileges": [ { "access_level": "Tagging", - "description": "Grants permission to attach lakeformation tags to catalog resources", + "description": "Grants permission to attach Lake Formation tags to catalog resources", "privilege": "AddLFTagsToResource", "resource_types": [ { @@ -111701,8 +113564,8 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to cancel the given transaction", "privilege": "CancelTransaction", "resource_types": [ { @@ -111713,8 +113576,8 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to commit the given transaction", "privilege": "CommitTransaction", "resource_types": [ { @@ -111726,7 +113589,19 @@ }, { "access_level": "Write", - "description": "Grants permission to create a Lakeformation tag", + "description": "Grants permission to create a Lake Formation data cell filter", + "privilege": "CreateDataCellsFilter", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a Lake Formation tag", "privilege": "CreateLFTag", "resource_types": [ { @@ -111738,7 +113613,19 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a Lakeformation tag", + "description": "Grants permission to delete a Lake Formation data cell filter", + "privilege": "DeleteDataCellsFilter", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a Lake Formation tag", "privilege": "DeleteLFTag", "resource_types": [ { @@ -111749,8 +113636,8 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to delete the specified objects if the transaction is canceled", "privilege": "DeleteObjectsOnCancel", "resource_types": [ { @@ -111785,8 +113672,8 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Read", + "description": "Grants permission to get status of the given transaction", "privilege": "DescribeTransaction", "resource_types": [ { @@ -111797,8 +113684,8 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to extend the timeout of the given transaction", "privilege": "ExtendTransaction", "resource_types": [ { @@ -111834,7 +113721,7 @@ }, { "access_level": "Read", - "description": "Grants permission to retrive permissions attached to resources in the given path", + "description": "Grants permission to retrieve permissions attached to resources in the given path", "privilege": "GetEffectivePermissionsForPath", "resource_types": [ { @@ -111846,7 +113733,7 @@ }, { "access_level": "Read", - "description": "Grants permission to retrive a Lakeformation tag", + "description": "Grants permission to retrieve a Lake Formation tag", "privilege": "GetLFTag", "resource_types": [ { @@ -111857,25 +113744,29 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Read", + "description": "Grants permission to retrieve the state of the given query", "privilege": "GetQueryState", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "lakeformation:StartQueryPlanning" + ], "resource_type": "" } ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Read", + "description": "Grants permission to retrieve the statistics for the given query", "privilege": "GetQueryStatistics", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "lakeformation:StartQueryPlanning" + ], "resource_type": "" } ] @@ -111893,8 +113784,8 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Read", + "description": "Grants permission to retrieve objects from a table", "privilege": "GetTableObjects", "resource_types": [ { @@ -111905,13 +113796,30 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Read", + "description": "Grants permission to retrieve the results for the given work units", + "privilege": "GetWorkUnitResults", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "lakeformation:GetWorkUnits", + "lakeformation:StartQueryPlanning" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the work units for the given query", "privilege": "GetWorkUnits", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "lakeaformation:StartQueryPlanning" + ], "resource_type": "" } ] @@ -111929,8 +113837,8 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "List", + "description": "Grants permission to list cell filters", "privilege": "ListDataCellsFilter", "resource_types": [ { @@ -111942,7 +113850,7 @@ }, { "access_level": "Read", - "description": "Grants permission to list Lakeformation tags", + "description": "Grants permission to list Lake Formation tags", "privilege": "ListLFTags", "resource_types": [ { @@ -111977,8 +113885,8 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "List", + "description": "Grants permission to list all the storage optimizers for the Governed table", "privilege": "ListTableStorageOptimizers", "resource_types": [ { @@ -111989,8 +113897,8 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "List", + "description": "Grants permission to list all transactions in the system", "privilege": "ListTransactions", "resource_types": [ { @@ -112050,7 +113958,7 @@ }, { "access_level": "Read", - "description": "Grants permission to list catalog databases with lakeformation tags", + "description": "Grants permission to list catalog databases with Lake Formation tags", "privilege": "SearchDatabasesByLFTags", "resource_types": [ { @@ -112062,7 +113970,7 @@ }, { "access_level": "Read", - "description": "Grants permission to list catalog tables with lakeformation tags", + "description": "Grants permission to list catalog tables with Lake Formation tags", "privilege": "SearchTablesByLFTags", "resource_types": [ { @@ -112073,8 +113981,20 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to initiate the planning of the given query", + "privilege": "StartQueryPlanning", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start a new transaction", "privilege": "StartTransaction", "resource_types": [ { @@ -112086,7 +114006,7 @@ }, { "access_level": "Write", - "description": "Grants permission to update a Lakeformation tag", + "description": "Grants permission to update a Lake Formation tag", "privilege": "UpdateLFTag", "resource_types": [ { @@ -112109,8 +114029,8 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to add or delete the specified objects to or from a table", "privilege": "UpdateTableObjects", "resource_types": [ { @@ -112119,6 +114039,18 @@ "resource_type": "" } ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the configuration of the storage optimizer for the Governed table", + "privilege": "UpdateTableStorageOptimizer", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] } ], "resources": [], @@ -113973,6 +115905,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a new custom vocabulary in an existing bot locale", + "privilege": "CreateCustomVocabulary", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create an export for an existing resource", @@ -114078,6 +116022,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete an existing custom vocabulary in a bot locale", + "privilege": "DeleteCustomVocabulary", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete an existing export", @@ -114203,6 +116159,30 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve an existing custom vocabulary", + "privilege": "DescribeCustomVocabulary", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve metadata of an existing custom vocabulary", + "privilege": "DescribeCustomVocabularyMetadata", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve an existing export", @@ -114578,6 +116558,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update an existing custom vocabulary", + "privilege": "UpdateCustomVocabulary", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update an existing export", @@ -118713,6 +120705,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to deactivate an anomaly detector", + "privilege": "DeactivateAnomalyDetector", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "AnomalyDetector*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete an alert", @@ -118857,6 +120861,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to get a list of related measures in an anomaly group", + "privilege": "ListAnomalyGroupRelatedMetrics", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "AnomalyDetector*" + } + ] + }, { "access_level": "List", "description": "Grants permission to get a list of anomaly groups", @@ -119161,6 +121177,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to show detailed information about a model packaging job", + "privilege": "DescribeModelPackagingJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to show detailed information about a project", @@ -119209,6 +121237,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list all model packaging jobs associated with a project", + "privilege": "ListModelPackagingJobs", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list all models associated with a project", @@ -119269,6 +121309,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to start a model packaging job", + "privilege": "StartModelPackagingJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "model*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to start bulk detection of anomalies for a set of images stored in an S3 bucket", @@ -124105,16 +126157,35 @@ "service_name": "AWS Elemental MediaPackage VOD" }, { - "conditions": [], + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "String" + } + ], "prefix": "mediastore", "privileges": [ { "access_level": "Write", - "description": "Grants permission to create containers.", + "description": "Grants permission to create a container", "privilege": "CreateContainer", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } @@ -124122,163 +126193,163 @@ }, { "access_level": "Write", - "description": "Grants permission to delete any container in the current account.", + "description": "Grants permission to delete a container", "privilege": "DeleteContainer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "container*" } ] }, { "access_level": "Permissions management", - "description": "Grants permission to delete the access policy of any container in the current account.", + "description": "Grants permission to delete the access policy of a container", "privilege": "DeleteContainerPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "container*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the CORS policy from any container in the current account.", + "description": "Grants permission to delete the CORS policy from a container", "privilege": "DeleteCorsPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "container*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the lifecycle policy from any container in the current account.", + "description": "Grants permission to delete the lifecycle policy from a container", "privilege": "DeleteLifecyclePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "container*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the metric policy from any container in the current account.", + "description": "Grants permission to delete the metric policy from a container", "privilege": "DeleteMetricPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "container*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete objects.", + "description": "Grants permission to delete an object", "privilege": "DeleteObject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "object*" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve details on any container in the current account.", + "description": "Grants permission to retrieve details on a container", "privilege": "DescribeContainer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "container*" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve object metadata.", + "description": "Grants permission to retrieve metadata for an object", "privilege": "DescribeObject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "object*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the access policy of any container in the current account.", + "description": "Grants permission to retrieve the access policy of a container", "privilege": "GetContainerPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "container*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the CORS policy of any container in the current account.", + "description": "Grants permission to retrieve the CORS policy of a container", "privilege": "GetCorsPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "container*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the lifecycle policy that is assigned to any container in the current account.", + "description": "Grants permission to retrieve the lifecycle policy that is assigned to a container", "privilege": "GetLifecyclePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "container*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the metric policy that is assigned to any container in the current account.", + "description": "Grants permission to retrieve the metric policy that is assigned to a container", "privilege": "GetMetricPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "container*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve objects.", + "description": "Grants permission to retrieve an object", "privilege": "GetObject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "object*" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve a list of containers in the current account.", + "description": "Grants permission to retrieve a list of containers in the current account", "privilege": "ListContainers", "resource_types": [ { @@ -124290,132 +126361,150 @@ }, { "access_level": "List", - "description": "Grants permission to retrieve a list of objects and folders in the current account.", + "description": "Grants permission to retrieve a list of objects and subfolders that are stored in a folder", "privilege": "ListItems", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "folder" } ] }, { "access_level": "Read", - "description": "Grants permission to list tags on any container in the current account.", + "description": "Grants permission to list tags on a container", "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "container" } ] }, { "access_level": "Permissions management", - "description": "Grants permission to create or replace the access policy of any container in the current account.", + "description": "Grants permission to create or replace the access policy of a container", "privilege": "PutContainerPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "container*" } ] }, { "access_level": "Write", - "description": "Grants permission to add or modify the CORS policy of any container in the current account.", + "description": "Grants permission to add or modify the CORS policy of a container", "privilege": "PutCorsPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "container*" } ] }, { "access_level": "Write", - "description": "Grants permission to add or modify the lifecycle policy that is assigned to any container in the current account.", + "description": "Grants permission to add or modify the lifecycle policy that is assigned to a container", "privilege": "PutLifecyclePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "container*" } ] }, { "access_level": "Write", - "description": "Grants permission to add or modify the metric policy that is assigned to any container in the current account.", + "description": "Grants permission to add or modify the metric policy that is assigned to a container", "privilege": "PutMetricPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "container*" } ] }, { "access_level": "Write", - "description": "Grants permission to upload objects.", + "description": "Grants permission to upload an object", "privilege": "PutObject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "object*" } ] }, { "access_level": "Write", - "description": "Grants permission to enable access logging on any container in the current account.", + "description": "Grants permission to start access logging on a container", "privilege": "StartAccessLogging", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "container*" } ] }, { "access_level": "Write", - "description": "Grants permission to disable access logging on any container in the current account.", + "description": "Grants permission to stop access logging on a container", "privilege": "StopAccessLogging", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "container*" } ] }, { "access_level": "Tagging", - "description": "Grants permission to add tags to any container in the current account.", + "description": "Grants permission to add tags to a container", "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "container" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Tagging", - "description": "Grants permission to remove tags from any container in the current account.", + "description": "Grants permission to remove tags from a container", "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "container" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] @@ -124424,8 +126513,20 @@ "resources": [ { "arn": "arn:${Partition}:mediastore:${Region}:${Account}:container/${ContainerName}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "container" + }, + { + "arn": "arn:${Partition}:mediastore:${Region}:${Account}:container/${ContainerName}/${ObjectPath}", + "condition_keys": [], + "resource": "object" + }, + { + "arn": "arn:${Partition}:mediastore:${Region}:${Account}:container/${ContainerName}/${FolderPath}", + "condition_keys": [], + "resource": "folder" } ], "service_name": "AWS Elemental MediaStore" @@ -130328,6 +132429,23 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the high-level information about a rule group", + "privilege": "DescribeRuleGroupMetadata", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "StatefulRuleGroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "StatelessRuleGroup" + } + ] + }, { "access_level": "Write", "description": "Grants permission to disassociate VPC subnets from a firewall", @@ -132099,6 +134217,11 @@ "condition_keys": [], "dependent_actions": [ "ec2:CreateNetworkInterface", + "ec2:DescribeNatGateways", + "ec2:DescribeNetworkAcls", + "ec2:DescribeRouteTables", + "ec2:DescribeSubnets", + "ec2:DescribeVpcEndpoints", "ec2:RunInstances" ], "resource_type": "studio*" @@ -132838,7 +134961,13 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "ec2:DescribeNatGateways", + "ec2:DescribeNetworkAcls", + "ec2:DescribeRouteTables", + "ec2:DescribeSubnets", + "ec2:DescribeVpcEndpoints" + ], "resource_type": "launch-profile*" } ] @@ -135070,8 +137199,8 @@ "prefix": "outposts", "privileges": [ { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to cancel an order", "privilege": "CancelOrder", "resource_types": [ { @@ -135106,8 +137235,8 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to create a site", "privilege": "CreateSite", "resource_types": [ { @@ -135131,7 +137260,7 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an site", + "description": "Grants permission to delete a site", "privilege": "DeleteSite", "resource_types": [ { @@ -135142,8 +137271,8 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Read", + "description": "Grants permission to get a catalog item", "privilege": "GetCatalogItem", "resource_types": [ { @@ -135179,7 +137308,7 @@ }, { "access_level": "Read", - "description": "Grants permission to list the instance types for the specified Outpost", + "description": "Grants permission to get the instance types for the specified Outpost", "privilege": "GetOutpostInstanceTypes", "resource_types": [ { @@ -135190,8 +137319,8 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Read", + "description": "Grants permission to get a site", "privilege": "GetSite", "resource_types": [ { @@ -135202,8 +137331,8 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Read", + "description": "Grants permission to get a site address", "privilege": "GetSiteAddress", "resource_types": [ { @@ -135214,8 +137343,8 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "List", + "description": "Grants permission to list all catalog items", "privilege": "ListCatalogItems", "resource_types": [ { @@ -135226,8 +137355,8 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "List", + "description": "Grants permission to list the orders for your AWS account", "privilege": "ListOrders", "resource_types": [ { @@ -135275,7 +137404,7 @@ }, { "access_level": "Tagging", - "description": "Grants permission to add tags to a resource", + "description": "Grants permission to tag a resource", "privilege": "TagResource", "resource_types": [ { @@ -135287,7 +137416,7 @@ }, { "access_level": "Tagging", - "description": "Grants permission to remove tags from a resource", + "description": "Grants permission to untag a resource", "privilege": "UntagResource", "resource_types": [ { @@ -135298,8 +137427,20 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to update an Outpost", + "privilege": "UpdateOutpost", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a site", "privilege": "UpdateSite", "resource_types": [ { @@ -135310,8 +137451,20 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to update the site address", + "privilege": "UpdateSiteAddress", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the physical properties of a rack at a site", "privilege": "UpdateSiteRackPhysicalProperties", "resource_types": [ { @@ -137058,7 +139211,7 @@ "privileges": [ { "access_level": "Read", - "description": "For a specific time period, retrieve the top N dimension keys for a metric.", + "description": "Grants permission to call DescribeDimensionKeys API to retrieve the top N dimension keys for a metric for a specific time period", "privilege": "DescribeDimensionKeys", "resource_types": [ { @@ -137070,7 +139223,7 @@ }, { "access_level": "Read", - "description": "Retrieve the attributes of the specified dimension group.", + "description": "Grants permission to call GetDimensionKeyDetails API to retrieve the attributes of the specified dimension group", "privilege": "GetDimensionKeyDetails", "resource_types": [ { @@ -137082,7 +139235,19 @@ }, { "access_level": "Read", - "description": "Retrieve PI metrics for a set of data sources, over a time period.", + "description": "Grants permission to call GetResourceMetadata API to retrieve the metadata for different features", + "privilege": "GetResourceMetadata", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "metric-resource*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to call GetResourceMetrics API to retrieve PI metrics for a set of data sources, over a time period", "privilege": "GetResourceMetrics", "resource_types": [ { @@ -137091,6 +139256,30 @@ "resource_type": "metric-resource*" } ] + }, + { + "access_level": "Read", + "description": "Grants permission to call ListAvailableResourceDimensions API to retrieve the dimensions that can be queried for each specified metric type on a specified DB instance", + "privilege": "ListAvailableResourceDimensions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "metric-resource*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to call ListAvailableResourceMetrics API to retrieve metrics of the specified types that can be queried for a specified DB instance", + "privilege": "ListAvailableResourceMetrics", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "metric-resource*" + } + ] } ], "resources": [ @@ -137814,7 +140003,7 @@ "privileges": [ { "access_level": "Write", - "description": "Grants permission to reject an environment account connection request from another environment account.", + "description": "Grants permission to reject an environment account connection request from another environment account", "privilege": "AcceptEnvironmentAccountConnection", "resource_types": [ { @@ -137910,7 +140099,10 @@ "privilege": "CreateEnvironmentAccountConnection", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } @@ -137938,7 +140130,7 @@ }, { "access_level": "Write", - "description": "DEPRECATED - use CreateEnvironmentTemplateVersion instead", + "description": "Grants permission to create an environment template major version. DEPRECATED - use CreateEnvironmentTemplateVersion instead", "privilege": "CreateEnvironmentTemplateMajorVersion", "resource_types": [ { @@ -137958,7 +140150,7 @@ }, { "access_level": "Write", - "description": "DEPRECATED - use CreateEnvironmentTemplateVersion instead", + "description": "Grants permission to create an environment template minor version. DEPRECATED - use CreateEnvironmentTemplateVersion instead", "privilege": "CreateEnvironmentTemplateMinorVersion", "resource_types": [ { @@ -137996,6 +140188,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a repository", + "privilege": "CreateRepository", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a service", @@ -138041,7 +140245,7 @@ }, { "access_level": "Write", - "description": "DEPRECATED - use CreateServiceTemplateVersion instead", + "description": "Grants permission to create a service template major version. DEPRECATED - use CreateServiceTemplateVersion instead", "privilege": "CreateServiceTemplateMajorVersion", "resource_types": [ { @@ -138061,7 +140265,7 @@ }, { "access_level": "Write", - "description": "DEPRECATED - use CreateServiceTemplateVersion instead", + "description": "Grants permission to create a service template minor version. DEPRECATED - use CreateServiceTemplateVersion instead", "privilege": "CreateServiceTemplateMinorVersion", "resource_types": [ { @@ -138101,7 +140305,19 @@ }, { "access_level": "Write", - "description": "DEPRECATED - use UpdateAccountSettings instead", + "description": "Grants permission to create a template sync config", + "privilege": "CreateTemplateSyncConfig", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete account roles. DEPRECATED - use UpdateAccountSettings instead", "privilege": "DeleteAccountRoles", "resource_types": [ { @@ -138156,7 +140372,7 @@ }, { "access_level": "Write", - "description": "DEPRECATED - use DeleteEnvironmentTemplateVersion instead", + "description": "Grants permission to delete an environment template major version. DEPRECATED - use DeleteEnvironmentTemplateVersion instead", "privilege": "DeleteEnvironmentTemplateMajorVersion", "resource_types": [ { @@ -138168,7 +140384,7 @@ }, { "access_level": "Write", - "description": "DEPRECATED - use DeleteEnvironmentTemplateVersion instead", + "description": "Grants permission to delete an environment template minor version. DEPRECATED - use DeleteEnvironmentTemplateVersion instead", "privilege": "DeleteEnvironmentTemplateMinorVersion", "resource_types": [ { @@ -138190,6 +140406,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a repository", + "privilege": "DeleteRepository", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a service", @@ -138223,7 +140451,7 @@ }, { "access_level": "Write", - "description": "DEPRECATED - use DeleteServiceTemplateVersion instead", + "description": "Grants permission to delete a service template major version. DEPRECATED - use DeleteServiceTemplateVersion instead", "privilege": "DeleteServiceTemplateMajorVersion", "resource_types": [ { @@ -138235,7 +140463,7 @@ }, { "access_level": "Write", - "description": "DEPRECATED - use DeleteServiceTemplateVersion instead", + "description": "Grants permission to delete a service template minor version. DEPRECATED - use DeleteServiceTemplateVersion instead", "privilege": "DeleteServiceTemplateMinorVersion", "resource_types": [ { @@ -138257,9 +140485,21 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a TemplateSyncConfig", + "privilege": "DeleteTemplateSyncConfig", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", - "description": "DEPRECATED - use GetAccountSettings instead", + "description": "Grants permission to get account roles. DEPRECATED - use GetAccountSettings instead", "privilege": "GetAccountRoles", "resource_types": [ { @@ -138319,7 +140559,7 @@ }, { "access_level": "Read", - "description": "DEPRECATED - use GetEnvironmentTemplateVersion instead", + "description": "Grants permission to get an environment template major version. DEPRECATED - use GetEnvironmentTemplateVersion instead", "privilege": "GetEnvironmentTemplateMajorVersion", "resource_types": [ { @@ -138331,7 +140571,7 @@ }, { "access_level": "Read", - "description": "DEPRECATED - use GetEnvironmentTemplateVersion instead", + "description": "Grants permission to get an environment template minor version. DEPRECATED - use GetEnvironmentTemplateVersion instead", "privilege": "GetEnvironmentTemplateMinorVersion", "resource_types": [ { @@ -138353,6 +140593,30 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to describe a repository", + "privilege": "GetRepository", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the latest sync status for a repository", + "privilege": "GetRepositorySyncStatus", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe a service", @@ -138391,7 +140655,7 @@ }, { "access_level": "Read", - "description": "DEPRECATED - use GetServiceTemplateVersion instead", + "description": "Grants permission to get a service template major version. DEPRECATED - use GetServiceTemplateVersion instead", "privilege": "GetServiceTemplateMajorVersion", "resource_types": [ { @@ -138403,7 +140667,7 @@ }, { "access_level": "Read", - "description": "DEPRECATED - use GetServiceTemplateVersion instead", + "description": "Grants permission to get a service template minor version. DEPRECATED - use GetServiceTemplateVersion instead", "privilege": "GetServiceTemplateMinorVersion", "resource_types": [ { @@ -138425,6 +140689,30 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to describe a TemplateSyncConfig", + "privilege": "GetTemplateSyncConfig", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe the sync status of a template", + "privilege": "GetTemplateSyncStatus", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list environment account connections", @@ -138463,7 +140751,7 @@ }, { "access_level": "List", - "description": "DEPRECATED - use ListEnvironmentTemplateVersions instead", + "description": "Grants permission to list environment template major versions. DEPRECATED - use ListEnvironmentTemplateVersions instead", "privilege": "ListEnvironmentTemplateMajorVersions", "resource_types": [ { @@ -138475,7 +140763,7 @@ }, { "access_level": "List", - "description": "DEPRECATED - use ListEnvironmentTemplateVersions instead", + "description": "Grants permission to list an environment template minor versions. DEPRECATED - use ListEnvironmentTemplateVersions instead", "privilege": "ListEnvironmentTemplateMinorVersions", "resource_types": [ { @@ -138522,8 +140810,8 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "List", + "description": "Grants permission to list repositories", "privilege": "ListRepositories", "resource_types": [ { @@ -138533,6 +140821,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list repository sync definitions", + "privilege": "ListRepositorySyncDefinitions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Unknown", "description": "", @@ -138595,7 +140895,7 @@ }, { "access_level": "List", - "description": "DEPRECATED - use ListServiceTemplateVersions instead", + "description": "Grants permission to list service template major versions. DEPRECATED - use ListServiceTemplateVersions instead", "privilege": "ListServiceTemplateMajorVersions", "resource_types": [ { @@ -138607,7 +140907,7 @@ }, { "access_level": "List", - "description": "DEPRECATED - use ListServiceTemplateVersions instead", + "description": "Grants permission to list service template minor versions. DEPRECATED - use ListServiceTemplateVersions instead", "privilege": "ListServiceTemplateMinorVersions", "resource_types": [ { @@ -138655,7 +140955,7 @@ }, { "access_level": "Read", - "description": "Grants permissions to list tags of a resource", + "description": "Grants permission to list tags of a resource", "privilege": "ListTagsForResource", "resource_types": [ { @@ -138717,7 +141017,7 @@ }, { "access_level": "Write", - "description": "Grants permission to reject an environment account connection request from another environment account.", + "description": "Grants permission to reject an environment account connection request from another environment account", "privilege": "RejectEnvironmentAccountConnection", "resource_types": [ { @@ -138729,7 +141029,7 @@ }, { "access_level": "Tagging", - "description": "Grants permissions to add tags to a resource", + "description": "Grants permission to add tags to a resource", "privilege": "TagResource", "resource_types": [ { @@ -138799,7 +141099,7 @@ }, { "access_level": "Tagging", - "description": "Grants permissions to remove tags from a resource", + "description": "Grants permission to remove tags from a resource", "privilege": "UntagResource", "resource_types": [ { @@ -138868,7 +141168,7 @@ }, { "access_level": "Write", - "description": "DEPRECATED - use UpdateAccountSettings instead", + "description": "Grants permission to update account roles. DEPRECATED - use UpdateAccountSettings instead", "privilege": "UpdateAccountRoles", "resource_types": [ { @@ -138941,7 +141241,7 @@ }, { "access_level": "Write", - "description": "DEPRECATED - use UpdateEnvironmentTemplateVersion instead", + "description": "Grants permission to update an environment template major version. DEPRECATED - use UpdateEnvironmentTemplateVersion instead", "privilege": "UpdateEnvironmentTemplateMajorVersion", "resource_types": [ { @@ -138953,7 +141253,7 @@ }, { "access_level": "Write", - "description": "DEPRECATED - use UpdateEnvironmentTemplateVersion instead", + "description": "Grants permission to update an environment template minor version. DEPRECATED - use UpdateEnvironmentTemplateVersion instead", "privilege": "UpdateEnvironmentTemplateMinorVersion", "resource_types": [ { @@ -138975,6 +141275,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update a repository", + "privilege": "UpdateRepository", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update a service", @@ -139046,7 +141358,7 @@ }, { "access_level": "Write", - "description": "DEPRECATED - use UpdateServiceTemplateVersion instead", + "description": "Grants permission to update a service template major version. DEPRECATED - use UpdateServiceTemplateVersion instead", "privilege": "UpdateServiceTemplateMajorVersion", "resource_types": [ { @@ -139058,7 +141370,7 @@ }, { "access_level": "Write", - "description": "DEPRECATED - use UpdateServiceTemplateVersion instead", + "description": "Grants permission to create a service template minor version. DEPRECATED - use UpdateServiceTemplateVersion instead", "privilege": "UpdateServiceTemplateMinorVersion", "resource_types": [ { @@ -139079,6 +141391,18 @@ "resource_type": "service-template*" } ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a TemplateSyncConfig", + "privilege": "UpdateTemplateSyncConfig", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] } ], "resources": [ @@ -139161,8 +141485,15 @@ }, { "arn": "arn:${Partition}:proton:${Region}:${Account}:environment-account-connection/${Id}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "environment-account-connection" + }, + { + "arn": "arn:${Partition}:proton:${Region}:${Account}:repository/${Provider}:${Name}", + "condition_keys": [], + "resource": "repository" } ], "service_name": "AWS Proton" @@ -145603,17 +147934,17 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the allowed set of values for each of the tags", + "description": "Filters access by actions based on the allowed set of values for each of the tags", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on tag-value associated with the resource", + "description": "Filters access by actions based on tag-value associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters actions based on the presence of mandatory tags in the request", + "description": "Filters access by actions based on the presence of mandatory tags in the request", "type": "String" }, { @@ -145804,12 +148135,20 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "snapshot*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to create an Amazon Redshift authentication profile", "privilege": "CreateAuthenticationProfile", "resource_types": [ { @@ -146191,7 +148530,7 @@ }, { "access_level": "Permissions management", - "description": "Remove permission from the specified datashare consumer to consume a datashare", + "description": "Grants permission to remove permission from the specified datashare consumer to consume a datashare", "privilege": "DeauthorizeDataShare", "resource_types": [ { @@ -146209,8 +148548,8 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to delete an Amazon Redshift authentication profile", "privilege": "DeleteAuthenticationProfile", "resource_types": [ { @@ -146507,8 +148846,8 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Read", + "description": "Grants permission to describe created Amazon Redshift authentication profiles", "privilege": "DescribeAuthenticationProfiles", "resource_types": [ { @@ -147261,8 +149600,8 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to modify an existing Amazon Redshift authentication profile", "privilege": "ModifyAuthenticationProfile", "resource_types": [ { @@ -147538,6 +149877,14 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "snapshot*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -147669,7 +150016,7 @@ "resource": "cluster" }, { - "arn": "arn:${Partition}:redshift:${Region}:${Account}:datashare:${ProducerClusterNamespace}/{DataShareName}", + "arn": "arn:${Partition}:redshift:${Region}:${Account}:datashare:${ProducerClusterNamespace}/${DataShareName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], @@ -148495,11 +150842,6 @@ "description": "Grants permission to create a collection in an AWS Region", "privilege": "CreateCollection", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "collection*" - }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -148544,11 +150886,6 @@ "dependent_actions": [], "resource_type": "project*" }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "projectversion*" - }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -148569,11 +150906,6 @@ "dependent_actions": [], "resource_type": "collection*" }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "streamprocessor*" - }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -149180,7 +151512,17 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "projectversion*" + "resource_type": "collection" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "projectversion" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "streamprocessor" }, { "condition_keys": [ @@ -149200,7 +151542,17 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "projectversion*" + "resource_type": "collection" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "projectversion" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "streamprocessor" }, { "condition_keys": [ @@ -149246,7 +151598,7 @@ "resource": "projectversion" }, { - "arn": "arn:${Partition}:rekognition:${Region}:${Account}:project/${ProjectName}/${CreationTimestamp}/dataset/${DatasetType}/${CreationTimestamp}", + "arn": "arn:${Partition}:rekognition:${Region}:${Account}:project/${ProjectName}/dataset/${DatasetType}/${CreationTimestamp}", "condition_keys": [], "resource": "dataset" } @@ -151798,7 +154150,7 @@ }, { "access_level": "List", - "description": "Grants permission to get a list of your hosted zones in lexicographic order. Hosted zones are sorted by name with the labels reversed, for example, com.example.www.", + "description": "Grants permission to get a list of your hosted zones in lexicographic order. Hosted zones are sorted by name with the labels reversed, for example, com.example.www", "privilege": "ListHostedZonesByName", "resource_types": [ { @@ -151824,7 +154176,7 @@ }, { "access_level": "List", - "description": "Grants permission to list the configurations for DNS query logging that are associated with the current AWS account or the configuration that is associated with a specified hosted zone.", + "description": "Grants permission to list the configurations for DNS query logging that are associated with the current AWS account or the configuration that is associated with a specified hosted zone", "privilege": "ListQueryLoggingConfigs", "resource_types": [ { @@ -151894,7 +154246,7 @@ }, { "access_level": "List", - "description": "Grants permission to get information about the latest version for every traffic policy that is associated with the current AWS account. Policies are listed in the order in which they were created.", + "description": "Grants permission to get information about the latest version for every traffic policy that is associated with the current AWS account. Policies are listed in the order in which they were created", "privilege": "ListTrafficPolicies", "resource_types": [ { @@ -152120,7 +154472,23 @@ "service_name": "Amazon Route 53 Recovery Cluster" }, { - "conditions": [], + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by a tag's key and value in a request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access based on tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access based on the presence of tag keys in the request", + "type": "String" + } + ], "prefix": "route53-recovery-control-config", "privileges": [ { @@ -152132,6 +154500,14 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "cluster*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -152144,6 +154520,14 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "controlpanel*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -152168,6 +154552,14 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "safetyrule*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -152339,6 +154731,78 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to list tags for a resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to tag a resource", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "controlpanel" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "safetyrule" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to remove tags from a resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "controlpanel" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "safetyrule" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update a cluster", @@ -152379,12 +154843,16 @@ "resources": [ { "arn": "arn:${Partition}:route53-recovery-control::${Account}:cluster/${ResourceId}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "cluster" }, { "arn": "arn:${Partition}:route53-recovery-control::${Account}:controlpanel/${ControlPanelId}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "controlpanel" }, { @@ -152394,7 +154862,9 @@ }, { "arn": "arn:${Partition}:route53-recovery-control::${Account}:controlpanel/${ControlPanelId}/safetyrule/${SafetyRuleId}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "safetyrule" } ], @@ -152995,6 +155465,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete domains", + "privilege": "DeleteDomain", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Tagging", "description": "Grants permission to delete the specified tags for a domain", @@ -153057,7 +155539,7 @@ }, { "access_level": "Read", - "description": "For operations that require confirmation that the email address for the registrant contact is valid, such as registering a new domain, grants permission to get information about whether the registrant contact has responded", + "description": "Grants permission to get information about whether the registrant contact has responded for operations that require confirmation that the email address for the registrant contact is valid, such as registering a new domain", "privilege": "GetContactReachabilityStatus", "resource_types": [ { @@ -153129,6 +155611,18 @@ }, { "access_level": "List", + "description": "Grants permission to list the prices of operations for TLDs", + "privilege": "ListPrices", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", "description": "Grants permission to list all the tags that are associated with the specified domain", "privilege": "ListTagsForDomain", "resource_types": [ @@ -153177,7 +155671,7 @@ }, { "access_level": "Write", - "description": "For operations that require confirmation that the email address for the registrant contact is valid, such as registering a new domain, grants permission to resend the confirmation email to the current email address for the registrant contact", + "description": "Grants permission to resend the confirmation email to the current email address for the registrant contact for operations that require confirmation that the email address for the registrant contact is valid, such as registering a new domain", "privilege": "ResendContactReachabilityEmail", "resource_types": [ { @@ -156878,6 +159372,18 @@ } ] }, + { + "access_level": "Permissions management", + "description": "Grants permission to associate public access block configurations with a specified access point, while creating a access point", + "privilege": "PutAccessPointPublicAccessBlock", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Permissions management", "description": "Grants permission to create or modify the PublicAccessBlock configuration for an AWS account", @@ -171615,6 +174121,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to disable application layer automatic response for Shield Advanced protection for a resource", + "privilege": "DisableApplicationLayerAutomaticResponse", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to remove authorization from the DDoS Response Team (DRT) to notify contacts about escalations", @@ -171674,6 +174192,22 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to enable application layer automatic response for Shield Advanced protection for a resource", + "privilege": "EnableApplicationLayerAutomaticResponse", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "cloudfront:GetDistribution", + "iam:CreateServiceLinkedRole", + "iam:GetRole" + ], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to authorize the DDoS Response Team (DRT) to use email and phone to notify contacts about escalations", @@ -171813,6 +174347,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update application layer automatic response for Shield Advanced protection for a resource", + "privilege": "UpdateApplicationLayerAutomaticResponse", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update the details of the list of email addresses that the DRT can use to contact you during a suspected attack", @@ -173828,17 +176374,17 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access based on the tags that are passed in the request", + "description": "Filters access by the tags that are passed in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access based on the tags associated with the resource", + "description": "Filters access by the tags that are associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access based on the tag keys that are passed in the request", + "description": "Filters access by the tag keys that are passed in the request", "type": "String" } ], @@ -173846,7 +176392,7 @@ "privileges": [ { "access_level": "Write", - "description": "", + "description": "Grants permission to associate connection to a chart", "privilege": "AssociateConnectionWithChart", "resource_types": [ { @@ -173863,7 +176409,7 @@ }, { "access_level": "Write", - "description": "", + "description": "Grants permission to associate connection to a tab", "privilege": "AssociateConnectionWithTab", "resource_types": [ { @@ -173875,7 +176421,7 @@ }, { "access_level": "Write", - "description": "", + "description": "Grants permission to associate query to a tab", "privilege": "AssociateQueryWithTab", "resource_types": [ { @@ -174089,18 +176635,6 @@ } ] }, - { - "access_level": "Read", - "description": "Grants permission to describe KMS Keys", - "privilege": "GetKMSKey", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, { "access_level": "Read", "description": "Grants permission to get saved query on your account", @@ -174137,18 +176671,6 @@ } ] }, - { - "access_level": "Read", - "description": "Grants permission to list buckets", - "privilege": "ListBuckets", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, { "access_level": "List", "description": "Grants permission to list the connections on your account", @@ -174185,30 +176707,6 @@ } ] }, - { - "access_level": "List", - "description": "Grants permission to list KMS Key Aliases", - "privilege": "ListKMSKeyAliases", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list KMS Keys", - "privilege": "ListKMSKeys", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, { "access_level": "List", "description": "Grants permission to list redshift clusters on your account", @@ -174257,6 +176755,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to list tagged resources", + "privilege": "ListTaggedResources", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to list the tags of an sqlworkbench resource", @@ -174700,19 +177210,24 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters 'Create' requests based on the allowed set of values for a specified tags", + "description": "Filters access by 'Create' requests based on the allowed set of values for a specified tags", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access based on a tag key-value pair assigned to the AWS resource", + "description": "Filters access by based on a tag key-value pair assigned to the AWS resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters 'Create' requests based on whether mandatory tags are included in the request", + "description": "Filters access by 'Create' requests based on whether mandatory tags are included in the request", "type": "String" }, + { + "condition": "ssm:DocumentCategories", + "description": "Filters access by verifying that a user has permission to access a document belonging to a specific category", + "type": "ArrayOfString" + }, { "condition": "ssm:Overwrite", "description": "Filters access by controlling whether the values for specified resources can be overwritten", @@ -174720,13 +177235,13 @@ }, { "condition": "ssm:Recursive", - "description": "Filters access for resources created in a hierarchical structure", + "description": "Filters access by resources created in a hierarchical structure", "type": "String" }, { "condition": "ssm:SessionDocumentAccessCheck", "description": "Filters access by verifying that a user has permission to access either the default Session Manager configuration document or the custom configuration document specified in a request", - "type": "Boolean" + "type": "Bool" }, { "condition": "ssm:SyncType", @@ -174735,7 +177250,7 @@ }, { "condition": "ssm:resourceTag/tag-key", - "description": "Filters access based on a tag key-value pair assigned to the Systems Manager resource", + "description": "Filters access by based on a tag key-value pair assigned to the Systems Manager resource", "type": "String" } ], @@ -175552,7 +178067,7 @@ ] }, { - "access_level": "Read", + "access_level": "List", "description": "Grants permission to view aggregated status details for patches for a specified patch group", "privilege": "DescribePatchGroupState", "resource_types": [ @@ -175692,6 +178207,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "document*" + }, + { + "condition_keys": [ + "ssm:DocumentCategories" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -175781,7 +178303,7 @@ }, { "access_level": "Read", - "description": "Used by Systems Manager and SSM Agent to determine package installation requirements for an instance (internal Systems Manager call)", + "description": "Grants permission to Systems Manager and SSM Agent to determine package installation requirements for an instance (internal Systems Manager call)", "privilege": "GetManifest", "resource_types": [ { @@ -175996,7 +178518,7 @@ ] }, { - "access_level": "Read", + "access_level": "List", "description": "Grants permission to view metadata history about a specified SSM document", "privilege": "ListDocumentMetadataHistory", "resource_types": [ @@ -176033,7 +178555,7 @@ }, { "access_level": "List", - "description": "Used by SSM Agent to check for new State Manager associations (internal Systems Manager call)", + "description": "Grants permission to SSM Agent to check for new State Manager associations (internal Systems Manager call)", "privilege": "ListInstanceAssociations", "resource_types": [ { @@ -176195,7 +178717,7 @@ }, { "access_level": "Read", - "description": "Used by SSM Agent to generate a report of the results of specific agent requests (internal Systems Manager call)", + "description": "Grants permission to SSM Agent to generate a report of the results of specific agent requests (internal Systems Manager call)", "privilege": "PutConfigurePackageResult", "resource_types": [ { @@ -176249,6 +178771,21 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to register a Systems Manager Agent", + "privilege": "RegisterManagedInstance", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to specify the default patch baseline for a specified patch group", @@ -176586,7 +179123,7 @@ }, { "access_level": "Write", - "description": "Used by SSM Agent to update the status of the association that it is currently running (internal Systems Manager call)", + "description": "Grants permission to SSM Agent to update the status of the association that it is currently running (internal Systems Manager call)", "privilege": "UpdateInstanceAssociationStatus", "resource_types": [ { @@ -176608,7 +179145,7 @@ }, { "access_level": "Write", - "description": "Used by SSM Agent to send a heartbeat signal to the Systems Manager service in the cloud", + "description": "Grants permission to SSM Agent to send a heartbeat signal to the Systems Manager service in the cloud", "privilege": "UpdateInstanceInformation", "resource_types": [ { @@ -177239,12 +179776,12 @@ "resource": "contactchannel" }, { - "arn": "arn:${Partition}:ssm-contacts:${Region}:${Account}:engagement/${EngagementId}", + "arn": "arn:${Partition}:ssm-contacts:${Region}:${Account}:engagement/${ContactAlias}/${EngagementId}", "condition_keys": [], "resource": "engagement" }, { - "arn": "arn:${Partition}:ssm-contacts:${Region}:${Account}:page/${ContactAlias}/${pageId}", + "arn": "arn:${Partition}:ssm-contacts:${Region}:${Account}:page/${ContactAlias}/${PageId}", "condition_keys": [], "resource": "page" } @@ -181385,7 +183922,7 @@ { "condition": "saml:cn", "description": "Filters access by the eduOrg attribute", - "type": "String" + "type": "ArrayOfString" }, { "condition": "saml:commonName", @@ -181400,47 +183937,47 @@ { "condition": "saml:eduorghomepageuri", "description": "Filters access by the eduOrg attribute", - "type": "String" + "type": "ArrayOfString" }, { "condition": "saml:eduorgidentityauthnpolicyuri", "description": "Filters access by the eduOrg attribute", - "type": "String" + "type": "ArrayOfString" }, { "condition": "saml:eduorglegalname", "description": "Filters access by the eduOrg attribute", - "type": "String" + "type": "ArrayOfString" }, { "condition": "saml:eduorgsuperioruri", "description": "Filters access by the eduOrg attribute", - "type": "String" + "type": "ArrayOfString" }, { "condition": "saml:eduorgwhitepagesuri", "description": "Filters access by the eduOrg attribute", - "type": "String" + "type": "ArrayOfString" }, { "condition": "saml:edupersonaffiliation", "description": "Filters access by the eduPerson attribute", - "type": "String" + "type": "ArrayOfString" }, { "condition": "saml:edupersonassurance", "description": "Filters access by the eduPerson attribute", - "type": "String" + "type": "ArrayOfString" }, { "condition": "saml:edupersonentitlement", "description": "Filters access by the eduPerson attribute", - "type": "String" + "type": "ArrayOfString" }, { "condition": "saml:edupersonnickname", "description": "Filters access by the eduPerson attribute", - "type": "String" + "type": "ArrayOfString" }, { "condition": "saml:edupersonorgdn", @@ -181450,7 +183987,7 @@ { "condition": "saml:edupersonorgunitdn", "description": "Filters access by the eduPerson attribute", - "type": "String" + "type": "ArrayOfString" }, { "condition": "saml:edupersonprimaryaffiliation", @@ -181470,12 +184007,12 @@ { "condition": "saml:edupersonscopedaffiliation", "description": "Filters access by the eduPerson attribute", - "type": "String" + "type": "ArrayOfString" }, { "condition": "saml:edupersontargetedid", "description": "Filters access by the eduPerson attribute", - "type": "String" + "type": "ArrayOfString" }, { "condition": "saml:givenName", @@ -182158,102 +184695,102 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Tag for request.", + "description": "Tag for request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Tag for resource.", + "description": "Tag for resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Tag for key.", + "description": "Tag for key", "type": "String" }, { "condition": "swf:activityType.name", - "description": "Constrains the policy statement to only an activity type of the specified name.", + "description": "Constrains the policy statement to only an activity type of the specified name", "type": "String" }, { "condition": "swf:activityType.version", - "description": "Contstrains the policy statement to only an activity type of the specified version.", + "description": "Contstrains the policy statement to only an activity type of the specified version", "type": "String" }, { "condition": "swf:defaultTaskList.name", - "description": "Constrains the policy statement to only requests that specify a matching defaultTaskList name.", + "description": "Constrains the policy statement to only requests that specify a matching defaultTaskList name", "type": "String" }, { "condition": "swf:name", - "description": "Constrains the policy statement to only activities or workflows with the specified name.", + "description": "Constrains the policy statement to only activities or workflows with the specified name", "type": "String" }, { "condition": "swf:tagFilter.tag", - "description": "Constrains the policy statement to only requests that specify a matching tagFilter.tag value.", + "description": "Constrains the policy statement to only requests that specify a matching tagFilter.tag value", "type": "String" }, { "condition": "swf:tagList.member.0", - "description": "Constrains the policy statement to only requests that contain the specified tag.", + "description": "Constrains the policy statement to only requests that contain the specified tag", "type": "String" }, { "condition": "swf:tagList.member.1", - "description": "Constrains the policy statement to only requests that contain the specified tag.", + "description": "Constrains the policy statement to only requests that contain the specified tag", "type": "String" }, { "condition": "swf:tagList.member.2", - "description": "Constrains the policy statement to only requests that contain the specified tag.", + "description": "Constrains the policy statement to only requests that contain the specified tag", "type": "String" }, { "condition": "swf:tagList.member.3", - "description": "Constrains the policy statement to only requests that contain the specified tag.", + "description": "Constrains the policy statement to only requests that contain the specified tag", "type": "String" }, { "condition": "swf:tagList.member.4", - "description": "Constrains the policy statement to only requests that contain the specified tag.", + "description": "Constrains the policy statement to only requests that contain the specified tag", "type": "String" }, { "condition": "swf:taskList.name", - "description": "Constrains the policy statement to only requests that specify a tasklist with the specified name.", + "description": "Constrains the policy statement to only requests that specify a tasklist with the specified name", "type": "String" }, { "condition": "swf:typeFilter.name", - "description": "Constrains the policy statement to only requests that specify a type filter with the specified name.", + "description": "Constrains the policy statement to only requests that specify a type filter with the specified name", "type": "String" }, { "condition": "swf:typeFilter.version", - "description": "Constrains the policy statement to only requests that specify a type filter with the specified version.", + "description": "Constrains the policy statement to only requests that specify a type filter with the specified version", "type": "String" }, { "condition": "swf:version", - "description": "Constrains the policy statement to only activities or workflows with the specified version.", + "description": "Constrains the policy statement to only activities or workflows with the specified version", "type": "String" }, { "condition": "swf:workflowType.name", - "description": "Constrains the policy statement to only a workflow of the specified type.", + "description": "Constrains the policy statement to only a workflow of the specified type", "type": "String" }, { "condition": "swf:workflowType.name", - "description": "Constrains the policy statement to only requests that specify a workflow type of the specified name.", + "description": "Constrains the policy statement to only requests that specify a workflow type of the specified name", "type": "String" }, { "condition": "swf:workflowType.version", - "description": "Constrains the policy statement to only requests that specify a workflow type of the specified version.", + "description": "Constrains the policy statement to only requests that specify a workflow type of the specified version", "type": "String" } ], @@ -182309,7 +184846,7 @@ }, { "access_level": "Read", - "description": "Returns the number of closed workflow executions within the given domain that meet the specified filtering criteria.", + "description": "Returns the number of closed workflow executions within the given domain that meet the specified filtering criteria", "privilege": "CountClosedWorkflowExecutions", "resource_types": [ { @@ -182330,7 +184867,7 @@ }, { "access_level": "Read", - "description": "Returns the number of open workflow executions within the given domain that meet the specified filtering criteria.", + "description": "Returns the number of open workflow executions within the given domain that meet the specified filtering criteria", "privilege": "CountOpenWorkflowExecutions", "resource_types": [ { @@ -182351,7 +184888,7 @@ }, { "access_level": "Read", - "description": "Returns the estimated number of activity tasks in the specified task list.", + "description": "Returns the estimated number of activity tasks in the specified task list", "privilege": "CountPendingActivityTasks", "resource_types": [ { @@ -182370,7 +184907,7 @@ }, { "access_level": "Read", - "description": "Returns the estimated number of decision tasks in the specified task list.", + "description": "Returns the estimated number of decision tasks in the specified task list", "privilege": "CountPendingDecisionTasks", "resource_types": [ { @@ -182389,7 +184926,7 @@ }, { "access_level": "Write", - "description": "Deprecates the specified activity type.", + "description": "Deprecates the specified activity type", "privilege": "DeprecateActivityType", "resource_types": [ { @@ -182409,7 +184946,7 @@ }, { "access_level": "Write", - "description": "Deprecates the specified domain.", + "description": "Deprecates the specified domain", "privilege": "DeprecateDomain", "resource_types": [ { @@ -182421,7 +184958,7 @@ }, { "access_level": "Write", - "description": "Deprecates the specified workflow type.", + "description": "Deprecates the specified workflow type", "privilege": "DeprecateWorkflowType", "resource_types": [ { @@ -182441,7 +184978,7 @@ }, { "access_level": "Read", - "description": "Returns information about the specified activity type.", + "description": "Returns information about the specified activity type", "privilege": "DescribeActivityType", "resource_types": [ { @@ -182461,7 +184998,7 @@ }, { "access_level": "Read", - "description": "Returns information about the specified domain, including description and status.", + "description": "Returns information about the specified domain, including description and status", "privilege": "DescribeDomain", "resource_types": [ { @@ -182473,7 +185010,7 @@ }, { "access_level": "Read", - "description": "Returns information about the specified workflow execution including its type and some statistics.", + "description": "Returns information about the specified workflow execution including its type and some statistics", "privilege": "DescribeWorkflowExecution", "resource_types": [ { @@ -182485,7 +185022,7 @@ }, { "access_level": "Read", - "description": "Returns information about the specified workflow type.", + "description": "Returns information about the specified workflow type", "privilege": "DescribeWorkflowType", "resource_types": [ { @@ -182517,7 +185054,7 @@ }, { "access_level": "Read", - "description": "Returns the history of the specified workflow execution.", + "description": "Returns the history of the specified workflow execution", "privilege": "GetWorkflowExecutionHistory", "resource_types": [ { @@ -182529,7 +185066,7 @@ }, { "access_level": "List", - "description": "Returns information about all activities registered in the specified domain that match the specified name and registration status.", + "description": "Returns information about all activities registered in the specified domain that match the specified name and registration status", "privilege": "ListActivityTypes", "resource_types": [ { @@ -182541,7 +185078,7 @@ }, { "access_level": "List", - "description": "Returns a list of closed workflow executions in the specified domain that meet the filtering criteria.", + "description": "Returns a list of closed workflow executions in the specified domain that meet the filtering criteria", "privilege": "ListClosedWorkflowExecutions", "resource_types": [ { @@ -182562,7 +185099,7 @@ }, { "access_level": "List", - "description": "Returns the list of domains registered in the account.", + "description": "Returns the list of domains registered in the account", "privilege": "ListDomains", "resource_types": [ { @@ -182574,7 +185111,7 @@ }, { "access_level": "List", - "description": "Returns a list of open workflow executions in the specified domain that meet the filtering criteria.", + "description": "Returns a list of open workflow executions in the specified domain that meet the filtering criteria", "privilege": "ListOpenWorkflowExecutions", "resource_types": [ { @@ -182595,7 +185132,7 @@ }, { "access_level": "List", - "description": "This action lists tags for an AWS SWF resource.", + "description": "This action lists tags for an AWS SWF resource", "privilege": "ListTagsForResource", "resource_types": [ { @@ -182607,7 +185144,7 @@ }, { "access_level": "List", - "description": "Returns information about workflow types in the specified domain.", + "description": "Returns information about workflow types in the specified domain", "privilege": "ListWorkflowTypes", "resource_types": [ { @@ -182619,7 +185156,7 @@ }, { "access_level": "Write", - "description": "Used by workers to get an ActivityTask from the specified activity taskList.", + "description": "Used by workers to get an ActivityTask from the specified activity taskList", "privilege": "PollForActivityTask", "resource_types": [ { @@ -182638,7 +185175,7 @@ }, { "access_level": "Write", - "description": "Used by deciders to get a DecisionTask from the specified decision taskList.", + "description": "Used by deciders to get a DecisionTask from the specified decision taskList", "privilege": "PollForDecisionTask", "resource_types": [ { @@ -182657,7 +185194,7 @@ }, { "access_level": "Write", - "description": "Used by activity workers to report to the service that the ActivityTask represented by the specified taskToken is still making progress.", + "description": "Used by activity workers to report to the service that the ActivityTask represented by the specified taskToken is still making progress", "privilege": "RecordActivityTaskHeartbeat", "resource_types": [ { @@ -182681,7 +185218,7 @@ }, { "access_level": "Write", - "description": "Registers a new activity type along with its configuration settings in the specified domain.", + "description": "Registers a new activity type along with its configuration settings in the specified domain", "privilege": "RegisterActivityType", "resource_types": [ { @@ -182702,7 +185239,7 @@ }, { "access_level": "Write", - "description": "Registers a new domain.", + "description": "Registers a new domain", "privilege": "RegisterDomain", "resource_types": [ { @@ -182717,7 +185254,7 @@ }, { "access_level": "Write", - "description": "Registers a new workflow type and its configuration settings in the specified domain.", + "description": "Registers a new workflow type and its configuration settings in the specified domain", "privilege": "RegisterWorkflowType", "resource_types": [ { @@ -182762,7 +185299,7 @@ }, { "access_level": "Write", - "description": "Records a WorkflowExecutionCancelRequested event in the currently running workflow execution identified by the given domain, workflowId, and runId.", + "description": "Records a WorkflowExecutionCancelRequested event in the currently running workflow execution identified by the given domain, workflowId, and runId", "privilege": "RequestCancelWorkflowExecution", "resource_types": [ { @@ -182774,7 +185311,7 @@ }, { "access_level": "Write", - "description": "Used by workers to tell the service that the ActivityTask identified by the taskToken was successfully canceled.", + "description": "Used by workers to tell the service that the ActivityTask identified by the taskToken was successfully canceled", "privilege": "RespondActivityTaskCanceled", "resource_types": [ { @@ -182786,7 +185323,7 @@ }, { "access_level": "Write", - "description": "Used by workers to tell the service that the ActivityTask identified by the taskToken completed successfully with a result (if provided).", + "description": "Used by workers to tell the service that the ActivityTask identified by the taskToken completed successfully with a result (if provided)", "privilege": "RespondActivityTaskCompleted", "resource_types": [ { @@ -182814,7 +185351,7 @@ }, { "access_level": "Write", - "description": "Used by workers to tell the service that the ActivityTask identified by the taskToken has failed with reason (if specified).", + "description": "Used by workers to tell the service that the ActivityTask identified by the taskToken has failed with reason (if specified)", "privilege": "RespondActivityTaskFailed", "resource_types": [ { @@ -182826,7 +185363,7 @@ }, { "access_level": "Write", - "description": "Used by deciders to tell the service that the DecisionTask identified by the taskToken has successfully completed.", + "description": "Used by deciders to tell the service that the DecisionTask identified by the taskToken has successfully completed", "privilege": "RespondDecisionTaskCompleted", "resource_types": [ { @@ -182862,7 +185399,7 @@ }, { "access_level": "Write", - "description": "Records a WorkflowExecutionSignaled event in the workflow execution history and creates a decision task for the workflow execution identified by the given domain, workflowId and runId.", + "description": "Records a WorkflowExecutionSignaled event in the workflow execution history and creates a decision task for the workflow execution identified by the given domain, workflowId and runId", "privilege": "SignalWorkflowExecution", "resource_types": [ { @@ -182898,7 +185435,7 @@ }, { "access_level": "Write", - "description": "Starts an execution of the workflow type in the specified domain using the provided workflowId and input data.", + "description": "Starts an execution of the workflow type in the specified domain using the provided workflowId and input data", "privilege": "StartWorkflowExecution", "resource_types": [ { @@ -182924,7 +185461,7 @@ }, { "access_level": "Tagging", - "description": "This action tags an AWS SWF resource.", + "description": "This action tags an AWS SWF resource", "privilege": "TagResource", "resource_types": [ { @@ -182944,7 +185481,7 @@ }, { "access_level": "Write", - "description": "Records a WorkflowExecutionTerminated event and forces closure of the workflow execution identified by the given domain, runId, and workflowId.", + "description": "Records a WorkflowExecutionTerminated event and forces closure of the workflow execution identified by the given domain, runId, and workflowId", "privilege": "TerminateWorkflowExecution", "resource_types": [ { @@ -182956,7 +185493,7 @@ }, { "access_level": "Write", - "description": "Undeprecates a previously deprecated activity type.", + "description": "Undeprecates a previously deprecated activity type", "privilege": "UndeprecateActivityType", "resource_types": [ { @@ -182976,7 +185513,7 @@ }, { "access_level": "Write", - "description": "Undeprecates a previously deprecated domain.", + "description": "Undeprecates a previously deprecated domain", "privilege": "UndeprecateDomain", "resource_types": [ { @@ -182988,7 +185525,7 @@ }, { "access_level": "Write", - "description": "Undeprecates a previously deprecated workflow type.", + "description": "Undeprecates a previously deprecated workflow type", "privilege": "UndeprecateWorkflowType", "resource_types": [ { @@ -183008,7 +185545,7 @@ }, { "access_level": "Tagging", - "description": "This action removes a tag from an AWS SWF resource.", + "description": "This action removes a tag from an AWS SWF resource", "privilege": "UntagResource", "resource_types": [ { @@ -183352,13 +185889,15 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Read", + "description": "Grants permission to detect relevant information from identity documents provided as input", "privilege": "AnalyzeID", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "s3:GetObject" + ], "resource_type": "" } ] @@ -188151,6 +190690,11 @@ "dependent_actions": [], "resource_type": "ipset" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "managedruleset" + }, { "condition_keys": [], "dependent_actions": [], @@ -188822,6 +191366,11 @@ "dependent_actions": [], "resource_type": "ipset" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "managedruleset" + }, { "condition_keys": [], "dependent_actions": [], @@ -192684,6 +195233,11 @@ "dependent_actions": [ "workspaces:CreateTags" ], + "resource_type": "workspacebundle*" + }, + { + "condition_keys": [], + "dependent_actions": [], "resource_type": "workspaceimage*" }, { @@ -192711,6 +195265,11 @@ "dependent_actions": [], "resource_type": "workspacebundle*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspaceid*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", diff --git a/iamlivecore/map.json b/iamlivecore/map.json index 5847f733..8e68072e 100644 --- a/iamlivecore/map.json +++ b/iamlivecore/map.json @@ -94925,37 +94925,25 @@ "Redshift.CreateAuthenticationProfile": [ { "action": "redshift:CreateAuthenticationProfile", - "undocumented": true, - "arn_override": { - "template": "*" - } + "resource_mappings": {} } ], "Redshift.DeleteAuthenticationProfile": [ { "action": "redshift:DeleteAuthenticationProfile", - "undocumented": true, - "arn_override": { - "template": "*" - } + "resource_mappings": {} } ], "Redshift.DescribeAuthenticationProfiles": [ { "action": "redshift:DescribeAuthenticationProfiles", - "undocumented": true, - "arn_override": { - "template": "*" - } + "resource_mappings": {} } ], "Redshift.ModifyAuthenticationProfile": [ { "action": "redshift:ModifyAuthenticationProfile", - "undocumented": true, - "arn_override": { - "template": "*" - } + "resource_mappings": {} } ], "LexModelBuildingService.GetMigration": [ @@ -95126,19 +95114,27 @@ ], "Glue.UpdateColumnStatisticsForTable": [ { - "action": "glue:UpdateTable", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:glue:${Region}:${Account}:catalog" + "action": "glue:UpdateColumnStatisticsForTable", + "resource_mappings": { + "DatabaseName": { + "template": "${DatabaseName}" + }, + "TableName": { + "template": "${TableName}" + } } } ], "Glue.UpdateColumnStatisticsForPartition": [ { - "action": "glue:UpdatePartition", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:glue:${Region}:${Account}:catalog" + "action": "glue:UpdateColumnStatisticsForPartition", + "resource_mappings": { + "DatabaseName": { + "template": "${DatabaseName}" + }, + "TableName": { + "template": "${TableName}" + } } } ], @@ -97399,63 +97395,66 @@ "Glue.CreateBlueprint": [ { "action": "glue:CreateBlueprint", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:glue:${Region}:${Account}:blueprint/${Name}" - } + "resource_mappings": {} } ], "Glue.DeleteBlueprint": [ { "action": "glue:DeleteBlueprint", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:glue:${Region}:${Account}:blueprint/${Name}" + "resource_mappings": { + "BlueprintName": { + "template": "${Name}" + } } } ], "Glue.GetBlueprint": [ { "action": "glue:GetBlueprint", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:glue:${Region}:${Account}:blueprint/${Name}" + "resource_mappings": { + "BlueprintName": { + "template": "${Name}" + } } } ], "Glue.GetBlueprintRun": [ { "action": "glue:GetBlueprintRun", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:glue:${Region}:${Account}:blueprint/${BlueprintName}" + "resource_mappings": { + "BlueprintName": { + "template": "${BlueprintName}" + } } } ], "Glue.GetBlueprintRuns": [ { "action": "glue:GetBlueprintRuns", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:glue:${Region}:${Account}:blueprint/${BlueprintName}" + "resource_mappings": { + "BlueprintName": { + "template": "${BlueprintName}" + } } } ], "Glue.StartBlueprintRun": [ { "action": "glue:StartBlueprintRun", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:glue:${Region}:${Account}:blueprint/${BlueprintName}" + "resource_mappings": { + "BlueprintName": { + "template": "${BlueprintName}" + } } } ], "Glue.UpdateBlueprint": [ { "action": "glue:UpdateBlueprint", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:glue:${Region}:${Account}:blueprint/${Name}" + "resource_mappings": { + "BlueprintName": { + "template": "${Name}" + } } } ], @@ -97564,27 +97563,30 @@ "Location.UpdateMap": [ { "action": "geo:UpdateMap", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:geo:${Region}:${Account}:map/${MapName}" + "resource_mappings": { + "MapName": { + "template": "${MapName}" + } } } ], "Location.UpdatePlaceIndex": [ { "action": "geo:UpdatePlaceIndex", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:geo:${Region}:${Account}:place-index/${IndexName}" + "resource_mappings": { + "IndexName": { + "template": "${IndexName}" + } } } ], "Location.UpdateRouteCalculator": [ { "action": "geo:UpdateRouteCalculator", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:geo:${Region}:${Account}:route-calculator/${CalculatorName}" + "resource_mappings": { + "CalculatorName": { + "template": "${CalculatorName}" + } } } ], @@ -97609,19 +97611,17 @@ "Glue.BatchGetBlueprints": [ { "action": "glue:BatchGetBlueprints", - "undocumented": true, - "arn_override": { - "template": "*" + "resource_mappings": { + "BlueprintName": { + "template": "${Names[]}" + } } } ], "Glue.ListBlueprints": [ { "action": "glue:ListBlueprints", - "undocumented": true, - "arn_override": { - "template": "*" - } + "resource_mappings": {} } ], "Textract.AnalyzeExpense": [ @@ -98103,9 +98103,10 @@ "EKS.DeregisterCluster": [ { "action": "eks:DeregisterCluster", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:eks:${Region}:${Account}:cluster/${name}" + "resource_mappings": { + "ClusterName": { + "template": "${name}" + } } } ], @@ -100450,73 +100451,49 @@ "CloudControl.CancelResourceRequest": [ { "action": "cloudformation:CancelResourceRequest", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:cloudformation:${Region}:${Account}:resource/*" - } + "resource_mappings": {} } ], "CloudControl.CreateResource": [ { "action": "cloudformation:CreateResource", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:cloudformation:${Region}:${Account}:resource/*" - } + "resource_mappings": {} } ], "CloudControl.DeleteResource": [ { "action": "cloudformation:DeleteResource", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:cloudformation:${Region}:${Account}:resource/*" - } + "resource_mappings": {} } ], "CloudControl.GetResource": [ { "action": "cloudformation:GetResource", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:cloudformation:${Region}:${Account}:resource/*" - } + "resource_mappings": {} } ], "CloudControl.GetResourceRequestStatus": [ { "action": "cloudformation:GetResourceRequestStatus", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:cloudformation:${Region}:${Account}:resource/*" - } + "resource_mappings": {} } ], "CloudControl.ListResourceRequests": [ { "action": "cloudformation:ListResourceRequests", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:cloudformation:${Region}:${Account}:resource/*" - } + "resource_mappings": {} } ], "CloudControl.ListResources": [ { "action": "cloudformation:ListResources", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:cloudformation:${Region}:${Account}:resource/*" - } + "resource_mappings": {} } ], "CloudControl.UpdateResource": [ { "action": "cloudformation:UpdateResource", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:cloudformation:${Region}:${Account}:resource/*" - } + "resource_mappings": {} } ], "WorkSpaces.CreateUpdatedWorkspaceImage": [ @@ -106410,31 +106387,43 @@ "CloudFront.DeleteResponseHeadersPolicy": [ { "action": "cloudfront:DeleteResponseHeadersPolicy", - "undocumented": true + "resource_mappings": { + "Id": { + "template": "${Id}" + } + } } ], "CloudFront.GetResponseHeadersPolicy": [ { "action": "cloudfront:GetResponseHeadersPolicy", - "undocumented": true + "resource_mappings": { + "Id": { + "template": "${Id}" + } + } } ], "CloudFront.GetResponseHeadersPolicyConfig": [ { "action": "cloudfront:GetResponseHeadersPolicyConfig", - "undocumented": true + "resource_mappings": { + "Id": { + "template": "${Id}" + } + } } ], "CloudFront.ListDistributionsByResponseHeadersPolicyId": [ { "action": "cloudfront:ListDistributionsByResponseHeadersPolicyId", - "undocumented": true + "resource_mappings": {} } ], "CloudFront.ListResponseHeadersPolicies": [ { "action": "cloudfront:ListResponseHeadersPolicies", - "undocumented": true + "resource_mappings": {} } ], "Redshift.DescribeReservedNodeExchangeStatus": [ @@ -106494,106 +106483,114 @@ "Textract.AnalyzeID": [ { "action": "textract:AnalyzeID", - "undocumented": true + "resource_mappings": {} + }, + { + "action": "s3:GetObject", + "resource_mappings": { + "BucketName": { + "template": "${DocumentPages[].S3Object.Bucket}" + }, + "ObjectName": { + "template": "${DocumentPages[].S3Object.Name}" + } + } } ], "LakeFormation.CancelTransaction": [ { "action": "lakeformation:CancelTransaction", - "undocumented": true + "resource_mappings": {} } ], "LakeFormation.CommitTransaction": [ { "action": "lakeformation:CommitTransaction", - "undocumented": true + "resource_mappings": {} } ], "LakeFormation.DeleteObjectsOnCancel": [ { "action": "lakeformation:DeleteObjectsOnCancel", - "undocumented": true + "resource_mappings": {} } ], "LakeFormation.DescribeTransaction": [ { "action": "lakeformation:DescribeTransaction", - "undocumented": true + "resource_mappings": {} } ], "LakeFormation.ExtendTransaction": [ { "action": "lakeformation:ExtendTransaction", - "undocumented": true + "resource_mappings": {} } ], "LakeFormation.GetQueryState": [ { "action": "lakeformation:GetQueryState", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:lakeformation:${Region}:${Account}:/GetQueryState" - } + "resource_mappings": {} + }, + { + "action": "lakeformation:StartQueryPlanning", + "resource_mappings": {} } ], "LakeFormation.GetQueryStatistics": [ { "action": "lakeformation:GetQueryStatistics", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:lakeformation:${Region}:${Account}:/GetQueryStatistics" - } + "resource_mappings": {} + }, + { + "action": "lakeformation:StartQueryPlanning", + "resource_mappings": {} } ], "LakeFormation.GetTableObjects": [ { "action": "lakeformation:GetTableObjects", - "undocumented": true + "resource_mappings": {} } ], "LakeFormation.GetWorkUnits": [ { "action": "lakeformation:GetWorkUnits", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:lakeformation:${Region}:${Account}:/GetWorkUnits" - } + "resource_mappings": {} + }, + { + "action": "lakeaformation:StartQueryPlanning", + "resource_mappings": {} } ], "LakeFormation.ListDataCellsFilter": [ { "action": "lakeformation:ListDataCellsFilter", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:lakeformation:${Region}:${Account}:catalog:${Account}" - } + "resource_mappings": {} } ], "LakeFormation.ListTableStorageOptimizers": [ { "action": "lakeformation:ListTableStorageOptimizers", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:glue:${Region}:${Account}:table/${databasename}/${tablename}" - } + "resource_mappings": {} } ], "LakeFormation.ListTransactions": [ { "action": "lakeformation:ListTransactions", - "undocumented": true + "resource_mappings": {} } ], "LakeFormation.StartTransaction": [ { "action": "lakeformation:StartTransaction", - "undocumented": true + "resource_mappings": {} } ], "LakeFormation.UpdateTableObjects": [ { "action": "lakeformation:UpdateTableObjects", - "undocumented": true + "resource_mappings": {} } ], "Kendra.AssociateEntitiesToExperience": [ @@ -106707,28 +106704,19 @@ "Outposts.CancelOrder": [ { "action": "outposts:CancelOrder", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:outposts:${Region}:${Account}:/orders/${OrderId}/cancel" - } + "resource_mappings": {} } ], "Outposts.CreateSite": [ { "action": "outposts:CreateSite", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:outposts:${Region}:${Account}:*" - } + "resource_mappings": {} } ], "Outposts.GetCatalogItem": [ { "action": "outposts:GetCatalogItem", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:outposts:${Region}:${Account}:/catalog/item/${CatalogItemId}" - } + "resource_mappings": {} } ], "Outposts.GetOrder": [ @@ -106743,55 +106731,37 @@ "Outposts.GetSite": [ { "action": "outposts:GetSite", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:outposts:${Region}:${Account}:*" - } + "resource_mappings": {} } ], "Outposts.GetSiteAddress": [ { "action": "outposts:GetSiteAddress", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:outposts:${Region}:${Account}:*" - } + "resource_mappings": {} } ], "Outposts.ListCatalogItems": [ { "action": "outposts:ListCatalogItems", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:outposts:${Region}:${Account}:/catalog/items" - } + "resource_mappings": {} } ], "Outposts.ListOrders": [ { "action": "outposts:ListOrders", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:outposts:${Region}:${Account}:*" - } + "resource_mappings": {} } ], "Outposts.UpdateSite": [ { "action": "outposts:UpdateSite", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:outposts:${Region}:${Account}:*" - } + "resource_mappings": {} } ], "Outposts.UpdateSiteRackPhysicalProperties": [ { "action": "outposts:UpdateSiteRackPhysicalProperties", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:outposts:${Region}:${Account}:/sites/${SiteId}/rackPhysicalProperties" - } + "resource_mappings": {} } ], "AmplifyBackend.DeleteBackendStorage": [ @@ -106833,10 +106803,7 @@ "IotDeviceAdvisor.GetEndpoint": [ { "action": "iotdeviceadvisor:GetEndpoint", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:iotdeviceadvisor:${Region}:${Account}:*" - } + "resource_mappings": {} } ], "Finspacedata.DeleteDataset": [ @@ -106932,7 +106899,7 @@ "Proton.ListRepositories": [ { "action": "proton:ListRepositories", - "undocumented": true + "resource_mappings": {} } ], "Proton.ListServiceInstanceOutputs": [ @@ -106974,9 +106941,16 @@ "AppConfigData.StartConfigurationSession": [ { "action": "appconfig:StartConfigurationSession", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:appconfig:${Region}:${Account}:application/${ApplicationIdentifier}/environment/${EnvironmentIdentifier}/configuration/${ConfigurationProfileIdentifier}" + "resource_mappings": { + "ApplicationId": { + "template": "${ApplicationIdentifier}" + }, + "EnvironmentId": { + "template": "${EnvironmentIdentifier}" + }, + "ConfigurationProfileId": { + "template": "${ConfigurationProfileIdentifier}" + } } } ], @@ -108595,249 +108569,3131 @@ "userSettings": "${userSettingsArn}" } } - ] - }, - "sdk_service_mappings": { - "ACM PCA": "acm-pca", - "ACMPCA": "acm-pca", - "AccessAnalyzer": "access-analyzer", - "Alexa For Business": "a4b", - "AlexaForBusiness": "a4b", - "Amp": "aps", - "Amplify": "amplify", - "AmplifyBackend": "amplifybackend", - "API Gateway": "apigateway", - "ApiGatewayManagementApi": "apigateway", - "API Gateway V2": "apigateway", - "ApiGatewayV2": "apigateway", - "App Mesh": "appmesh", - "AppConfig": "appconfig", - "AppIntegrations": "app-integrations", - "AppStream": "appstream", - "AppSync": "appsync", - "Appflow": "appflow", - "Application Auto Scaling": "application-autoscaling", - "Application Discovery Service": "discovery", - "Application Insights": "applicationinsights", - "ApplicationAutoScaling": "application-autoscaling", - "ApplicationCostProfiler": "application-cost-profiler", - "AuditManager": "auditmanager", - "AugmentedAIRuntime": "sagemaker", - "Auto Scaling": "autoscaling", - "Auto Scaling Plans": "autoscaling-plans", - "AutoScalingPlans": "autoscaling-plans", - "Braket": "braket", - "CloudDirectory": "clouddirectory", - "CloudHSM V2": "cloudhsm", - "CloudHSMV2": "cloudhsm", - "CloudSearch Domain": "cloudsearch", - "CloudSearchDomain": "cloudsearch", - "CloudWatchEvents": "events", - "CloudWatch Events": "events", - "CloudWatchLogs": "logs", - "CloudWatch Logs": "logs", - "Cloudwatch Logs": "logs", - "CodeGuru Reviewer": "codeguru-reviewer", - "CodeGuruProfiler": "codeguru-profiler", - "CodeGuruReviewer": "codeguru-reviewer", - "codestar notifications": "codestar-notifications", - "CodeStar connections": "codestar-connections", - "CodeStarNotifications": "codestar-notifications", - "CodeStarconnections": "codestar-connections", - "Cognito Identity": "cognito-identity", - "CognitoIdentity": "cognito-identity", - "Cognito Identity Provider": "cognito-idp", - "CognitoIdentityServiceProvider": "cognito-idp", - "Cognito Sync": "cognito-sync", - "CognitoSync": "cognito-sync", - "Comprehend": "comprehend", - "ComprehendMedical": "comprehendmedical", - "Compute Optimizer": "compute-optimizer", - "ComputeOptimizer": "compute-optimizer", - "Config Service": "config", - "ConfigService": "config", - "Connect Contact Lens": "connect", - "Connect": "connect", - "ConnectContactLens": "connect", - "ConnectParticipant": "execute-api", - "Cost Explorer": "ce", - "Cost and Usage Report Service": "cur", - "CostExplorer": "ce", - "Customer Profiles": "profile", - "CustomerProfiles": "profile", - "DLM": "dlm", - "DataBrew": "databrew", - "DataExchange": "dataexchange", - "Data Migration Service": "dms", - "Data Pipeline": "datapipeline", - "DataSync": "datasync", - "Detective": "detective", - "DevOps Guru": "devops-guru", - "DevOpsGuru": "devops-guru", - "Device Farm": "devicefarm", - "Direct Connect": "directconnect", - "Directory Service": "ds", - "DirectoryService": "ds", - "DocDB": "rds", - "DynamoDB Streams": "dynamodb", - "DynamoDBStreams": "dynamodb", - "EC2InstanceConnect": "ec2-instance-connect", - "EC2 Instance Connect": "ec2-instance-connect", - "ECR PUBLIC": "ecr-public", - "ECR": "ecr", - "ECRPUBLIC": "ecr-public", - "EFS": "elasticfilesystem", - "EKS": "eks", - "ELB": "elasticloadbalancing", - "ELBv2": "elasticloadbalancing", - "EMR containers": "emr-containers", - "EMR": "elasticmapreduce", - "EMRcontainers": "emr-containers", - "Elasticsearch Service": "es", - "Elastic Beanstalk": "elasticbeanstalk", - "Elastic Load Balancing": "elasticloadbalancing", - "Elastic Load Balancing v2": "elasticloadbalancing", - "Elastic Inference": "elastic-inference", - "ElasticInference": "elastic-inference", - "Elastic Transcoder": "elastictranscoder", - "EventBridge": "events", - "FSx": "fsx", - "forecastquery": "forecast", - "ForecastQueryService": "forecast", - "ForecastService": "forecast", - "Global Accelerator": "globalaccelerator", - "Greengrass": "greengrass", - "GreengrassV2": "greengrass", - "GroundStation": "groundstation", - "GuardDuty": "guardduty", - "HealthLake": "healthlake", - "Honeycode": "honeycode", - "IoT 1Click Devices Service": "iot1click", - "IoT 1Click Projects": "iot1click", - "IoT Data Plane": "iot", - "IoT Events Data": "iotevents", - "IoT Events": "iotevents", - "IoT Jobs Data Plane": "iot", - "IoTWireless": "iot", - "IoT Wireless": "iot", - "IoT": "iot", - "IoT1ClickDevicesService": "iot1click", - "IoT1ClickProjects": "iot1click", - "IoTAnalytics": "iotanalytics", - "IoTEventsData": "iotevents", - "IoTFleetHub": "iotfleethub", - "IoTJobsDataPlane": "iot", - "IoTSecureTunneling": "iot", - "IoTSiteWise": "iotsitewise", - "IoTThingsGraph": "iotthingsgraph", - "IotData": "iot", - "IotDeviceAdvisor": "iotdeviceadvisor", - "Kafka": "kafka", - "Kinesis Analytics": "kinesisanalytics", - "Kinesis Analytics V2": "kinesisanalytics", - "KinesisAnalyticsV2": "kinesisanalytics", - "KinesisVideoArchivedMedia": "kinesisvideo", - "KinesisVideoMedia": "kinesisvideo", - "Kinesis Video": "kinesisvideo", - "Kinesis Video Archived Media": "kinesisvideo", - "Kinesis Video Media": "kinesisvideo", - "Kinesis Video Signaling": "kinesisvideo", - "KinesisVideoSignalingChannels": "kinesisvideo", - "LakeFormation": "lakeformation", - "Lex Model Building Service": "lex", - "Lex Models V2": "lex", - "Lex Runtime Service": "lex", - "Lex Runtime V2": "lex", - "LexModelBuildingService": "lex", - "LexModelsV2": "lex", - "LexRuntime": "lex", - "LexRuntimeV2": "lex", - "License Manager": "license-manager", - "LicenseManager": "license-manager", - "Location": "geo", - "LookoutVision": "lookoutvision", - "MTurk": "mechanicalturk", - "MWAA": "airflow", - "Macie2": "macie2", - "ManagedBlockchain": "managedblockchain", - "Machine Learning": "machinelearning", - "Marketplace Catalog": "aws-marketplace", - "Marketplace Commerce Analytics": "marketplacecommerceanalytics", - "Marketplace Entitlement Service": "aws-marketplace", - "Marketplace Metering": "aws-marketplace", - "MarketplaceCatalog": "aws-marketplace", - "MarketplaceEntitlementService": "aws-marketplace", - "MarketplaceMetering": "aws-marketplace", - "MediaConnect": "mediaconnect", - "MediaConvert": "mediaconvert", - "MediaLive": "medialive", - "MediaPackage Vod": "mediapackage-vod", - "MediaPackage": "mediapackage", - "MediaPackageVod": "mediapackage-vod", - "MediaStore Data": "mediastore", - "MediaStore": "mediastore", - "MediaStoreData": "mediastore", - "MediaTailor": "mediatailor", - "MigrationHub Config": "mgh", - "MigrationHub": "mgh", - "Migration Hub": "mgh", - "MigrationHubConfig": "mgh", - "Mobile": "mobilehub", - "Neptune": "rds", - "Network Firewall": "network-firewall", - "NetworkFirewall": "network-firewall", - "NetworkManager": "networkmanager", - "OpenSearch": "es", - "OpsWorksCM": "opsworks-cm", - "Outposts": "outposts", - "PI": "pi", - "Personalize Events": "personalize", - "Personalize Runtime": "personalize", - "Personalize": "personalize", - "PersonalizeEvents": "personalize", - "PersonalizeRuntime": "personalize", - "Pinpoint Email": "ses", - "Pinpoint SMS Voice": "sms-voice", - "Pinpoint": "mobiletargeting", - "PinpointEmail": "ses", - "PinpointSMSVoice": "sms-voice", - "Pricing": "pricing", - "QLDB Session": "qldb", - "QLDB": "qldb", - "QLDBSession": "qldb", - "RDS Data": "rds-data", - "RDSDataService": "rds-data", - "Redshift Data": "redshift-data", - "RedshiftData": "redshift-data", - "Resource Groups": "resource-groups", - "ResourceGroups": "resource-groups", - "ResourceGroupsTaggingAPI": "tag", - "Resource Groups Tagging API": "tag", - "Route 53": "route53", - "Route 53 Domains": "route53domains", - "RoboMaker": "robomaker", - "S3 Control": "s3", - "S3Control": "s3", - "S3Outposts": "s3-outposts", - "Service Catalog": "servicecatalog", - "SES": "ses", - "SESV2": "ses", - "SESv2": "ses", - "SSMContacts": "ssm-contacts", - "SSMIncidents": "ssm-incidents", - "SSO Admin": "sso", - "SSO OIDC": "sso-directory", - "SSO": "sso", - "SSOAdmin": "sso", - "SSOOIDC": "sso-directory", - "SageMaker A2I Runtime": "sagemaker", - "SageMaker FeatureStore Runtime": "sagemaker", - "SageMaker Runtime": "sagemaker", - "SageMaker": "sagemaker", - "SageMakerFeatureStoreRuntime": "sagemaker", - "SageMakerRuntime": "sagemaker", - "Sagemaker Edge": "sagemaker", - "SagemakerEdge": "sagemaker", + ], + "AppStream.CreateEntitlement": [ + { + "action": "appstream:CreateEntitlement", + "resource_mappings": { + "StackName": { + "template": "${StackName}" + } + } + } + ], + "AppStream.DeleteEntitlement": [ + { + "action": "appstream:DeleteEntitlement", + "resource_mappings": { + "StackName": { + "template": "${StackName}" + } + } + } + ], + "AppStream.DescribeEntitlements": [ + { + "action": "appstream:DescribeEntitlements", + "resource_mappings": { + "StackName": { + "template": "${StackName}" + } + } + } + ], + "AppStream.ListEntitledApplications": [ + { + "action": "appstream:ListEntitledApplications", + "resource_mappings": { + "StackName": { + "template": "${StackName}" + } + } + } + ], + "AppStream.UpdateEntitlement": [ + { + "action": "appstream:UpdateEntitlement", + "resource_mappings": { + "StackName": { + "template": "${StackName}" + } + } + } + ], + "CloudFront.CreateResponseHeadersPolicy": [ + { + "action": "cloudfront:CreateResponseHeadersPolicy", + "resource_mappings": { + "Id": { + "template": "*" + } + } + } + ], + "CloudFront.UpdateResponseHeadersPolicy": [ + { + "action": "cloudfront:UpdateResponseHeadersPolicy", + "resource_mappings": { + "Id": { + "template": "${Id}" + } + } + } + ], + "CloudTrail.CancelQuery": [ + { + "action": "cloudtrail:CancelQuery", + "resource_mappings": {} + } + ], + "CloudTrail.CreateEventDataStore": [ + { + "action": "cloudtrail:CreateEventDataStore", + "resource_mappings": { + "EventDataStoreId": { + "template": "*" + } + } + } + ], + "CloudTrail.DeleteEventDataStore": [ + { + "action": "cloudtrail:DeleteEventDataStore", + "resource_mappings": {}, + "resourcearn_mappings": { + "eventdatastore": "${EventDataStore}" + } + } + ], + "CloudTrail.DescribeQuery": [ + { + "action": "cloudtrail:DescribeQuery", + "resource_mappings": {} + } + ], + "CloudTrail.GetEventDataStore": [ + { + "action": "cloudtrail:GetEventDataStore", + "resource_mappings": {} + } + ], + "CloudTrail.GetQueryResults": [ + { + "action": "cloudtrail:GetQueryResults", + "resource_mappings": {} + } + ], + "CloudTrail.ListEventDataStores": [ + { + "action": "cloudtrail:ListEventDataStores", + "resource_mappings": {} + } + ], + "CloudTrail.ListQueries": [ + { + "action": "cloudtrail:ListQueries", + "resource_mappings": {} + } + ], + "CloudTrail.RestoreEventDataStore": [ + { + "action": "cloudtrail:RestoreEventDataStore", + "resource_mappings": {}, + "resourcearn_mappings": { + "eventdatastore": "${EventDataStore}" + } + } + ], + "CloudTrail.StartQuery": [ + { + "action": "cloudtrail:StartQuery", + "resource_mappings": {} + } + ], + "CloudTrail.UpdateEventDataStore": [ + { + "action": "cloudtrail:UpdateEventDataStore", + "resource_mappings": {}, + "resourcearn_mappings": { + "eventdatastore": "${EventDataStore}" + } + } + ], + "EC2.AllocateIpamPoolCidr": [ + { + "action": "ec2:AllocateIpamPoolCidr", + "resource_mappings": { + "IpamPoolId": { + "template": "${IpamPoolId}" + } + } + } + ], + "EC2.CreateIpam": [ + { + "action": "ec2:CreateIpam", + "resource_mappings": { + "IpamId": { + "template": "*" + } + } + }, + { + "action": "ec2:CreateTags", + "resource_mappings": { + "CapacityReservationId": { + "template": "*" + }, + "CapacityReservationFleetId": { + "template": "*" + }, + "ClientVpnEndpointId": { + "template": "*" + }, + "CustomerGatewayId": { + "template": "*" + }, + "DedicatedHostId": { + "template": "*" + }, + "DhcpOptionsId": { + "template": "*" + }, + "EgressOnlyInternetGatewayId": { + "template": "*" + }, + "ElasticGpuId": { + "template": "*" + }, + "AllocationId": { + "template": "*" + }, + "ExportImageTaskId": { + "template": "*" + }, + "ExportTaskId": { + "template": "*" + }, + "FleetId": { + "template": "*" + }, + "FpgaImageId": { + "template": "*" + }, + "HostReservationId": { + "template": "*" + }, + "ImageId": { + "template": "*" + }, + "ImportImageTaskId": { + "template": "*" + }, + "ImportSnapshotTaskId": { + "template": "*" + }, + "InstanceId": { + "template": "*" + }, + "InstanceEventWindowId": { + "template": "*" + }, + "InternetGatewayId": { + "template": "*" + }, + "IpamId": { + "template": "*" + }, + "IpamPoolId": { + "template": "*" + }, + "IpamScopeId": { + "template": "*" + }, + "Ipv4PoolEc2Id": { + "template": "*" + }, + "Ipv6PoolEc2Id": { + "template": "*" + }, + "KeyPairName": { + "template": "*" + }, + "LaunchTemplateId": { + "template": "*" + }, + "LocalGatewayId": { + "template": "*" + }, + "LocalGatewayRoutetableId": { + "template": "*" + }, + "LocalGatewayRouteTableVirtualInterfaceGroupAssociationId": { + "template": "*" + }, + "LocalGatewayRouteTableVpcAssociationId": { + "template": "*" + }, + "LocalGatewayVirtualInterfaceId": { + "template": "*" + }, + "LocalGatewayVirtualInterfaceGroupId": { + "template": "*" + }, + "NatGatewayId": { + "template": "*" + }, + "NaclId": { + "template": "*" + }, + "NetworkInsightsAccessScopeId": { + "template": "*" + }, + "NetworkInsightsAccessScopeAnalysisId": { + "template": "*" + }, + "NetworkInterfaceId": { + "template": "*" + }, + "PlacementGroupName": { + "template": "*" + }, + "PrefixListId": { + "template": "*" + }, + "ReplaceRootVolumeTaskId": { + "template": "*" + }, + "ReservationId": { + "template": "*" + }, + "RouteTableId": { + "template": "*" + }, + "SecurityGroupId": { + "template": "*" + }, + "SecurityGroupRuleId": { + "template": "*" + }, + "SnapshotId": { + "template": "*" + }, + "SpotFleetRequestId": { + "template": "*" + }, + "SpotInstanceRequestId": { + "template": "*" + }, + "SubnetId": { + "template": "*" + }, + "TrafficMirrorFilterId": { + "template": "*" + }, + "TrafficMirrorSessionId": { + "template": "*" + }, + "TrafficMirrorTargetId": { + "template": "*" + }, + "TransitGatewayId": { + "template": "*" + }, + "TransitGatewayAttachmentId": { + "template": "*" + }, + "TransitGatewayConnectPeerId": { + "template": "*" + }, + "TransitGatewayMulticastDomainId": { + "template": "*" + }, + "TransitGatewayRouteTableId": { + "template": "*" + }, + "VolumeId": { + "template": "*" + }, + "VpcId": { + "template": "*" + }, + "VpcEndpointId": { + "template": "*" + }, + "VpcEndpointServiceId": { + "template": "*" + }, + "VpcFlowLogId": { + "template": "*" + }, + "VpcPeeringConnectionId": { + "template": "*" + }, + "VpnConnectionId": { + "template": "*" + }, + "VpnGatewayId": { + "template": "*" + } + } + } + ], + "EC2.CreateIpamPool": [ + { + "action": "ec2:CreateIpamPool", + "resource_mappings": { + "IpamPoolId": { + "template": "*" + }, + "IpamScopeId": { + "template": "${IpamScopeId}" + } + } + }, + { + "action": "ec2:CreateTags", + "resource_mappings": { + "CapacityReservationId": { + "template": "*" + }, + "CapacityReservationFleetId": { + "template": "*" + }, + "ClientVpnEndpointId": { + "template": "*" + }, + "CustomerGatewayId": { + "template": "*" + }, + "DedicatedHostId": { + "template": "*" + }, + "DhcpOptionsId": { + "template": "*" + }, + "EgressOnlyInternetGatewayId": { + "template": "*" + }, + "ElasticGpuId": { + "template": "*" + }, + "AllocationId": { + "template": "*" + }, + "ExportImageTaskId": { + "template": "*" + }, + "ExportTaskId": { + "template": "*" + }, + "FleetId": { + "template": "*" + }, + "FpgaImageId": { + "template": "*" + }, + "HostReservationId": { + "template": "*" + }, + "ImageId": { + "template": "*" + }, + "ImportImageTaskId": { + "template": "*" + }, + "ImportSnapshotTaskId": { + "template": "*" + }, + "InstanceId": { + "template": "*" + }, + "InstanceEventWindowId": { + "template": "*" + }, + "InternetGatewayId": { + "template": "*" + }, + "IpamId": { + "template": "*" + }, + "IpamPoolId": { + "template": "*" + }, + "IpamScopeId": { + "template": "*" + }, + "Ipv4PoolEc2Id": { + "template": "*" + }, + "Ipv6PoolEc2Id": { + "template": "*" + }, + "KeyPairName": { + "template": "*" + }, + "LaunchTemplateId": { + "template": "*" + }, + "LocalGatewayId": { + "template": "*" + }, + "LocalGatewayRoutetableId": { + "template": "*" + }, + "LocalGatewayRouteTableVirtualInterfaceGroupAssociationId": { + "template": "*" + }, + "LocalGatewayRouteTableVpcAssociationId": { + "template": "*" + }, + "LocalGatewayVirtualInterfaceId": { + "template": "*" + }, + "LocalGatewayVirtualInterfaceGroupId": { + "template": "*" + }, + "NatGatewayId": { + "template": "*" + }, + "NaclId": { + "template": "*" + }, + "NetworkInsightsAccessScopeId": { + "template": "*" + }, + "NetworkInsightsAccessScopeAnalysisId": { + "template": "*" + }, + "NetworkInterfaceId": { + "template": "*" + }, + "PlacementGroupName": { + "template": "*" + }, + "PrefixListId": { + "template": "*" + }, + "ReplaceRootVolumeTaskId": { + "template": "*" + }, + "ReservationId": { + "template": "*" + }, + "RouteTableId": { + "template": "*" + }, + "SecurityGroupId": { + "template": "*" + }, + "SecurityGroupRuleId": { + "template": "*" + }, + "SnapshotId": { + "template": "*" + }, + "SpotFleetRequestId": { + "template": "*" + }, + "SpotInstanceRequestId": { + "template": "*" + }, + "SubnetId": { + "template": "*" + }, + "TrafficMirrorFilterId": { + "template": "*" + }, + "TrafficMirrorSessionId": { + "template": "*" + }, + "TrafficMirrorTargetId": { + "template": "*" + }, + "TransitGatewayId": { + "template": "*" + }, + "TransitGatewayAttachmentId": { + "template": "*" + }, + "TransitGatewayConnectPeerId": { + "template": "*" + }, + "TransitGatewayMulticastDomainId": { + "template": "*" + }, + "TransitGatewayRouteTableId": { + "template": "*" + }, + "VolumeId": { + "template": "*" + }, + "VpcId": { + "template": "*" + }, + "VpcEndpointId": { + "template": "*" + }, + "VpcEndpointServiceId": { + "template": "*" + }, + "VpcFlowLogId": { + "template": "*" + }, + "VpcPeeringConnectionId": { + "template": "*" + }, + "VpnConnectionId": { + "template": "*" + }, + "VpnGatewayId": { + "template": "*" + } + } + } + ], + "EC2.CreateIpamScope": [ + { + "action": "ec2:CreateIpamScope", + "resource_mappings": { + "IpamId": { + "template": "${IpamId}" + }, + "IpamScopeId": { + "template": "*" + } + } + }, + { + "action": "ec2:CreateTags", + "resource_mappings": { + "CapacityReservationId": { + "template": "*" + }, + "CapacityReservationFleetId": { + "template": "*" + }, + "ClientVpnEndpointId": { + "template": "*" + }, + "CustomerGatewayId": { + "template": "*" + }, + "DedicatedHostId": { + "template": "*" + }, + "DhcpOptionsId": { + "template": "*" + }, + "EgressOnlyInternetGatewayId": { + "template": "*" + }, + "ElasticGpuId": { + "template": "*" + }, + "AllocationId": { + "template": "*" + }, + "ExportImageTaskId": { + "template": "*" + }, + "ExportTaskId": { + "template": "*" + }, + "FleetId": { + "template": "*" + }, + "FpgaImageId": { + "template": "*" + }, + "HostReservationId": { + "template": "*" + }, + "ImageId": { + "template": "*" + }, + "ImportImageTaskId": { + "template": "*" + }, + "ImportSnapshotTaskId": { + "template": "*" + }, + "InstanceId": { + "template": "*" + }, + "InstanceEventWindowId": { + "template": "*" + }, + "InternetGatewayId": { + "template": "*" + }, + "IpamId": { + "template": "*" + }, + "IpamPoolId": { + "template": "*" + }, + "IpamScopeId": { + "template": "*" + }, + "Ipv4PoolEc2Id": { + "template": "*" + }, + "Ipv6PoolEc2Id": { + "template": "*" + }, + "KeyPairName": { + "template": "*" + }, + "LaunchTemplateId": { + "template": "*" + }, + "LocalGatewayId": { + "template": "*" + }, + "LocalGatewayRoutetableId": { + "template": "*" + }, + "LocalGatewayRouteTableVirtualInterfaceGroupAssociationId": { + "template": "*" + }, + "LocalGatewayRouteTableVpcAssociationId": { + "template": "*" + }, + "LocalGatewayVirtualInterfaceId": { + "template": "*" + }, + "LocalGatewayVirtualInterfaceGroupId": { + "template": "*" + }, + "NatGatewayId": { + "template": "*" + }, + "NaclId": { + "template": "*" + }, + "NetworkInsightsAccessScopeId": { + "template": "*" + }, + "NetworkInsightsAccessScopeAnalysisId": { + "template": "*" + }, + "NetworkInterfaceId": { + "template": "*" + }, + "PlacementGroupName": { + "template": "*" + }, + "PrefixListId": { + "template": "*" + }, + "ReplaceRootVolumeTaskId": { + "template": "*" + }, + "ReservationId": { + "template": "*" + }, + "RouteTableId": { + "template": "*" + }, + "SecurityGroupId": { + "template": "*" + }, + "SecurityGroupRuleId": { + "template": "*" + }, + "SnapshotId": { + "template": "*" + }, + "SpotFleetRequestId": { + "template": "*" + }, + "SpotInstanceRequestId": { + "template": "*" + }, + "SubnetId": { + "template": "*" + }, + "TrafficMirrorFilterId": { + "template": "*" + }, + "TrafficMirrorSessionId": { + "template": "*" + }, + "TrafficMirrorTargetId": { + "template": "*" + }, + "TransitGatewayId": { + "template": "*" + }, + "TransitGatewayAttachmentId": { + "template": "*" + }, + "TransitGatewayConnectPeerId": { + "template": "*" + }, + "TransitGatewayMulticastDomainId": { + "template": "*" + }, + "TransitGatewayRouteTableId": { + "template": "*" + }, + "VolumeId": { + "template": "*" + }, + "VpcId": { + "template": "*" + }, + "VpcEndpointId": { + "template": "*" + }, + "VpcEndpointServiceId": { + "template": "*" + }, + "VpcFlowLogId": { + "template": "*" + }, + "VpcPeeringConnectionId": { + "template": "*" + }, + "VpnConnectionId": { + "template": "*" + }, + "VpnGatewayId": { + "template": "*" + } + } + } + ], + "EC2.CreateNetworkInsightsAccessScope": [ + { + "action": "ec2:CreateNetworkInsightsAccessScope", + "resource_mappings": { + "NetworkInsightsAccessScopeId": { + "template": "*" + } + } + }, + { + "action": "ec2:CreateTags", + "resource_mappings": { + "CapacityReservationId": { + "template": "*" + }, + "CapacityReservationFleetId": { + "template": "*" + }, + "ClientVpnEndpointId": { + "template": "*" + }, + "CustomerGatewayId": { + "template": "*" + }, + "DedicatedHostId": { + "template": "*" + }, + "DhcpOptionsId": { + "template": "*" + }, + "EgressOnlyInternetGatewayId": { + "template": "*" + }, + "ElasticGpuId": { + "template": "*" + }, + "AllocationId": { + "template": "*" + }, + "ExportImageTaskId": { + "template": "*" + }, + "ExportTaskId": { + "template": "*" + }, + "FleetId": { + "template": "*" + }, + "FpgaImageId": { + "template": "*" + }, + "HostReservationId": { + "template": "*" + }, + "ImageId": { + "template": "*" + }, + "ImportImageTaskId": { + "template": "*" + }, + "ImportSnapshotTaskId": { + "template": "*" + }, + "InstanceId": { + "template": "*" + }, + "InstanceEventWindowId": { + "template": "*" + }, + "InternetGatewayId": { + "template": "*" + }, + "IpamId": { + "template": "*" + }, + "IpamPoolId": { + "template": "*" + }, + "IpamScopeId": { + "template": "*" + }, + "Ipv4PoolEc2Id": { + "template": "*" + }, + "Ipv6PoolEc2Id": { + "template": "*" + }, + "KeyPairName": { + "template": "*" + }, + "LaunchTemplateId": { + "template": "*" + }, + "LocalGatewayId": { + "template": "*" + }, + "LocalGatewayRoutetableId": { + "template": "*" + }, + "LocalGatewayRouteTableVirtualInterfaceGroupAssociationId": { + "template": "*" + }, + "LocalGatewayRouteTableVpcAssociationId": { + "template": "*" + }, + "LocalGatewayVirtualInterfaceId": { + "template": "*" + }, + "LocalGatewayVirtualInterfaceGroupId": { + "template": "*" + }, + "NatGatewayId": { + "template": "*" + }, + "NaclId": { + "template": "*" + }, + "NetworkInsightsAccessScopeId": { + "template": "*" + }, + "NetworkInsightsAccessScopeAnalysisId": { + "template": "*" + }, + "NetworkInterfaceId": { + "template": "*" + }, + "PlacementGroupName": { + "template": "*" + }, + "PrefixListId": { + "template": "*" + }, + "ReplaceRootVolumeTaskId": { + "template": "*" + }, + "ReservationId": { + "template": "*" + }, + "RouteTableId": { + "template": "*" + }, + "SecurityGroupId": { + "template": "*" + }, + "SecurityGroupRuleId": { + "template": "*" + }, + "SnapshotId": { + "template": "*" + }, + "SpotFleetRequestId": { + "template": "*" + }, + "SpotInstanceRequestId": { + "template": "*" + }, + "SubnetId": { + "template": "*" + }, + "TrafficMirrorFilterId": { + "template": "*" + }, + "TrafficMirrorSessionId": { + "template": "*" + }, + "TrafficMirrorTargetId": { + "template": "*" + }, + "TransitGatewayId": { + "template": "*" + }, + "TransitGatewayAttachmentId": { + "template": "*" + }, + "TransitGatewayConnectPeerId": { + "template": "*" + }, + "TransitGatewayMulticastDomainId": { + "template": "*" + }, + "TransitGatewayRouteTableId": { + "template": "*" + }, + "VolumeId": { + "template": "*" + }, + "VpcId": { + "template": "*" + }, + "VpcEndpointId": { + "template": "*" + }, + "VpcEndpointServiceId": { + "template": "*" + }, + "VpcFlowLogId": { + "template": "*" + }, + "VpcPeeringConnectionId": { + "template": "*" + }, + "VpnConnectionId": { + "template": "*" + }, + "VpnGatewayId": { + "template": "*" + } + } + } + ], + "EC2.CreatePublicIpv4Pool": [ + { + "action": "ec2:CreatePublicIpv4Pool", + "resource_mappings": { + "NetworkInsightsAccessScopeId": { + "template": "*" + } + } + }, + { + "action": "ec2:CreateTags", + "resource_mappings": { + "CapacityReservationId": { + "template": "*" + }, + "CapacityReservationFleetId": { + "template": "*" + }, + "ClientVpnEndpointId": { + "template": "*" + }, + "CustomerGatewayId": { + "template": "*" + }, + "DedicatedHostId": { + "template": "*" + }, + "DhcpOptionsId": { + "template": "*" + }, + "EgressOnlyInternetGatewayId": { + "template": "*" + }, + "ElasticGpuId": { + "template": "*" + }, + "AllocationId": { + "template": "*" + }, + "ExportImageTaskId": { + "template": "*" + }, + "ExportTaskId": { + "template": "*" + }, + "FleetId": { + "template": "*" + }, + "FpgaImageId": { + "template": "*" + }, + "HostReservationId": { + "template": "*" + }, + "ImageId": { + "template": "*" + }, + "ImportImageTaskId": { + "template": "*" + }, + "ImportSnapshotTaskId": { + "template": "*" + }, + "InstanceId": { + "template": "*" + }, + "InstanceEventWindowId": { + "template": "*" + }, + "InternetGatewayId": { + "template": "*" + }, + "IpamId": { + "template": "*" + }, + "IpamPoolId": { + "template": "*" + }, + "IpamScopeId": { + "template": "*" + }, + "Ipv4PoolEc2Id": { + "template": "*" + }, + "Ipv6PoolEc2Id": { + "template": "*" + }, + "KeyPairName": { + "template": "*" + }, + "LaunchTemplateId": { + "template": "*" + }, + "LocalGatewayId": { + "template": "*" + }, + "LocalGatewayRoutetableId": { + "template": "*" + }, + "LocalGatewayRouteTableVirtualInterfaceGroupAssociationId": { + "template": "*" + }, + "LocalGatewayRouteTableVpcAssociationId": { + "template": "*" + }, + "LocalGatewayVirtualInterfaceId": { + "template": "*" + }, + "LocalGatewayVirtualInterfaceGroupId": { + "template": "*" + }, + "NatGatewayId": { + "template": "*" + }, + "NaclId": { + "template": "*" + }, + "NetworkInsightsAccessScopeId": { + "template": "*" + }, + "NetworkInsightsAccessScopeAnalysisId": { + "template": "*" + }, + "NetworkInterfaceId": { + "template": "*" + }, + "PlacementGroupName": { + "template": "*" + }, + "PrefixListId": { + "template": "*" + }, + "ReplaceRootVolumeTaskId": { + "template": "*" + }, + "ReservationId": { + "template": "*" + }, + "RouteTableId": { + "template": "*" + }, + "SecurityGroupId": { + "template": "*" + }, + "SecurityGroupRuleId": { + "template": "*" + }, + "SnapshotId": { + "template": "*" + }, + "SpotFleetRequestId": { + "template": "*" + }, + "SpotInstanceRequestId": { + "template": "*" + }, + "SubnetId": { + "template": "*" + }, + "TrafficMirrorFilterId": { + "template": "*" + }, + "TrafficMirrorSessionId": { + "template": "*" + }, + "TrafficMirrorTargetId": { + "template": "*" + }, + "TransitGatewayId": { + "template": "*" + }, + "TransitGatewayAttachmentId": { + "template": "*" + }, + "TransitGatewayConnectPeerId": { + "template": "*" + }, + "TransitGatewayMulticastDomainId": { + "template": "*" + }, + "TransitGatewayRouteTableId": { + "template": "*" + }, + "VolumeId": { + "template": "*" + }, + "VpcId": { + "template": "*" + }, + "VpcEndpointId": { + "template": "*" + }, + "VpcEndpointServiceId": { + "template": "*" + }, + "VpcFlowLogId": { + "template": "*" + }, + "VpcPeeringConnectionId": { + "template": "*" + }, + "VpnConnectionId": { + "template": "*" + }, + "VpnGatewayId": { + "template": "*" + } + } + } + ], + "EC2.DeleteIpam": [ + { + "action": "ec2:DeleteIpam", + "resource_mappings": { + "IpamId": { + "template": "${IpamId}" + } + } + } + ], + "EC2.DeleteIpamPool": [ + { + "action": "ec2:DeleteIpamPool", + "resource_mappings": { + "IpamPoolId": { + "template": "${IpamPoolId}" + } + } + } + ], + "EC2.DeleteIpamScope": [ + { + "action": "ec2:DeleteIpamScope", + "resource_mappings": { + "IpamScopeId": { + "template": "${IpamScopeId}" + } + } + } + ], + "EC2.DeleteNetworkInsightsAccessScope": [ + { + "action": "ec2:DeleteNetworkInsightsAccessScope", + "resource_mappings": { + "NetworkInsightsAccessScopeId": { + "template": "${NetworkInsightsAccessScopeId}" + } + } + } + ], + "EC2.DeleteNetworkInsightsAccessScopeAnalysis": [ + { + "action": "ec2:DeleteNetworkInsightsAccessScopeAnalysis", + "resource_mappings": { + "NetworkInsightsAccessScopeAnalysisId": { + "template": "${NetworkInsightsAccessScopeAnalysisId}" + } + } + } + ], + "EC2.DeletePublicIpv4Pool": [ + { + "action": "ec2:DeletePublicIpv4Pool", + "resource_mappings": { + "Ipv4PoolEc2Id": { + "template": "${PoolId}" + } + } + } + ], + "EC2.DeprovisionIpamPoolCidr": [ + { + "action": "ec2:DeprovisionIpamPoolCidr", + "resource_mappings": { + "IpamPoolId": { + "template": "${IpamPoolId}" + } + } + } + ], + "EC2.DeprovisionPublicIpv4PoolCidr": [ + { + "action": "ec2:DeprovisionPublicIpv4PoolCidr", + "resource_mappings": { + "Ipv4PoolEc2Id": { + "template": "${PoolId}" + } + } + } + ], + "EC2.DescribeFastLaunchImages": [ + { + "action": "ec2:DescribeFastLaunchImages", + "resource_mappings": { + "ImageId": { + "template": "${ImageIds[]}" + } + } + } + ], + "EC2.DescribeIpamPools": [ + { + "action": "ec2:DescribeIpamPools", + "resource_mappings": {} + } + ], + "EC2.DescribeIpamScopes": [ + { + "action": "ec2:DescribeIpamScopes", + "resource_mappings": {} + } + ], + "EC2.DescribeIpams": [ + { + "action": "ec2:DescribeIpams", + "resource_mappings": {} + } + ], + "EC2.DescribeNetworkInsightsAccessScopeAnalyses": [ + { + "action": "ec2:DescribeNetworkInsightsAccessScopeAnalyses", + "resource_mappings": {} + } + ], + "EC2.DescribeNetworkInsightsAccessScopes": [ + { + "action": "ec2:DescribeNetworkInsightsAccessScopes", + "resource_mappings": {} + } + ], + "EC2.DescribeSnapshotTierStatus": [ + { + "action": "ec2:DescribeSnapshotTierStatus", + "resource_mappings": {} + } + ], + "EC2.DisableFastLaunch": [ + { + "action": "ec2:DisableFastLaunch", + "resource_mappings": { + "ImageId": { + "template": "${ImageId}" + } + } + } + ], + "EC2.DisableIpamOrganizationAdminAccount": [ + { + "action": "ec2:DisableIpamOrganizationAdminAccount", + "resource_mappings": {} + }, + { + "action": "organizations:DeregisterDelegatedAdministrator", + "resource_mappings": { + "MasterAccountId": { + "template": "*" + }, + "OrganizationId": { + "template": "*" + }, + "AccountId": { + "template": "*" + } + } + } + ], + "EC2.EnableFastLaunch": [ + { + "action": "ec2:EnableFastLaunch", + "resource_mappings": { + "ImageId": { + "template": "${ImageId}" + }, + "LaunchTemplateId": { + "template": "${LaunchTemplate.LaunchTemplateId}" + } + } + } + ], + "EC2.EnableIpamOrganizationAdminAccount": [ + { + "action": "ec2:EnableIpamOrganizationAdminAccount", + "resource_mappings": {} + }, + { + "action": "iam:CreateServiceLinkedRole", + "resource_mappings": { + "RoleNameWithPath": { + "template": "*" + } + } + }, + { + "action": "organizations:EnableAWSServiceAccess", + "resource_mappings": {} + }, + { + "action": "organizations:RegisterDelegatedAdministrator", + "resource_mappings": { + "MasterAccountId": { + "template": "*" + }, + "OrganizationId": { + "template": "*" + }, + "AccountId": { + "template": "*" + } + } + } + ], + "EC2.GetInstanceTypesFromInstanceRequirements": [ + { + "action": "ec2:GetInstanceTypesFromInstanceRequirements", + "resource_mappings": {} + } + ], + "EC2.GetIpamAddressHistory": [ + { + "action": "ec2:GetIpamAddressHistory", + "resource_mappings": { + "IpamScopeId": { + "template": "${IpamScopeId}" + } + } + } + ], + "EC2.GetIpamPoolAllocations": [ + { + "action": "ec2:GetIpamPoolAllocations", + "resource_mappings": { + "IpamPoolId": { + "template": "${IpamPoolId}" + } + } + } + ], + "EC2.GetIpamPoolCidrs": [ + { + "action": "ec2:GetIpamPoolCidrs", + "resource_mappings": { + "IpamPoolId": { + "template": "${IpamPoolId}" + } + } + } + ], + "EC2.GetIpamResourceCidrs": [ + { + "action": "ec2:GetIpamResourceCidrs", + "resource_mappings": { + "IpamPoolId": { + "template": "${IpamPoolId}" + }, + "IpamScopeId": { + "template": "${IpamScopeId}" + } + } + } + ], + "EC2.GetNetworkInsightsAccessScopeAnalysisFindings": [ + { + "action": "ec2:GetNetworkInsightsAccessScopeAnalysisFindings", + "resource_mappings": {} + } + ], + "EC2.GetNetworkInsightsAccessScopeContent": [ + { + "action": "ec2:GetNetworkInsightsAccessScopeContent", + "resource_mappings": {} + } + ], + "EC2.GetSpotPlacementScores": [ + { + "action": "ec2:GetSpotPlacementScores", + "resource_mappings": {} + } + ], + "EC2.ListSnapshotsInRecycleBin": [ + { + "action": "ec2:ListSnapshotsInRecycleBin", + "resource_mappings": { + "SnapshotId": { + "template": "${SnapshotIds[]}" + } + } + } + ], + "EC2.ModifyIpam": [ + { + "action": "ec2:ModifyIpam", + "resource_mappings": { + "IpamId": { + "template": "${IpamId}" + } + } + } + ], + "EC2.ModifyIpamPool": [ + { + "action": "ec2:ModifyIpamPool", + "resource_mappings": { + "IpamPoolId": { + "template": "${IpamPoolId}" + } + } + } + ], + "EC2.ModifyIpamResourceCidr": [ + { + "action": "ec2:ModifyIpamResourceCidr", + "resource_mappings": { + "IpamScopeId": { + "template": "%%many%${CurrentIpamScopeId}%${DestinationIpamScopeId}%%" + } + } + } + ], + "EC2.ModifyIpamScope": [ + { + "action": "ec2:ModifyIpamScope", + "resource_mappings": { + "IpamScopeId": { + "template": "${IpamScopeId}" + } + } + } + ], + "EC2.ModifyPrivateDnsNameOptions": [ + { + "action": "ec2:ModifyPrivateDnsNameOptions", + "resource_mappings": { + "InstanceId": { + "template": "${InstanceId}" + } + } + } + ], + "EC2.ModifySnapshotTier": [ + { + "action": "ec2:ModifySnapshotTier", + "resource_mappings": { + "SnapshotId": { + "template": "${SnapshotId}" + } + } + } + ], + "EC2.ModifyVpcEndpointServicePayerResponsibility": [ + { + "action": "ec2:ModifyVpcEndpointServicePayerResponsibility", + "resource_mappings": { + "VpcEndpointServiceId": { + "template": "${ServiceId}" + } + } + } + ], + "EC2.MoveByoipCidrToIpam": [ + { + "action": "ec2:MoveByoipCidrToIpam", + "resource_mappings": { + "IpamPoolId": { + "template": "${IpamPoolId}" + } + } + } + ], + "EC2.ProvisionIpamPoolCidr": [ + { + "action": "ec2:ProvisionIpamPoolCidr", + "resource_mappings": { + "IpamPoolId": { + "template": "${IpamPoolId}" + } + } + } + ], + "EC2.ProvisionPublicIpv4PoolCidr": [ + { + "action": "ec2:ProvisionPublicIpv4PoolCidr", + "resource_mappings": { + "IpamPoolId": { + "template": "${IpamPoolId}" + }, + "Ipv4PoolEc2Id": { + "template": "${PoolId}" + } + } + } + ], + "EC2.ReleaseIpamPoolAllocation": [ + { + "action": "ec2:ReleaseIpamPoolAllocation", + "resource_mappings": { + "IpamPoolId": { + "template": "${IpamPoolId}" + } + } + } + ], + "EC2.RestoreSnapshotFromRecycleBin": [ + { + "action": "ec2:RestoreSnapshotFromRecycleBin", + "resource_mappings": { + "SnapshotId": { + "template": "${SnapshotId}" + } + } + } + ], + "EC2.RestoreSnapshotTier": [ + { + "action": "ec2:RestoreSnapshotTier", + "resource_mappings": { + "SnapshotId": { + "template": "${SnapshotId}" + } + } + } + ], + "EC2.StartNetworkInsightsAccessScopeAnalysis": [ + { + "action": "ec2:StartNetworkInsightsAccessScopeAnalysis", + "resource_mappings": { + "NetworkInsightsAccessScopeId": { + "template": "${NetworkInsightsAccessScopeId}" + } + } + }, + { + "action": "ec2:CreateTags", + "resource_mappings": { + "CapacityReservationId": { + "template": "*" + }, + "CapacityReservationFleetId": { + "template": "*" + }, + "ClientVpnEndpointId": { + "template": "*" + }, + "CustomerGatewayId": { + "template": "*" + }, + "DedicatedHostId": { + "template": "*" + }, + "DhcpOptionsId": { + "template": "*" + }, + "EgressOnlyInternetGatewayId": { + "template": "*" + }, + "ElasticGpuId": { + "template": "*" + }, + "AllocationId": { + "template": "*" + }, + "ExportImageTaskId": { + "template": "*" + }, + "ExportTaskId": { + "template": "*" + }, + "FleetId": { + "template": "*" + }, + "FpgaImageId": { + "template": "*" + }, + "HostReservationId": { + "template": "*" + }, + "ImageId": { + "template": "*" + }, + "ImportImageTaskId": { + "template": "*" + }, + "ImportSnapshotTaskId": { + "template": "*" + }, + "InstanceId": { + "template": "*" + }, + "InstanceEventWindowId": { + "template": "*" + }, + "InternetGatewayId": { + "template": "*" + }, + "IpamId": { + "template": "*" + }, + "IpamPoolId": { + "template": "*" + }, + "IpamScopeId": { + "template": "*" + }, + "Ipv4PoolEc2Id": { + "template": "*" + }, + "Ipv6PoolEc2Id": { + "template": "*" + }, + "KeyPairName": { + "template": "*" + }, + "LaunchTemplateId": { + "template": "*" + }, + "LocalGatewayId": { + "template": "*" + }, + "LocalGatewayRoutetableId": { + "template": "*" + }, + "LocalGatewayRouteTableVirtualInterfaceGroupAssociationId": { + "template": "*" + }, + "LocalGatewayRouteTableVpcAssociationId": { + "template": "*" + }, + "LocalGatewayVirtualInterfaceId": { + "template": "*" + }, + "LocalGatewayVirtualInterfaceGroupId": { + "template": "*" + }, + "NatGatewayId": { + "template": "*" + }, + "NaclId": { + "template": "*" + }, + "NetworkInsightsAccessScopeId": { + "template": "*" + }, + "NetworkInsightsAccessScopeAnalysisId": { + "template": "*" + }, + "NetworkInterfaceId": { + "template": "*" + }, + "PlacementGroupName": { + "template": "*" + }, + "PrefixListId": { + "template": "*" + }, + "ReplaceRootVolumeTaskId": { + "template": "*" + }, + "ReservationId": { + "template": "*" + }, + "RouteTableId": { + "template": "*" + }, + "SecurityGroupId": { + "template": "*" + }, + "SecurityGroupRuleId": { + "template": "*" + }, + "SnapshotId": { + "template": "*" + }, + "SpotFleetRequestId": { + "template": "*" + }, + "SpotInstanceRequestId": { + "template": "*" + }, + "SubnetId": { + "template": "*" + }, + "TrafficMirrorFilterId": { + "template": "*" + }, + "TrafficMirrorSessionId": { + "template": "*" + }, + "TrafficMirrorTargetId": { + "template": "*" + }, + "TransitGatewayId": { + "template": "*" + }, + "TransitGatewayAttachmentId": { + "template": "*" + }, + "TransitGatewayConnectPeerId": { + "template": "*" + }, + "TransitGatewayMulticastDomainId": { + "template": "*" + }, + "TransitGatewayRouteTableId": { + "template": "*" + }, + "VolumeId": { + "template": "*" + }, + "VpcId": { + "template": "*" + }, + "VpcEndpointId": { + "template": "*" + }, + "VpcEndpointServiceId": { + "template": "*" + }, + "VpcFlowLogId": { + "template": "*" + }, + "VpcPeeringConnectionId": { + "template": "*" + }, + "VpnConnectionId": { + "template": "*" + }, + "VpnGatewayId": { + "template": "*" + } + } + } + ], + "Route53Domains.DeleteDomain": [ + { + "action": "route53domains:DeleteDomain", + "resource_mappings": {} + } + ], + "Route53Domains.ListPrices": [ + { + "action": "route53domains:ListPrices", + "resource_mappings": {} + } + ], + "Shield.DisableApplicationLayerAutomaticResponse": [ + { + "action": "shield:DisableApplicationLayerAutomaticResponse", + "resource_mappings": {} + } + ], + "Shield.EnableApplicationLayerAutomaticResponse": [ + { + "action": "shield:EnableApplicationLayerAutomaticResponse", + "resource_mappings": {} + }, + { + "action": "cloudfront:GetDistribution", + "resource_mappings": {}, + "resourcearn_mappings": { + "distribution": "%%iftemplatematch%${ResourceArn}%%" + } + }, + { + "action": "iam:CreateServiceLinkedRole", + "resource_mappings": { + "RoleNameWithPath": { + "template": "*" + } + } + }, + { + "action": "iam:GetRole", + "resource_mappings": { + "RoleNameWithPath": { + "template": "*" + } + } + } + ], + "Shield.UpdateApplicationLayerAutomaticResponse": [ + { + "action": "shield:UpdateApplicationLayerAutomaticResponse", + "resource_mappings": {} + } + ], + "AppSync.AssociateApi": [ + { + "action": "appsync:AssociateApi", + "resource_mappings": { + "DomainName": { + "template": "${domainName}" + } + } + } + ], + "AppSync.CreateDomainName": [ + { + "action": "appsync:CreateDomainName", + "resource_mappings": {} + } + ], + "AppSync.DeleteDomainName": [ + { + "action": "appsync:DeleteDomainName", + "resource_mappings": { + "DomainName": { + "template": "${domainName}" + } + } + } + ], + "AppSync.DisassociateApi": [ + { + "action": "appsync:DisassociateApi", + "resource_mappings": { + "DomainName": { + "template": "${domainName}" + } + } + } + ], + "AppSync.GetApiAssociation": [ + { + "action": "appsync:GetApiAssociation", + "resource_mappings": { + "DomainName": { + "template": "${domainName}" + } + } + } + ], + "AppSync.GetDomainName": [ + { + "action": "appsync:GetDomainName", + "resource_mappings": { + "DomainName": { + "template": "${domainName}" + } + } + } + ], + "AppSync.ListDomainNames": [ + { + "action": "appsync:ListDomainNames", + "resource_mappings": {} + } + ], + "AppSync.UpdateDomainName": [ + { + "action": "appsync:UpdateDomainName", + "resource_mappings": { + "DomainName": { + "template": "${domainName}" + } + } + } + ], + "PI.GetResourceMetadata": [ + { + "action": "pi:GetResourceMetadata", + "resource_mappings": { + "ServiceType": { + "template": "${ServiceType}" + }, + "Identifier": { + "template": "${Identifier}" + } + } + } + ], + "PI.ListAvailableResourceDimensions": [ + { + "action": "pi:ListAvailableResourceDimensions", + "resource_mappings": { + "ServiceType": { + "template": "${ServiceType}" + }, + "Identifier": { + "template": "${Identifier}" + } + } + } + ], + "PI.ListAvailableResourceMetrics": [ + { + "action": "pi:ListAvailableResourceMetrics", + "resource_mappings": { + "ServiceType": { + "template": "${ServiceType}" + }, + "Identifier": { + "template": "${Identifier}" + } + } + } + ], + "EKS.RegisterCluster": [ + { + "action": "eks:RegisterCluster", + "resource_mappings": {} + } + ], + "LakeFormation.CreateDataCellsFilter": [ + { + "action": "lakeformation:CreateDataCellsFilter", + "resource_mappings": {} + } + ], + "LakeFormation.DeleteDataCellsFilter": [ + { + "action": "lakeformation:DeleteDataCellsFilter", + "resource_mappings": {} + } + ], + "LakeFormation.GetWorkUnitResults": [ + { + "action": "lakeformation:GetWorkUnitResults", + "resource_mappings": {} + }, + { + "action": "lakeformation:GetWorkUnits", + "resource_mappings": {} + }, + { + "action": "lakeformation:StartQueryPlanning", + "resource_mappings": {} + } + ], + "LakeFormation.StartQueryPlanning": [ + { + "action": "lakeformation:StartQueryPlanning", + "resource_mappings": {} + } + ], + "LakeFormation.UpdateTableStorageOptimizer": [ + { + "action": "lakeformation:UpdateTableStorageOptimizer", + "resource_mappings": {} + } + ], + "Outposts.UpdateOutpost": [ + { + "action": "outposts:UpdateOutpost", + "resource_mappings": {} + } + ], + "Outposts.UpdateSiteAddress": [ + { + "action": "outposts:UpdateSiteAddress", + "resource_mappings": {} + } + ], + "Detective.DescribeOrganizationConfiguration": [ + { + "action": "detective:DescribeOrganizationConfiguration", + "resource_mappings": {}, + "resourcearn_mappings": { + "Graph": "${GraphArn}" + } + }, + { + "action": "organizations:DescribeOrganization", + "resource_mappings": {} + } + ], + "Detective.DisableOrganizationAdminAccount": [ + { + "action": "detective:DisableOrganizationAdminAccount", + "resource_mappings": { + "ResourceId": { + "template": "*" + } + } + }, + { + "action": "organizations:DescribeOrganization", + "resource_mappings": {} + } + ], + "Detective.EnableOrganizationAdminAccount": [ + { + "action": "detective:EnableOrganizationAdminAccount", + "resource_mappings": {} + }, + { + "action": "iam:CreateServiceLinkedRole", + "resource_mappings": { + "RoleNameWithPath": { + "template": "*" + } + } + }, + { + "action": "organizations:DescribeOrganization", + "resource_mappings": {} + }, + { + "action": "organizations:EnableAWSServiceAccess", + "resource_mappings": {} + }, + { + "action": "organizations:RegisterDelegatedAdministrator", + "resource_mappings": { + "MasterAccountId": { + "template": "*" + }, + "OrganizationId": { + "template": "*" + }, + "AccountId": { + "template": "*" + } + } + } + ], + "Detective.ListOrganizationAdminAccounts": [ + { + "action": "detective:ListOrganizationAdminAccounts", + "resource_mappings": { + "ResourceId": { + "template": "*" + } + } + }, + { + "action": "organizations:DescribeOrganization", + "resource_mappings": {} + } + ], + "Detective.UpdateOrganizationConfiguration": [ + { + "action": "detective:UpdateOrganizationConfiguration", + "resource_mappings": {}, + "resourcearn_mappings": { + "Graph": "${GraphArn}" + } + }, + { + "action": "organizations:DescribeOrganization", + "resource_mappings": {} + } + ], + "NetworkFirewall.DescribeRuleGroupMetadata": [ + { + "action": "network-firewall:DescribeRuleGroupMetadata", + "resource_mappings": {}, + "resourcearn_mappings": { + "StatefulRuleGroup": "%%iftemplatematch%${RuleGroupArn}%%", + "StatelessRuleGroup": "%%iftemplatematch%${RuleGroupArn}%%" + } + } + ], + "LookoutVision.DescribeModelPackagingJob": [ + { + "action": "lookoutvision:DescribeModelPackagingJob", + "resource_mappings": {} + } + ], + "LookoutVision.ListModelPackagingJobs": [ + { + "action": "lookoutvision:ListModelPackagingJobs", + "resource_mappings": {} + } + ], + "LookoutVision.StartModelPackagingJob": [ + { + "action": "lookoutvision:StartModelPackagingJob", + "resource_mappings": { + "ProjectName": { + "template": "${ProjectName}" + }, + "ModelVersion": { + "template": "${ModelVersion}" + } + } + } + ], + "GreengrassV2.AssociateServiceRoleToAccount": [ + { + "action": "greengrass:AssociateServiceRoleToAccount", + "resource_mappings": {} + } + ], + "GreengrassV2.DisassociateServiceRoleFromAccount": [ + { + "action": "greengrass:DisassociateServiceRoleFromAccount", + "resource_mappings": {} + } + ], + "GreengrassV2.GetConnectivityInfo": [ + { + "action": "greengrass:GetConnectivityInfo", + "resource_mappings": { + "ThingName": { + "template": "${thingName}" + } + } + } + ], + "GreengrassV2.GetServiceRoleForAccount": [ + { + "action": "greengrass:GetServiceRoleForAccount", + "resource_mappings": {} + } + ], + "GreengrassV2.UpdateConnectivityInfo": [ + { + "action": "greengrass:UpdateConnectivityInfo", + "resource_mappings": { + "ThingName": { + "template": "${thingName}" + } + } + } + ], + "Location.SearchPlaceIndexForSuggestions": [ + { + "action": "geo:SearchPlaceIndexForSuggestions", + "resource_mappings": { + "IndexName": { + "template": "${IndexName}" + } + } + } + ], + "LexModelsV2.DeleteCustomVocabulary": [ + { + "action": "lex:DeleteCustomVocabulary", + "resource_mappings": { + "BotId": { + "template": "${botId}" + } + } + } + ], + "LexModelsV2.DescribeCustomVocabularyMetadata": [ + { + "action": "lex:DescribeCustomVocabularyMetadata", + "resource_mappings": { + "BotId": { + "template": "${botId}" + } + } + } + ], + "LookoutMetrics.DeactivateAnomalyDetector": [ + { + "action": "lookoutmetrics:DeactivateAnomalyDetector", + "resource_mappings": {}, + "resourcearn_mappings": { + "AnomalyDetector": "${AnomalyDetectorArn}" + } + } + ], + "LookoutMetrics.ListAnomalyGroupRelatedMetrics": [ + { + "action": "lookoutmetrics:ListAnomalyGroupRelatedMetrics", + "resource_mappings": {}, + "resourcearn_mappings": { + "AnomalyDetector": "${AnomalyDetectorArn}" + } + } + ], + "Proton.CreateRepository": [ + { + "action": "proton:CreateRepository", + "resource_mappings": { + "Provider": { + "template": "${provider}" + }, + "Name": { + "template": "${name}" + } + } + } + ], + "Proton.CreateTemplateSyncConfig": [ + { + "action": "proton:CreateTemplateSyncConfig", + "resource_mappings": {} + } + ], + "Proton.DeleteRepository": [ + { + "action": "proton:DeleteRepository", + "resource_mappings": { + "Provider": { + "template": "${provider}" + }, + "Name": { + "template": "${name}" + } + } + } + ], + "Proton.DeleteTemplateSyncConfig": [ + { + "action": "proton:DeleteTemplateSyncConfig", + "resource_mappings": {} + } + ], + "Proton.GetRepository": [ + { + "action": "proton:GetRepository", + "resource_mappings": { + "Provider": { + "template": "${provider}" + }, + "Name": { + "template": "${name}" + } + } + } + ], + "Proton.GetRepositorySyncStatus": [ + { + "action": "proton:GetRepositorySyncStatus", + "resource_mappings": {} + } + ], + "Proton.GetTemplateSyncConfig": [ + { + "action": "proton:GetTemplateSyncConfig", + "resource_mappings": {} + } + ], + "Proton.GetTemplateSyncStatus": [ + { + "action": "proton:GetTemplateSyncStatus", + "resource_mappings": {} + } + ], + "Proton.ListRepositorySyncDefinitions": [ + { + "action": "proton:ListRepositorySyncDefinitions", + "resource_mappings": {} + } + ], + "Proton.UpdateTemplateSyncConfig": [ + { + "action": "proton:UpdateTemplateSyncConfig", + "resource_mappings": {} + } + ], + "Route53RecoveryControlConfig.ListTagsForResource": [ + { + "action": "route53-recovery-control-config:ListTagsForResource", + "resource_mappings": {} + } + ], + "Route53RecoveryControlConfig.TagResource": [ + { + "action": "route53-recovery-control-config:TagResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "cluster": "%%iftemplatematch%${ResourceArn}%%", + "controlpanel": "%%iftemplatematch%${ResourceArn}%%", + "safetyrule": "%%iftemplatematch%${ResourceArn}%%" + } + } + ], + "Route53RecoveryControlConfig.UntagResource": [ + { + "action": "route53-recovery-control-config:UntagResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "cluster": "%%iftemplatematch%${ResourceArn}%%", + "controlpanel": "%%iftemplatematch%${ResourceArn}%%", + "safetyrule": "%%iftemplatematch%${ResourceArn}%%" + } + } + ], + "AppConfigData.GetLatestConfiguration": [ + { + "action": "appconfig:GetLatestConfiguration", + "resource_mappings": { + "ApplicationId": { + "template": "*" + }, + "EnvironmentId": { + "template": "*" + }, + "ConfigurationProfileId": { + "template": "*" + } + } + } + ], + "AppStream.AssociateApplicationToEntitlement": [ + { + "action": "appstream:AssociateApplicationToEntitlement", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:appstream:${Region}:${Account}:stack/${StackName}" + } + } + ], + "AppStream.DisassociateApplicationFromEntitlement": [ + { + "action": "appstream:DisassociateApplicationFromEntitlement", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:appstream:${Region}:${Account}:stack/${StackName}" + } + } + ], + "RAM.ListPermissionVersions": [ + { + "action": "ram:ListPermissionVersions", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:ram:${Region}:${Account}:permission/*" + } + } + ], + "DataSync.CreateLocationFsxLustre": [ + { + "action": "datasync:CreateLocationFsxLustre", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:datasync:${Region}:${Account}:*" + } + } + ], + "Imagebuilder.ImportVmImage": [ + { + "action": "imagebuilder:ImportVmImage", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:imagebuilder:${Region}:${Account}:import-vm/*" + } + } + ], + "Finspacedata.CreateDataset": [ + { + "action": "finspace-api:CreateDatasetV2", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:finspace-api:${Region}:${Account}:/datasetsv2" + } + } + ], + "ComprehendMedical.DescribeSNOMEDCTInferenceJob": [ + { + "action": "comprehendmedical:DescribeSNOMEDCTInferenceJob", + "undocumented": true, + "arn_override": { + "template": "*" + } + } + ], + "ComprehendMedical.InferSNOMEDCT": [ + { + "action": "comprehendmedical:InferSNOMEDCT", + "undocumented": true, + "arn_override": { + "template": "*" + } + } + ], + "ComprehendMedical.ListSNOMEDCTInferenceJobs": [ + { + "action": "comprehendmedical:ListSNOMEDCTInferenceJobs", + "undocumented": true, + "arn_override": { + "template": "*" + } + } + ], + "ComprehendMedical.StopSNOMEDCTInferenceJob": [ + { + "action": "comprehendmedical:StopSNOMEDCTInferenceJob", + "undocumented": true, + "arn_override": { + "template": "*" + } + } + ], + "TimestreamQuery.PrepareQuery": [ + { + "action": "timestream:DescribeEndpoints", + "undocumented": true, + "arn_override": { + "template": "*" + } + } + ], + "IoTWireless.CreateMulticastGroup": [ + { + "action": "iotwireless:CreateMulticastGroup", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:iotwireless:${Region}:${Account}:MulticastGroup/*" + } + } + ], + "IoTWireless.DeleteQueuedMessages": [ + { + "action": "iotwireless:DeleteQueuedMessages", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:iotwireless:${Region}:${Account}:WirelessDevice/${Id}" + } + } + ], + "IoTWireless.GetNetworkAnalyzerConfiguration": [ + { + "action": "iotwireless:GetNetworkAnalyzerConfiguration", + "undocumented": true, + "arn_override": { + "template": "*" + } + } + ], + "IoTWireless.ListFuotaTasks": [ + { + "action": "iotwireless:ListFuotaTasks", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:iotwireless:${Region}:${Account}:FuotaTask/*" + } + } + ], + "IoTWireless.ListMulticastGroups": [ + { + "action": "iotwireless:ListMulticastGroups", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:iotwireless:${Region}:${Account}:MulticastGroup/*" + } + } + ], + "IoTWireless.ListQueuedMessages": [ + { + "action": "iotwireless:ListQueuedMessages", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:iotwireless:${Region}:${Account}:WirelessDevice/${Id}" + } + } + ], + "IoTWireless.UpdateNetworkAnalyzerConfiguration": [ + { + "action": "iotwireless:UpdateNetworkAnalyzerConfiguration", + "undocumented": true, + "arn_override": { + "template": "*" + } + } + ], + "ChimeSDKIdentity.CreateAppInstance": [ + { + "action": "chime:CreateAppInstance", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:chime:${Region}:${Account}:app-instance/*" + } + } + ], + "ChimeSDKIdentity.ListAppInstances": [ + { + "action": "chime:ListAppInstances", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:chime:${Region}:${Account}:app-instance/*" + } + } + ], + "ChimeSDKMessaging.GetMessagingSessionEndpoint": [ + { + "action": "chime:GetMessagingSessionEndpoint", + "undocumented": true, + "arn_override": { + "template": "*" + } + } + ], + "ChimeSDKMeetings.BatchCreateAttendee": [ + { + "action": "chime:BatchCreateAttendee", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:chime:${Region}:${Account}:meeting/${MeetingId}" + } + } + ], + "ChimeSDKMeetings.CreateAttendee": [ + { + "action": "chime:CreateAttendee", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:chime:${Region}:${Account}:meeting/${MeetingId}" + } + } + ], + "ChimeSDKMeetings.CreateMeeting": [ + { + "action": "chime:CreateMeeting", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:chime:${Region}:${Account}:meeting/*" + } + } + ], + "ChimeSDKMeetings.CreateMeetingWithAttendees": [ + { + "action": "chime:CreateMeetingWithAttendees", + "undocumented": true, + "arn_override": { + "template": "*" + } + } + ], + "ChimeSDKMeetings.DeleteAttendee": [ + { + "action": "chime:DeleteAttendee", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:chime:${Region}:${Account}:meeting/${MeetingId}" + } + } + ], + "ChimeSDKMeetings.DeleteMeeting": [ + { + "action": "chime:DeleteMeeting", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:chime:${Region}:${Account}:meeting/${MeetingId}" + } + } + ], + "ChimeSDKMeetings.GetAttendee": [ + { + "action": "chime:GetAttendee", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:chime:${Region}:${Account}:meeting/${MeetingId}" + } + } + ], + "ChimeSDKMeetings.GetMeeting": [ + { + "action": "chime:GetMeeting", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:chime:${Region}:${Account}:meeting/${MeetingId}" + } + } + ], + "ChimeSDKMeetings.ListAttendees": [ + { + "action": "chime:ListAttendees", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:chime:${Region}:${Account}:meeting/${MeetingId}" + } + } + ], + "ChimeSDKMeetings.StartMeetingTranscription": [ + { + "action": "chime:StartMeetingTranscription", + "undocumented": true, + "arn_override": { + "template": "*" + } + } + ], + "ChimeSDKMeetings.StopMeetingTranscription": [ + { + "action": "chime:StopMeetingTranscription", + "undocumented": true, + "arn_override": { + "template": "*" + } + } + ], + "MigrationHubRefactorSpaces.CreateApplication": [ + { + "action": "refactor-spaces:CreateApplication", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:refactor-spaces:${Region}:${Account}:environment/${EnvironmentIdentifier}/application/*" + } + } + ], + "MigrationHubRefactorSpaces.CreateEnvironment": [ + { + "action": "refactor-spaces:CreateEnvironment", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:refactor-spaces:${Region}:${Account}:environment/*" + } + } + ], + "MigrationHubRefactorSpaces.CreateRoute": [ + { + "action": "refactor-spaces:CreateRoute", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:refactor-spaces:${Region}:${Account}:environment/${EnvironmentIdentifier}/application/${ApplicationIdentifier}/route/*" + } + } + ], + "MigrationHubRefactorSpaces.CreateService": [ + { + "action": "refactor-spaces:CreateService", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:refactor-spaces:${Region}:${Account}:environment/${EnvironmentIdentifier}/application/${ApplicationIdentifier}/service/*" + } + } + ], + "MigrationHubRefactorSpaces.DeleteApplication": [ + { + "action": "refactor-spaces:DeleteApplication", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:refactor-spaces:${Region}:${Account}:environment/${EnvironmentIdentifier}/application/${ApplicationIdentifier}" + } + } + ], + "MigrationHubRefactorSpaces.DeleteEnvironment": [ + { + "action": "refactor-spaces:DeleteEnvironment", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:refactor-spaces:${Region}:${Account}:environment/${EnvironmentIdentifier}" + } + } + ], + "MigrationHubRefactorSpaces.DeleteResourcePolicy": [ + { + "action": "refactor-spaces:DeleteResourcePolicy", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:refactor-spaces:${Region}:${Account}:environment/*" + } + } + ], + "MigrationHubRefactorSpaces.DeleteRoute": [ + { + "action": "refactor-spaces:DeleteRoute", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:refactor-spaces:${Region}:${Account}:environment/${EnvironmentIdentifier}/application/${ApplicationIdentifier}/route/${RouteIdentifier}" + } + } + ], + "MigrationHubRefactorSpaces.DeleteService": [ + { + "action": "refactor-spaces:DeleteService", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:refactor-spaces:${Region}:${Account}:environment/${EnvironmentIdentifier}/application/${ApplicationIdentifier}/service/${ServiceIdentifier}" + } + } + ], + "MigrationHubRefactorSpaces.GetApplication": [ + { + "action": "refactor-spaces:GetApplication", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:refactor-spaces:${Region}:${Account}:environment/${EnvironmentIdentifier}/application/${ApplicationIdentifier}" + } + } + ], + "MigrationHubRefactorSpaces.GetEnvironment": [ + { + "action": "refactor-spaces:GetEnvironment", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:refactor-spaces:${Region}:${Account}:environment/${EnvironmentIdentifier}" + } + } + ], + "MigrationHubRefactorSpaces.GetResourcePolicy": [ + { + "action": "refactor-spaces:GetResourcePolicy", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:refactor-spaces:${Region}:${Account}:environment/*" + } + } + ], + "MigrationHubRefactorSpaces.GetRoute": [ + { + "action": "refactor-spaces:GetRoute", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:refactor-spaces:${Region}:${Account}:environment/${EnvironmentIdentifier}/application/${ApplicationIdentifier}/route/${RouteIdentifier}" + } + } + ], + "MigrationHubRefactorSpaces.GetService": [ + { + "action": "refactor-spaces:GetService", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:refactor-spaces:${Region}:${Account}:environment/${EnvironmentIdentifier}/application/${ApplicationIdentifier}/service/${ServiceIdentifier}" + } + } + ], + "MigrationHubRefactorSpaces.ListApplications": [ + { + "action": "refactor-spaces:ListApplications", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:refactor-spaces:${Region}:${Account}:environment/${EnvironmentIdentifier}/application/*" + } + } + ], + "MigrationHubRefactorSpaces.ListEnvironmentVpcs": [ + { + "action": "refactor-spaces:ListEnvironmentVpcs", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:refactor-spaces:${Region}:${Account}:environment/${EnvironmentIdentifier}/vpc/*" + } + } + ], + "MigrationHubRefactorSpaces.ListEnvironments": [ + { + "action": "refactor-spaces:ListEnvironments", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:refactor-spaces:${Region}:${Account}:environment/*" + } + } + ], + "MigrationHubRefactorSpaces.ListRoutes": [ + { + "action": "refactor-spaces:ListRoutes", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:refactor-spaces:${Region}:${Account}:environment/${EnvironmentIdentifier}/application/${ApplicationIdentifier}/route/*" + } + } + ], + "MigrationHubRefactorSpaces.ListServices": [ + { + "action": "refactor-spaces:ListServices", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:refactor-spaces:${Region}:${Account}:environment/${EnvironmentIdentifier}/application/${ApplicationIdentifier}/service/*" + } + } + ], + "MigrationHubRefactorSpaces.PutResourcePolicy": [ + { + "action": "refactor-spaces:PutResourcePolicy", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:refactor-spaces:${Region}:${Account}:environment/*" + } + } + ], + "AmplifyUIBuilder.UpdateComponent": [ + { + "action": "amplifyuibuilder:UpdateComponent", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:amplifyuibuilder:${Region}:${Account}:component/${id}" + } + } + ] + }, + "sdk_service_mappings": { + "ACM PCA": "acm-pca", + "ACMPCA": "acm-pca", + "AccessAnalyzer": "access-analyzer", + "Alexa For Business": "a4b", + "AlexaForBusiness": "a4b", + "Amp": "aps", + "Amplify": "amplify", + "AmplifyBackend": "amplifybackend", + "AmplifyUIBuilder": "amplifyuibuilder", + "API Gateway": "apigateway", + "ApiGatewayManagementApi": "apigateway", + "API Gateway V2": "apigateway", + "ApiGatewayV2": "apigateway", + "App Mesh": "appmesh", + "AppConfig": "appconfig", + "AppConfigData": "appconfig", + "AppIntegrations": "app-integrations", + "AppStream": "appstream", + "AppSync": "appsync", + "Appflow": "appflow", + "Application Auto Scaling": "application-autoscaling", + "Application Discovery Service": "discovery", + "Application Insights": "applicationinsights", + "ApplicationAutoScaling": "application-autoscaling", + "ApplicationCostProfiler": "application-cost-profiler", + "AuditManager": "auditmanager", + "AugmentedAIRuntime": "sagemaker", + "Auto Scaling": "autoscaling", + "Auto Scaling Plans": "autoscaling-plans", + "AutoScalingPlans": "autoscaling-plans", + "BackupGateway": "backup-gateway", + "Braket": "braket", + "ChimeSDKIdentity": "chime", + "CloudControl": "cloudformation", + "CloudDirectory": "clouddirectory", + "CloudHSM V2": "cloudhsm", + "CloudHSMV2": "cloudhsm", + "CloudSearch Domain": "cloudsearch", + "CloudSearchDomain": "cloudsearch", + "CloudWatchEvents": "events", + "CloudWatch Events": "events", + "CloudWatchLogs": "logs", + "CloudWatch Logs": "logs", + "Cloudwatch Logs": "logs", + "CodeGuru Reviewer": "codeguru-reviewer", + "CodeGuruProfiler": "codeguru-profiler", + "CodeGuruReviewer": "codeguru-reviewer", + "codestar notifications": "codestar-notifications", + "CodeStar connections": "codestar-connections", + "CodeStarNotifications": "codestar-notifications", + "CodeStarconnections": "codestar-connections", + "Cognito Identity": "cognito-identity", + "CognitoIdentity": "cognito-identity", + "Cognito Identity Provider": "cognito-idp", + "CognitoIdentityServiceProvider": "cognito-idp", + "Cognito Sync": "cognito-sync", + "CognitoSync": "cognito-sync", + "Comprehend": "comprehend", + "ComprehendMedical": "comprehendmedical", + "Compute Optimizer": "compute-optimizer", + "ComputeOptimizer": "compute-optimizer", + "Config Service": "config", + "ConfigService": "config", + "Connect Contact Lens": "connect", + "Connect": "connect", + "ConnectContactLens": "connect", + "ConnectParticipant": "execute-api", + "Cost Explorer": "ce", + "Cost and Usage Report Service": "cur", + "CostExplorer": "ce", + "Customer Profiles": "profile", + "CustomerProfiles": "profile", + "DLM": "dlm", + "DataBrew": "databrew", + "DataExchange": "dataexchange", + "Data Migration Service": "dms", + "Data Pipeline": "datapipeline", + "DataSync": "datasync", + "Detective": "detective", + "DevOps Guru": "devops-guru", + "DevOpsGuru": "devops-guru", + "Device Farm": "devicefarm", + "Direct Connect": "directconnect", + "Directory Service": "ds", + "DirectoryService": "ds", + "DocDB": "rds", + "DynamoDB Streams": "dynamodb", + "DynamoDBStreams": "dynamodb", + "EC2InstanceConnect": "ec2-instance-connect", + "EC2 Instance Connect": "ec2-instance-connect", + "ECR PUBLIC": "ecr-public", + "ECR": "ecr", + "ECRPUBLIC": "ecr-public", + "EFS": "elasticfilesystem", + "EKS": "eks", + "ELB": "elasticloadbalancing", + "ELBv2": "elasticloadbalancing", + "EMR containers": "emr-containers", + "EMR": "elasticmapreduce", + "EMRcontainers": "emr-containers", + "Elasticsearch Service": "es", + "Elastic Beanstalk": "elasticbeanstalk", + "Elastic Load Balancing": "elasticloadbalancing", + "Elastic Load Balancing v2": "elasticloadbalancing", + "Elastic Inference": "elastic-inference", + "ElasticInference": "elastic-inference", + "Elastic Transcoder": "elastictranscoder", + "EventBridge": "events", + "Finspacedata": "finspace-api", + "FSx": "fsx", + "forecastquery": "forecast", + "ForecastQueryService": "forecast", + "ForecastService": "forecast", + "Global Accelerator": "globalaccelerator", + "Greengrass": "greengrass", + "GreengrassV2": "greengrass", + "GroundStation": "groundstation", + "GuardDuty": "guardduty", + "HealthLake": "healthlake", + "Honeycode": "honeycode", + "IoT 1Click Devices Service": "iot1click", + "IoT 1Click Projects": "iot1click", + "IoT Data Plane": "iot", + "IoT Events Data": "iotevents", + "IoT Events": "iotevents", + "IoT Jobs Data Plane": "iot", + "IoTWireless": "iot", + "IoT Wireless": "iot", + "IoT": "iot", + "IoT1ClickDevicesService": "iot1click", + "IoT1ClickProjects": "iot1click", + "IoTAnalytics": "iotanalytics", + "IoTEventsData": "iotevents", + "IoTFleetHub": "iotfleethub", + "IoTJobsDataPlane": "iot", + "IoTSecureTunneling": "iot", + "IoTSiteWise": "iotsitewise", + "IoTThingsGraph": "iotthingsgraph", + "IotData": "iot", + "IotDeviceAdvisor": "iotdeviceadvisor", + "IoTWireless": "iotwireless", + "Kafka": "kafka", + "Kinesis Analytics": "kinesisanalytics", + "Kinesis Analytics V2": "kinesisanalytics", + "KinesisAnalyticsV2": "kinesisanalytics", + "KinesisVideoArchivedMedia": "kinesisvideo", + "KinesisVideoMedia": "kinesisvideo", + "Kinesis Video": "kinesisvideo", + "Kinesis Video Archived Media": "kinesisvideo", + "Kinesis Video Media": "kinesisvideo", + "Kinesis Video Signaling": "kinesisvideo", + "KinesisVideoSignalingChannels": "kinesisvideo", + "LakeFormation": "lakeformation", + "Lex Model Building Service": "lex", + "Lex Models V2": "lex", + "Lex Runtime Service": "lex", + "Lex Runtime V2": "lex", + "LexModelBuildingService": "lex", + "LexModelsV2": "lex", + "LexRuntime": "lex", + "LexRuntimeV2": "lex", + "License Manager": "license-manager", + "LicenseManager": "license-manager", + "Location": "geo", + "LookoutVision": "lookoutvision", + "MTurk": "mechanicalturk", + "MWAA": "airflow", + "Macie2": "macie2", + "ManagedBlockchain": "managedblockchain", + "Machine Learning": "machinelearning", + "Marketplace Catalog": "aws-marketplace", + "Marketplace Commerce Analytics": "marketplacecommerceanalytics", + "Marketplace Entitlement Service": "aws-marketplace", + "Marketplace Metering": "aws-marketplace", + "MarketplaceCatalog": "aws-marketplace", + "MarketplaceEntitlementService": "aws-marketplace", + "MarketplaceMetering": "aws-marketplace", + "MediaConnect": "mediaconnect", + "MediaConvert": "mediaconvert", + "MediaLive": "medialive", + "MediaPackage Vod": "mediapackage-vod", + "MediaPackage": "mediapackage", + "MediaPackageVod": "mediapackage-vod", + "MediaStore Data": "mediastore", + "MediaStore": "mediastore", + "MediaStoreData": "mediastore", + "MediaTailor": "mediatailor", + "MigrationHub Config": "mgh", + "MigrationHub": "mgh", + "Migration Hub": "mgh", + "MigrationHubConfig": "mgh", + "MigrationHubRefactorSpaces": "refactor-spaces", + "MigrationHubStrategy": "migrationhub-strategy", + "Mobile": "mobilehub", + "Neptune": "rds", + "Network Firewall": "network-firewall", + "NetworkFirewall": "network-firewall", + "NetworkManager": "networkmanager", + "OpenSearch": "es", + "OpsWorksCM": "opsworks-cm", + "Outposts": "outposts", + "PI": "pi", + "Personalize Events": "personalize", + "Personalize Runtime": "personalize", + "Personalize": "personalize", + "PersonalizeEvents": "personalize", + "PersonalizeRuntime": "personalize", + "Pinpoint Email": "ses", + "Pinpoint SMS Voice": "sms-voice", + "Pinpoint": "mobiletargeting", + "PinpointEmail": "ses", + "PinpointSMSVoice": "sms-voice", + "Pricing": "pricing", + "QLDB Session": "qldb", + "QLDB": "qldb", + "QLDBSession": "qldb", + "RDS Data": "rds-data", + "RDSDataService": "rds-data", + "Redshift Data": "redshift-data", + "RedshiftData": "redshift-data", + "Resource Groups": "resource-groups", + "ResourceGroups": "resource-groups", + "ResourceGroupsTaggingAPI": "tag", + "Resource Groups Tagging API": "tag", + "Route 53": "route53", + "Route 53 Domains": "route53domains", + "Route53RecoveryCluster": "route53-recovery-cluster", + "Route53RecoveryControlConfig": "route53-recovery-control-config", + "Route53RecoveryReadiness": "route53-recovery-readiness", + "RoboMaker": "robomaker", + "S3": "s3", + "S3 Control": "s3", + "S3Control": "s3", + "S3Outposts": "s3-outposts", + "Service Catalog": "servicecatalog", + "SES": "ses", + "SESV2": "ses", + "SESv2": "ses", + "SSMContacts": "ssm-contacts", + "SSMIncidents": "ssm-incidents", + "SSO Admin": "sso", + "SSO OIDC": "sso-directory", + "SSO": "sso", + "SSOAdmin": "sso", + "SSOOIDC": "sso-directory", + "SageMaker A2I Runtime": "sagemaker", + "SageMaker FeatureStore Runtime": "sagemaker", + "SageMaker Runtime": "sagemaker", + "SageMaker": "sagemaker", + "SageMakerFeatureStoreRuntime": "sagemaker", + "SageMakerRuntime": "sagemaker", + "Sagemaker Edge": "sagemaker", + "SagemakerEdge": "sagemaker", "Secrets Manager": "secretsmanager", "SecurityHub": "securityhub", "ServerlessApplicationRepository": "serverlessrepo", @@ -108846,6 +111702,7 @@ "ServiceCatalogAppRegistry": "servicecatalog", "SimpleDB": "sdb", "SimpleWorkflow": "swf", + "SnowDeviceManagement": "snow-device-management", "StepFunctions": "states", "Storage Gateway": "storagegateway", "Timestream Query": "timestream", @@ -108858,6 +111715,808 @@ "Translate": "translate", "WAFRegional": "waf-regional", "WellArchitected": "wellarchitected", - "WorkLink": "worklink" + "WorkLink": "worklink", + "WorkSpacesWeb": "workspaces-web" + }, + "service_sdk_mappings": { + "a4b": [ + "AlexaForBusiness" + ], + "access-analyzer": [ + "AccessAnalyzer" + ], + "account": [ + "Account" + ], + "acm": [ + "ACM" + ], + "acm-pca": [ + "ACMPCA" + ], + "airflow": [ + "MWAA" + ], + "amplify": [ + "Amplify" + ], + "amplifybackend": [ + "AmplifyBackend" + ], + "amplifyuibuilder": [ + "AmplifyUIBuilder" + ], + "apigateway": [ + "ApiGatewayManagementApi", + "ApiGatewayV2" + ], + "app-integrations": [ + "AppIntegrations" + ], + "appconfig": [ + "AppConfig" + ], + "appflow": [ + "Appflow" + ], + "application-autoscaling": [ + "ApplicationAutoScaling" + ], + "application-cost-profiler": [ + "ApplicationCostProfiler" + ], + "applicationinsights": [ + "ApplicationInsights" + ], + "appmesh": [ + "AppMesh" + ], + "apprunner": [ + "AppRunner" + ], + "appstream": [ + "AppStream" + ], + "appsync": [ + "AppSync" + ], + "aps": [ + "Amp" + ], + "athena": [ + "Athena" + ], + "auditmanager": [ + "AuditManager" + ], + "autoscaling": [ + "AutoScaling" + ], + "autoscaling-plans": [ + "AutoScalingPlans" + ], + "aws-marketplace": [ + "MarketplaceCatalog", + "MarketplaceEntitlementService", + "MarketplaceMetering" + ], + "backup": [ + "Backup" + ], + "backup-gateway": [ + "BackupGateway" + ], + "batch": [ + "Batch" + ], + "braket": [ + "Braket" + ], + "budgets": [ + "Budgets" + ], + "ce": [ + "CostExplorer" + ], + "chime": [ + "Chime", + "ChimeSDKIdentity" + ], + "cloud9": [ + "Cloud9" + ], + "clouddirectory": [ + "CloudDirectory" + ], + "cloudformation": [ + "CloudFormation" + ], + "cloudfront": [ + "CloudFront" + ], + "cloudhsm": [ + "CloudHSMV2" + ], + "cloudsearch": [ + "CloudSearchDomain" + ], + "cloudtrail": [ + "CloudTrail" + ], + "cloudwatch": [ + "CloudWatch" + ], + "codeartifact": [ + "CodeArtifact" + ], + "codebuild": [ + "CodeBuild" + ], + "codecommit": [ + "CodeCommit" + ], + "codedeploy": [ + "CodeDeploy" + ], + "codeguru-profiler": [ + "CodeGuruProfiler" + ], + "codeguru-reviewer": [ + "CodeGuruReviewer" + ], + "codepipeline": [ + "CodePipeline" + ], + "codestar": [ + "CodeStar" + ], + "codestar-connections": [ + "CodeStarconnections" + ], + "codestar-notifications": [ + "CodeStarNotifications" + ], + "cognito-identity": [ + "CognitoIdentity" + ], + "cognito-idp": [ + "CognitoIdentityServiceProvider" + ], + "cognito-sync": [ + "CognitoSync" + ], + "comprehend": [ + "Comprehend" + ], + "comprehendmedical": [ + "ComprehendMedical" + ], + "compute-optimizer": [ + "ComputeOptimizer" + ], + "config": [ + "ConfigService" + ], + "connect": [ + "Connect", + "ConnectContactLens" + ], + "cur": [ + "CUR" + ], + "databrew": [ + "DataBrew" + ], + "dataexchange": [ + "DataExchange" + ], + "datapipeline": [ + "DataPipeline" + ], + "datasync": [ + "DataSync" + ], + "dax": [ + "DAX" + ], + "detective": [ + "Detective" + ], + "devicefarm": [ + "DeviceFarm" + ], + "devops-guru": [ + "DevOpsGuru" + ], + "directconnect": [ + "DirectConnect" + ], + "discovery": [ + "Discovery" + ], + "dlm": [ + "DLM" + ], + "dms": [ + "DMS" + ], + "drs": [ + "Drs" + ], + "ds": [ + "DirectoryService" + ], + "dynamodb": [ + "DynamoDBStreams" + ], + "ebs": [ + "EBS" + ], + "ec2": [ + "EC2" + ], + "ec2-instance-connect": [ + "EC2InstanceConnect" + ], + "ecr": [ + "ECR" + ], + "ecr-public": [ + "ECRPUBLIC" + ], + "ecs": [ + "ECS" + ], + "eks": [ + "EKS" + ], + "elastic-inference": [ + "ElasticInference" + ], + "elasticache": [ + "ElastiCache" + ], + "elasticbeanstalk": [ + "ElasticBeanstalk" + ], + "elasticfilesystem": [ + "EFS" + ], + "elasticloadbalancing": [ + "ELB", + "ELBv2" + ], + "elasticmapreduce": [ + "EMR" + ], + "elastictranscoder": [ + "ElasticTranscoder" + ], + "emr-containers": [ + "EMRcontainers" + ], + "es": [ + "OpenSearch" + ], + "events": [ + "CloudWatchEvents", + "EventBridge" + ], + "evidently": [ + "Evidently" + ], + "execute-api": [ + "ConnectParticipant" + ], + "finspace": [ + "Finspace" + ], + "finspace-api": [ + "Finspacedata" + ], + "firehose": [ + "Firehose" + ], + "fis": [ + "Fis" + ], + "fms": [ + "FMS" + ], + "forecast": [ + "forecastquery", + "ForecastQueryService", + "ForecastService" + ], + "frauddetector": [ + "FraudDetector" + ], + "fsx": [ + "FSx" + ], + "gamelift": [ + "GameLift" + ], + "geo": [ + "Location" + ], + "glacier": [ + "Glacier" + ], + "globalaccelerator": [ + "GlobalAccelerator" + ], + "glue": [ + "Glue" + ], + "grafana": [ + "Grafana" + ], + "greengrass": [ + "Greengrass", + "GreengrassV2" + ], + "groundstation": [ + "GroundStation" + ], + "guardduty": [ + "GuardDuty" + ], + "health": [ + "Health" + ], + "healthlake": [ + "HealthLake" + ], + "honeycode": [ + "Honeycode" + ], + "iam": [ + "IAM" + ], + "identitystore": [ + "IdentityStore" + ], + "imagebuilder": [ + "Imagebuilder" + ], + "importexport": [ + "ImportExport" + ], + "inspector": [ + "Inspector" + ], + "inspector2": [ + "Inspector2" + ], + "iot": [ + "IoTWireless", + "IoT", + "IoTJobsDataPlane", + "IoTSecureTunneling", + "IotData" + ], + "iot1click": [ + "IoT1ClickDevicesService", + "IoT1ClickProjects" + ], + "iotanalytics": [ + "IoTAnalytics" + ], + "iotdeviceadvisor": [ + "IotDeviceAdvisor" + ], + "iotevents": [ + "IoTEventsData" + ], + "iotfleethub": [ + "IoTFleetHub" + ], + "iotsitewise": [ + "IoTSiteWise" + ], + "iotthingsgraph": [ + "IoTThingsGraph" + ], + "iottwinmaker": [ + "IoTTwinMaker" + ], + "iotwireless": [ + "IoTWireless" + ], + "ivs": [ + "IVS" + ], + "kafka": [ + "Kafka" + ], + "kafkaconnect": [ + "KafkaConnect" + ], + "kendra": [ + "Kendra" + ], + "kinesis": [ + "Kinesis" + ], + "kinesisanalytics": [ + "KinesisAnalyticsV2" + ], + "kinesisvideo": [ + "KinesisVideoArchivedMedia", + "KinesisVideoMedia", + "KinesisVideoSignalingChannels" + ], + "kms": [ + "KMS" + ], + "lakeformation": [ + "LakeFormation" + ], + "lambda": [ + "Lambda" + ], + "lex": [ + "LexModelBuildingService", + "LexModelsV2", + "LexRuntime", + "LexRuntimeV2" + ], + "license-manager": [ + "LicenseManager" + ], + "lightsail": [ + "Lightsail" + ], + "logs": [ + "CloudWatchLogs" + ], + "lookoutequipment": [ + "LookoutEquipment" + ], + "lookoutmetrics": [ + "LookoutMetrics" + ], + "lookoutvision": [ + "LookoutVision" + ], + "machinelearning": [ + "MachineLearning" + ], + "macie": [ + "Macie" + ], + "macie2": [ + "Macie2" + ], + "managedblockchain": [ + "ManagedBlockchain" + ], + "marketplacecommerceanalytics": [ + "MarketplaceCommerceAnalytics" + ], + "mechanicalturk": [ + "MTurk" + ], + "mediaconnect": [ + "MediaConnect" + ], + "mediaconvert": [ + "MediaConvert" + ], + "medialive": [ + "MediaLive" + ], + "mediapackage": [ + "MediaPackage" + ], + "mediapackage-vod": [ + "MediaPackageVod" + ], + "mediastore": [ + "MediaStore", + "MediaStoreData" + ], + "mediatailor": [ + "MediaTailor" + ], + "memorydb": [ + "MemoryDB" + ], + "mgh": [ + "MigrationHub", + "MigrationHubConfig" + ], + "mgn": [ + "Mgn" + ], + "migrationhub-strategy": [ + "MigrationHubStrategy" + ], + "mobileanalytics": [ + "MobileAnalytics" + ], + "mobilehub": [ + "Mobile" + ], + "mobiletargeting": [ + "Pinpoint" + ], + "mq": [ + "MQ" + ], + "network-firewall": [ + "NetworkFirewall" + ], + "networkmanager": [ + "NetworkManager" + ], + "nimble": [ + "Nimble" + ], + "opsworks": [ + "OpsWorks" + ], + "opsworks-cm": [ + "OpsWorksCM" + ], + "organizations": [ + "Organizations" + ], + "outposts": [ + "Outposts" + ], + "panorama": [ + "Panorama" + ], + "personalize": [ + "Personalize", + "PersonalizeEvents", + "PersonalizeRuntime" + ], + "pi": [ + "PI" + ], + "polly": [ + "Polly" + ], + "pricing": [ + "Pricing" + ], + "profile": [ + "CustomerProfiles" + ], + "proton": [ + "Proton" + ], + "qldb": [ + "QLDB", + "QLDBSession" + ], + "quicksight": [ + "QuickSight" + ], + "ram": [ + "RAM" + ], + "rbin": [ + "Rbin" + ], + "rds": [ + "DocDB", + "Neptune" + ], + "rds-data": [ + "RDSDataService" + ], + "redshift": [ + "Redshift" + ], + "redshift-data": [ + "RedshiftData" + ], + "refactor-spaces": [ + "MigrationHubRefactorSpaces" + ], + "rekognition": [ + "Rekognition" + ], + "resiliencehub": [ + "Resiliencehub" + ], + "resource-groups": [ + "ResourceGroups" + ], + "robomaker": [ + "RoboMaker" + ], + "route53": [ + "Route53" + ], + "route53-recovery-cluster": [ + "Route53RecoveryCluster" + ], + "route53-recovery-control-config": [ + "Route53RecoveryControlConfig" + ], + "route53-recovery-readiness": [ + "Route53RecoveryReadiness" + ], + "route53domains": [ + "Route53Domains" + ], + "route53resolver": [ + "Route53Resolver" + ], + "rum": [ + "RUM" + ], + "s3": [ + "S3", + "S3Control" + ], + "s3-object-lambda": [ + "S3" + ], + "s3-outposts": [ + "S3Outposts" + ], + "sagemaker": [ + "AugmentedAIRuntime", + "SageMaker", + "SageMakerFeatureStoreRuntime", + "SageMakerRuntime", + "SagemakerEdge" + ], + "savingsplans": [ + "SavingsPlans" + ], + "schemas": [ + "Schemas" + ], + "sdb": [ + "SimpleDB" + ], + "secretsmanager": [ + "SecretsManager" + ], + "securityhub": [ + "SecurityHub" + ], + "serverlessrepo": [ + "ServerlessApplicationRepository" + ], + "servicecatalog": [ + "ServiceCatalogAppRegistry" + ], + "servicediscovery": [ + "ServiceDiscovery" + ], + "servicequotas": [ + "ServiceQuotas" + ], + "ses": [ + "PinpointEmail", + "SES", + "SESV2", + "SESv2" + ], + "shield": [ + "Shield" + ], + "signer": [ + "Signer" + ], + "sms": [ + "SMS" + ], + "sms-voice": [ + "PinpointSMSVoice" + ], + "snow-device-management": [ + "SnowDeviceManagement" + ], + "snowball": [ + "Snowball" + ], + "sns": [ + "SNS" + ], + "sqs": [ + "SQS" + ], + "ssm": [ + "SSM" + ], + "ssm-contacts": [ + "SSMContacts" + ], + "ssm-incidents": [ + "SSMIncidents" + ], + "sso": [ + "SSO", + "SSOAdmin" + ], + "sso-directory": [ + "SSOOIDC" + ], + "states": [ + "StepFunctions" + ], + "storagegateway": [ + "StorageGateway" + ], + "sts": [ + "STS" + ], + "support": [ + "Support" + ], + "swf": [ + "SimpleWorkflow" + ], + "synthetics": [ + "Synthetics" + ], + "tag": [ + "ResourceGroupsTaggingAPI" + ], + "textract": [ + "Textract" + ], + "timestream": [ + "TimestreamQuery", + "TimestreamWrite" + ], + "transcribe": [ + "Transcribe", + "TranscribeService" + ], + "transfer": [ + "Transfer" + ], + "translate": [ + "Translate" + ], + "voiceid": [ + "VoiceID" + ], + "waf": [ + "WAF" + ], + "waf-regional": [ + "WAFRegional" + ], + "wafv2": [ + "WAFV2" + ], + "wellarchitected": [ + "WellArchitected" + ], + "wisdom": [ + "Wisdom" + ], + "workdocs": [ + "WorkDocs" + ], + "worklink": [ + "WorkLink" + ], + "workmail": [ + "WorkMail" + ], + "workmailmessageflow": [ + "WorkMailMessageFlow" + ], + "workspaces": [ + "WorkSpaces" + ], + "workspaces-web": [ + "WorkSpacesWeb" + ], + "xray": [ + "XRay" + ] } } \ No newline at end of file