From e6bf5f11bfe025ae92094c2b893b2357cceff362 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sun, 8 Dec 2024 01:14:52 +0000 Subject: [PATCH] New update to service-auth.json --- package.json | 2 +- service-auth.json | 6045 ++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 5911 insertions(+), 136 deletions(-) diff --git a/package.json b/package.json index dd4db7b..b8233d5 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@fluggo/aws-service-auth-reference", - "version": "1.0.166", + "version": "1.0.167", "description": "A JSON reference for AWS service authorization (IAM actions)", "main": "index.js", "types": "index.d.ts", diff --git a/service-auth.json b/service-auth.json index 626dae9..54360cc 100644 --- a/service-auth.json +++ b/service-auth.json @@ -460,6 +460,434 @@ "resourceTypes": [], "conditionKeys": [] }, + { + "name": "Amazon AI Operations", + "servicePrefix": "aiops", + "authReferenceHref": "https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonaioperations.html", + "apiReferenceHref": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/", + "actions": [ + { + "name": "CreateInvestigation", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/API_CreateInvestigation.html", + "description": "Grants permission to create a new investigation in the specified investigation group", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "investigation-group", + "required": true, + "conditionKeys": [], + "dependentActions": [ + "kms:Decrypt", + "kms:GenerateDataKey", + "sts:SetContext" + ] + } + ], + "conditionKeys": [] + }, + { + "name": "CreateInvestigationEvent", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/API_CreateInvestigationEvent.html", + "description": "Grants permission to create a new investigation event in the specified investigation group", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "investigation-group", + "required": true, + "conditionKeys": [], + "dependentActions": [ + "kms:Decrypt", + "kms:GenerateDataKey", + "sts:SetContext" + ] + } + ], + "conditionKeys": [] + }, + { + "name": "CreateInvestigationGroup", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/API_CreateInvestigationGroup.html", + "description": "Grants permission to create a new investigation group", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ] + }, + { + "name": "CreateInvestigationResource", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/API_CreateInvestigationResource.html", + "description": "Grants permission to create an investigation resource in the specified investigation group", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "investigation-group", + "required": true, + "conditionKeys": [], + "dependentActions": [ + "cloudwatch:DescribeAlarmHistory", + "cloudwatch:DescribeAlarms", + "cloudwatch:GetInsightRuleReport", + "cloudwatch:GetMetricData", + "kms:GenerateDataKey", + "logs:GetQueryResults" + ] + } + ], + "conditionKeys": [] + }, + { + "name": "DeleteInvestigation", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/API_DeleteInvestigation.html", + "description": "Grants permission to delete an investigation in the specified investigation group", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "investigation-group", + "required": true, + "conditionKeys": [], + "dependentActions": [ + "sts:SetContext" + ] + } + ], + "conditionKeys": [] + }, + { + "name": "DeleteInvestigationGroup", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/API_DeleteInvestigationGroup.html", + "description": "Grants permission to delete the specified investigation group", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "investigation-group", + "required": true, + "conditionKeys": [], + "dependentActions": [ + "sso:DeleteApplication" + ] + } + ], + "conditionKeys": [] + }, + { + "name": "DeleteInvestigationGroupPolicy", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/API_DeleteInvestigationGroupPolicy.html", + "description": "Grants permission to delete the investigation group policy attached to an investigation group", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "investigation-group", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "GetInvestigation", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/API_GetInvestigation.html", + "description": "Grants permission to retrieve an investigation in the specified investigation group", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "investigation-group", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "GetInvestigationEvent", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/API_GetInvestigationEvent.html", + "description": "Grants permission to retrieve an investigation event in the specified investigation group", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "investigation-group", + "required": true, + "conditionKeys": [], + "dependentActions": [ + "kms:Decrypt" + ] + } + ], + "conditionKeys": [] + }, + { + "name": "GetInvestigationGroup", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/API_GetInvestigationGroup.html", + "description": "Grants permission to retrieve the specified investigation group", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "investigation-group", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "GetInvestigationGroupPolicy", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/API_GetInvestigationGroupPolicy.html", + "description": "Grants permission to retrieve the investigation group policy attached to an investigation group", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "investigation-group", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "GetInvestigationResource", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/API_GetInvestigationResource.html", + "description": "Grants permission to retrieve an investigation resource in the specified investigation group", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "investigation-group", + "required": true, + "conditionKeys": [], + "dependentActions": [ + "kms:Decrypt" + ] + } + ], + "conditionKeys": [] + }, + { + "name": "ListInvestigationEvents", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/API_ListInvestigationEvents.html", + "description": "Grants permission to list all investigation events in the specified investigation group", + "accessLevel": "List", + "resourceTypes": [ + { + "resourceType": "investigation-group", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "ListInvestigationGroups", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/API_ListInvestigationGroups.html", + "description": "Grants permission to list all investigation groups in the AWS account making the request", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [] + }, + { + "name": "ListInvestigations", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/API_ListInvestigations.html", + "description": "Grants permission to list all investigations that are in the specified investigation group", + "accessLevel": "List", + "resourceTypes": [ + { + "resourceType": "investigation-group", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "ListTagsForResource", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/API_ListTagsForResource.html", + "description": "Grants permission to list the tags for the specified resource", + "accessLevel": "List", + "resourceTypes": [ + { + "resourceType": "investigation-group", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "PutInvestigationGroupPolicy", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/API_PutInvestigationGroupPolicy.html", + "description": "Grants permission to create/update the investigation group policy attached to an investigation group", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "investigation-group", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "TagResource", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/API_TagResource.html", + "description": "Grants permission to add or update the specified tags for the specified resource", + "accessLevel": "Tagging", + "resourceTypes": [ + { + "resourceType": "investigation-group", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ] + }, + { + "name": "UntagResource", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/API_UntagResource.html", + "description": "Grants permission to remove the specified tags from the specified resource", + "accessLevel": "Tagging", + "resourceTypes": [ + { + "resourceType": "investigation-group", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "aws:TagKeys" + ] + }, + { + "name": "UpdateInvestigation", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/API_UpdateInvestigation.html", + "description": "Grants permission to update an investigation in the specified investigation group", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "investigation-group", + "required": true, + "conditionKeys": [], + "dependentActions": [ + "kms:Decrypt", + "kms:GenerateDataKey", + "sts:SetContext" + ] + } + ], + "conditionKeys": [] + }, + { + "name": "UpdateInvestigationEvent", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/API_UpdateInvestigationEvent.html", + "description": "Grants permission to update an investigation event in the specified investigation group", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "investigation-group", + "required": true, + "conditionKeys": [], + "dependentActions": [ + "kms:Decrypt", + "kms:GenerateDataKey", + "sts:SetContext" + ] + } + ], + "conditionKeys": [] + }, + { + "name": "UpdateInvestigationGroup", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/API_UpdateInvestigationGroup.html", + "description": "Grants permission to update the specified investigation group", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "investigation-group", + "required": true, + "conditionKeys": [], + "dependentActions": [ + "cloudtrail:DescribeTrails", + "iam:PassRole", + "kms:Decrypt", + "kms:DescribeKey", + "kms:GenerateDataKey", + "sso:CreateApplication", + "sso:DeleteApplication", + "sso:PutApplicationAccessScope", + "sso:PutApplicationAssignmentConfiguration", + "sso:PutApplicationAuthenticationMethod", + "sso:PutApplicationGrant", + "sso:TagResource" + ] + } + ], + "conditionKeys": [] + } + ], + "resourceTypes": [ + { + "name": "investigation-group", + "referenceHref": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/API_InvestigationGroup.html", + "arnPattern": "arn:${Partition}:aiops:${Region}:${Account}:investigation-group/${InvestigationGroupId}", + "conditionKeys": [ + "aws:ResourceTag/${TagKey}" + ] + } + ], + "conditionKeys": [ + { + "name": "aws:RequestTag/${TagKey}", + "referenceHref": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag", + "description": "Filters access by the tags that are passed in the request", + "type": "String" + }, + { + "name": "aws:ResourceTag/${TagKey}", + "referenceHref": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag", + "description": "Filters access by the tags associated with the resource", + "type": "String" + }, + { + "name": "aws:TagKeys", + "referenceHref": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + } + ] + }, { "name": "Alexa for Business", "servicePrefix": "a4b", @@ -20540,6 +20968,251 @@ } ] }, + { + "name": "Amazon Aurora DSQL", + "servicePrefix": "dsql", + "authReferenceHref": "https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonauroradsql.html", + "apiReferenceHref": "https://docs.aws.amazon.com/aurora-dsql/latest/APIReference/", + "actions": [ + { + "name": "CreateCluster", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/aurora-dsql/latest/APIReference/API_CreateCluster.html", + "description": "Grants permission to create new clusters", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "Cluster", + "required": true, + "conditionKeys": [], + "dependentActions": [ + "iam:CreateServiceLinkedRole" + ] + } + ], + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ] + }, + { + "name": "CreateMultiRegionClusters", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/aurora-dsql/latest/APIReference/API_CreateMultiRegionClusters.html", + "description": "Grants permission to create multi-Region clusters. Creating multi-Region clusters also requires CreateCluster permission in each specified Region", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "Cluster", + "required": true, + "conditionKeys": [], + "dependentActions": [ + "dsql:CreateCluster" + ] + } + ], + "conditionKeys": [ + "dsql:WitnessRegion" + ] + }, + { + "name": "DbConnect", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/aurora-dsql/latest/userguide/accessing-sql-clients.html", + "description": "Grants permission to connect to the database", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "Cluster", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "DbConnectAdmin", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/aurora-dsql/latest/userguide/accessing-sql-clients.html", + "description": "Grants permission to connect to the database with admin role. Connecting with any other role requires DbConnect permission", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "Cluster", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "DeleteCluster", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/aurora-dsql/latest/APIReference/API_DeleteCluster.html", + "description": "Grants permission to delete a cluster and all of its data", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "Cluster", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "DeleteMultiRegionClusters", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/aurora-dsql/latest/APIReference/API_DeleteMultiRegionClusters.html", + "description": "Grants permission to delete multi-Region clusters. Deleting multi-Region clusters also requires DeleteCluster permission in each specified Region", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "Cluster", + "required": true, + "conditionKeys": [], + "dependentActions": [ + "dsql:DeleteCluster" + ] + } + ], + "conditionKeys": [] + }, + { + "name": "GetCluster", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/aurora-dsql/latest/APIReference/API_GetCluster.html", + "description": "Grants permission to get information about a cluster", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "Cluster", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "ListClusters", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/aurora-dsql/latest/APIReference/API_ListClusters.html", + "description": "Grants permission to retrieve a list of clusters", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [] + }, + { + "name": "ListTagsForResource", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/aurora-dsql/latest/APIReference/API_ListTagsForResource.html", + "description": "Grants permission to list all tags on an Aurora DSQL resource", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "Cluster", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "TagResource", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/aurora-dsql/latest/APIReference/API_TagResource.html", + "description": "Grants permission to add tags to Aurora DSQL resources", + "accessLevel": "Tagging", + "resourceTypes": [ + { + "resourceType": "Cluster", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ] + }, + { + "name": "UntagResource", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/aurora-dsql/latest/APIReference/API_UntagResource.html", + "description": "Grants permission to remove tags from Aurora DSQL resources", + "accessLevel": "Tagging", + "resourceTypes": [ + { + "resourceType": "Cluster", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "aws:TagKeys" + ] + }, + { + "name": "UpdateCluster", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/aurora-dsql/latest/APIReference/API_UpdateCluster.html", + "description": "Grants permission to modify cluster attributes", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "Cluster", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + } + ], + "resourceTypes": [ + { + "name": "Cluster", + "referenceHref": "https://docs.aws.amazon.com/aurora-dsql/latest/userguide/what-is-core-components.html#Cluster", + "arnPattern": "arn:${Partition}:dsql:${Region}:${Account}:cluster/${Identifier}", + "conditionKeys": [ + "aws:ResourceTag/${TagKey}" + ] + } + ], + "conditionKeys": [ + { + "name": "aws:RequestTag/${TagKey}", + "referenceHref": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag", + "description": "Filters access by a tag key and value pair that is allowed in the request", + "type": "String" + }, + { + "name": "aws:ResourceTag/${TagKey}", + "referenceHref": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag", + "description": "Filters access by the tags associated with the resource", + "type": "String" + }, + { + "name": "aws:TagKeys", + "referenceHref": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys", + "description": "Filters access by a list of tag keys that are allowed in the request", + "type": "ArrayOfString" + }, + { + "name": "dsql:WitnessRegion", + "referenceHref": "https://docs.aws.amazon.com/aurora-dsql/latest/userguide/using-iam-condition-keys.html#witness-region", + "description": "Filters access by the witness region of linked clusters", + "type": "ArrayOfString" + } + ] + }, { "name": "AWS Auto Scaling", "servicePrefix": "autoscaling-plans", @@ -24118,6 +24791,22 @@ ], "conditionKeys": [] }, + { + "name": "AssociateAgentCollaborator", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_AssociateAgentCollaborator.html", + "description": "Grants permission to associate another existing agent as a collaborator to an existing agent", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "agent", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "AssociateAgentKnowledgeBase", "permissionOnly": false, @@ -24217,6 +24906,47 @@ "aws:TagKeys" ] }, + { + "name": "CreateBlueprint", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_CreateBlueprint.html", + "description": "Grants permission to create a blueprint for custom output from data automation", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [] + }, + { + "name": "CreateBlueprintVersion", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_CreateBlueprintVersion.html", + "description": "Grants permission to create a new version for an existing blueprint", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "blueprint", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "CreateDataAutomationProject", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_CreateDataAutomationProject.html", + "description": "Grants permission to create a data automation project", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "blueprint", + "required": false, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "CreateDataSource", "permissionOnly": false, @@ -24385,6 +25115,15 @@ "aws:TagKeys" ] }, + { + "name": "CreateMarketplaceModelEndpoint", + "permissionOnly": false, + "referenceHref": "API_CreateMarketplaceModelEndpoint", + "description": "Grants permission to create a marketplace model endpoint", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [] + }, { "name": "CreateModelCopyJob", "permissionOnly": false, @@ -24633,6 +25372,22 @@ ], "conditionKeys": [] }, + { + "name": "DeleteBlueprint", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_DeleteBlueprint.html", + "description": "Grants permission to delete a blueprint for data automation", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "blueprint", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "DeleteCustomModel", "permissionOnly": false, @@ -24649,6 +25404,22 @@ ], "conditionKeys": [] }, + { + "name": "DeleteDataAutomationProject", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_DeleteDataAutomationProject.html", + "description": "Grants permission to delete a data automation project", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "data-automation-project", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "DeleteDataSource", "permissionOnly": false, @@ -24786,6 +25557,47 @@ ], "conditionKeys": [] }, + { + "name": "DeleteKnowledgeBaseDocuments", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_DeleteKnowledgeBaseDocuments.html", + "description": "Grants permission to delete documents from a knowledge base", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "knowledge-base", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "DeleteMarketplaceModelAgreement", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonbedrock.html", + "description": "Grants permission to unsubscribe from a bedrock marketplace enabled AWS marketplace model", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [] + }, + { + "name": "DeleteMarketplaceModelEndpoint", + "permissionOnly": false, + "referenceHref": "API_DeleteMarketplaceModelEndpoint", + "description": "Grants permission to delete a marketplace model endpoint", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "bedrock-marketplace-model-endpoint", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "DeleteModelInvocationLoggingConfiguration", "permissionOnly": false, @@ -24849,6 +25661,22 @@ ], "conditionKeys": [] }, + { + "name": "DeregisterMarketplaceModelEndpoint", + "permissionOnly": false, + "referenceHref": "API_DeregisterMarketplaceModelEndpoint", + "description": "Grants permission to deregister a marketplace model endpoint to make it unusable in Bedrock Marketplace", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "bedrock-marketplace-model-endpoint", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "DetectGeneratedContent", "permissionOnly": false, @@ -24865,6 +25693,22 @@ ], "conditionKeys": [] }, + { + "name": "DisassociateAgentCollaborator", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_DisassociateAgentCollaborator.html", + "description": "Grants permission to diassociate a collaborator that you associated earlier", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "agent", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "DisassociateAgentKnowledgeBase", "permissionOnly": false, @@ -24887,6 +25731,15 @@ ], "conditionKeys": [] }, + { + "name": "GenerateQuery", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/bedrock/latest/APIReference/welcome.html", + "description": "Grants permission to generate queries associated with user input", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [] + }, { "name": "GetAgent", "permissionOnly": false, @@ -24935,6 +25788,22 @@ ], "conditionKeys": [] }, + { + "name": "GetAgentCollaborator", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_GetAgentCollaborator.html", + "description": "Grants permission to retrieve an existing collaborator", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "agent", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "GetAgentKnowledgeBase", "permissionOnly": false, @@ -24989,6 +25858,47 @@ ], "conditionKeys": [] }, + { + "name": "GetAsyncInvoke", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/bedrock/latest/APIReference/API_GetAsyncInvoke.html", + "description": "Grants permission to get the properties associated with an asynchronous invocation that you have submitted", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "async-invoke", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "GetBlueprint", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_GetBlueprint.html", + "description": "Grants permission to retrieve an existing blueprint for data automation", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "blueprint", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "GetBlueprintRecommendation", + "permissionOnly": true, + "referenceHref": "https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_GetBlueprintRecommendation.html", + "description": "Grants permission to retrieve blueprint recommendation", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [] + }, { "name": "GetCustomModel", "permissionOnly": false, @@ -25005,6 +25915,38 @@ ], "conditionKeys": [] }, + { + "name": "GetDataAutomationProject", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_GetDataAutomationProject.html", + "description": "Grants permission to retrieve an existing data automation project", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "data-automation-project", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "GetDataAutomationStatus", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_GetDataAutomationStatus.html", + "description": "Grants permission to retrieve the status of a data automation invocation job", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "data-automation-invocation-job", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "GetDataSource", "permissionOnly": false, @@ -25196,6 +26138,38 @@ ], "conditionKeys": [] }, + { + "name": "GetKnowledgeBaseDocuments", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_GetKnowledgeBaseDocuments.html", + "description": "Grants permission to get details for documents in a knowledge base", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "knowledge-base", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "GetMarketplaceModelEndpoint", + "permissionOnly": false, + "referenceHref": "API_GetMarketplaceModelEndpoint", + "description": "Grants permission to get the properties of a marketplace model endpoint", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "bedrock-marketplace-model-endpoint", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "GetModelCopyJob", "permissionOnly": false, @@ -25307,6 +26281,22 @@ ], "conditionKeys": [] }, + { + "name": "GetPromptRouter", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/bedrock/latest/APIReference/API_GetPromptRouter.html", + "description": "Grants permission to get the properties associated with a prompt router", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "default-prompt-router", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "GetProvisionedModelThroughput", "permissionOnly": false, @@ -25348,6 +26338,22 @@ "resourceTypes": [], "conditionKeys": [] }, + { + "name": "IngestKnowledgeBaseDocuments", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_IngestKnowledgeBaseDocuments.html", + "description": "Grants permission to directly ingest documents into a knowledge base", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "knowledge-base", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "InvokeAgent", "permissionOnly": false, @@ -25364,6 +26370,15 @@ ], "conditionKeys": [] }, + { + "name": "InvokeBlueprintRecommendationAsync", + "permissionOnly": true, + "referenceHref": "https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_InvokeBlueprintRecommendationAsync.html", + "description": "Grants permission to invoke blueprint recommendations asynchronously", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [] + }, { "name": "InvokeBuilder", "permissionOnly": true, @@ -25373,6 +26388,28 @@ "resourceTypes": [], "conditionKeys": [] }, + { + "name": "InvokeDataAutomationAsync", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_InvokeDataAutomationAsync.html", + "description": "Grants permission to invoke a Bedrock data automation job", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "blueprint", + "required": true, + "conditionKeys": [], + "dependentActions": [] + }, + { + "resourceType": "data-automation-project", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "InvokeFlow", "permissionOnly": false, @@ -25411,6 +26448,24 @@ "conditionKeys": [], "dependentActions": [] }, + { + "resourceType": "async-invoke", + "required": true, + "conditionKeys": [], + "dependentActions": [] + }, + { + "resourceType": "bedrock-marketplace-model-endpoint", + "required": true, + "conditionKeys": [], + "dependentActions": [] + }, + { + "resourceType": "default-prompt-router", + "required": true, + "conditionKeys": [], + "dependentActions": [] + }, { "resourceType": "foundation-model", "required": true, @@ -25437,7 +26492,10 @@ } ], "conditionKeys": [ - "bedrock:InferenceProfileArn" + "bedrock:InferenceProfileArn", + "bedrock:PromptRouterArn", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ] }, { @@ -25453,6 +26511,18 @@ "conditionKeys": [], "dependentActions": [] }, + { + "resourceType": "bedrock-marketplace-model-endpoint", + "required": true, + "conditionKeys": [], + "dependentActions": [] + }, + { + "resourceType": "default-prompt-router", + "required": true, + "conditionKeys": [], + "dependentActions": [] + }, { "resourceType": "foundation-model", "required": true, @@ -25479,7 +26549,8 @@ } ], "conditionKeys": [ - "bedrock:InferenceProfileArn" + "bedrock:InferenceProfileArn", + "bedrock:PromptRouterArn" ] }, { @@ -25514,6 +26585,22 @@ ], "conditionKeys": [] }, + { + "name": "ListAgentCollaborators", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_ListAgentCollaborators.html", + "description": "Grants permission to list collaborators for an agent", + "accessLevel": "List", + "resourceTypes": [ + { + "resourceType": "agent", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "ListAgentKnowledgeBases", "permissionOnly": false, @@ -25555,6 +26642,31 @@ "resourceTypes": [], "conditionKeys": [] }, + { + "name": "ListAsyncInvokes", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/bedrock/latest/APIReference/API_ListAsyncInvokes.html", + "description": "Grants permission to get a list of asynchronous invocations that you have submitted", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [] + }, + { + "name": "ListBlueprints", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_ListBlueprints.html", + "description": "Grants permission to list existing blueprints for data automation", + "accessLevel": "List", + "resourceTypes": [ + { + "resourceType": "data-automation-project", + "required": false, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "ListCustomModels", "permissionOnly": false, @@ -25564,6 +26676,22 @@ "resourceTypes": [], "conditionKeys": [] }, + { + "name": "ListDataAutomationProjects", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_ListDataAutomationProjects.html", + "description": "Grants permission to list existing data automation projects", + "accessLevel": "List", + "resourceTypes": [ + { + "resourceType": "blueprint", + "required": false, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "ListDataSources", "permissionOnly": false, @@ -25698,6 +26826,22 @@ ], "conditionKeys": [] }, + { + "name": "ListKnowledgeBaseDocuments", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_ListKnowledgeBaseDocuments.html", + "description": "Grants permission to list documents in a knowledge base", + "accessLevel": "List", + "resourceTypes": [ + { + "resourceType": "knowledge-base", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "ListKnowledgeBases", "permissionOnly": false, @@ -25707,6 +26851,15 @@ "resourceTypes": [], "conditionKeys": [] }, + { + "name": "ListMarketplaceModelEndpoints", + "permissionOnly": false, + "referenceHref": "API_ListMarketplaceModelEndpoints", + "description": "Grants permission to list marketplace model endpoints that you can use", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [] + }, { "name": "ListModelCopyJobs", "permissionOnly": false, @@ -25752,6 +26905,15 @@ "resourceTypes": [], "conditionKeys": [] }, + { + "name": "ListPromptRouters", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/bedrock/latest/APIReference/API_ListPromptRouters.html", + "description": "Grants permission to list prompt routers that you can use", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [] + }, { "name": "ListPrompts", "permissionOnly": false, @@ -25802,6 +26964,12 @@ "conditionKeys": [], "dependentActions": [] }, + { + "resourceType": "async-invoke", + "required": true, + "conditionKeys": [], + "dependentActions": [] + }, { "resourceType": "custom-model", "required": true, @@ -25895,6 +27063,15 @@ ], "conditionKeys": [] }, + { + "name": "OptimizePrompt", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent-runtime_OptimizePrompt.html", + "description": "Grants permission to optimize a prompt with user input", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [] + }, { "name": "PrepareAgent", "permissionOnly": false, @@ -25973,6 +27150,22 @@ "resourceTypes": [], "conditionKeys": [] }, + { + "name": "RegisterMarketplaceModelEndpoint", + "permissionOnly": false, + "referenceHref": "API_RegisterMarketplaceModelEndpoint", + "description": "Grants permission to register a sagemaker endpoint as a marketplace model endpoint", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "bedrock-marketplace-model-endpoint", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "RenderPrompt", "permissionOnly": true, @@ -25995,6 +27188,15 @@ ], "conditionKeys": [] }, + { + "name": "Rerank", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/bedrock/latest/APIReference/welcome.html", + "description": "Grants permission to rank documents based on user input", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [] + }, { "name": "Retrieve", "permissionOnly": false, @@ -26125,6 +27327,12 @@ "conditionKeys": [], "dependentActions": [] }, + { + "resourceType": "async-invoke", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, { "resourceType": "custom-model", "required": false, @@ -26246,6 +27454,12 @@ "conditionKeys": [], "dependentActions": [] }, + { + "resourceType": "async-invoke", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, { "resourceType": "custom-model", "required": false, @@ -26389,6 +27603,22 @@ ], "conditionKeys": [] }, + { + "name": "UpdateAgentCollaborator", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_UpdateAgentCollaborator.html", + "description": "Grants permission to update an existing collaborator", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "agent", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "UpdateAgentKnowledgeBase", "permissionOnly": false, @@ -26411,6 +27641,44 @@ ], "conditionKeys": [] }, + { + "name": "UpdateBlueprint", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_UpdateBlueprint.html", + "description": "Grants permission to update a blueprint for data automation", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "blueprint", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "UpdateDataAutomationProject", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_UpdateDataAutomationProject.html", + "description": "Grants permission to update a data automation project", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "data-automation-project", + "required": true, + "conditionKeys": [], + "dependentActions": [] + }, + { + "resourceType": "blueprint", + "required": false, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "UpdateDataSource", "permissionOnly": false, @@ -26491,6 +27759,22 @@ ], "conditionKeys": [] }, + { + "name": "UpdateMarketplaceModelEndpoint", + "permissionOnly": false, + "referenceHref": "API_UpdateMarketplaceModelEndpoint", + "description": "Grants permission to update a marketplace model endpoint", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "bedrock-marketplace-model-endpoint", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "UpdatePrompt", "permissionOnly": false, @@ -26552,12 +27836,26 @@ "arnPattern": "arn:${Partition}:bedrock:${Region}::foundation-model/${ResourceId}", "conditionKeys": [] }, + { + "name": "async-invoke", + "referenceHref": "https://docs.aws.amazon.com/bedrock/latest/APIReference/welcome.html", + "arnPattern": "arn:${Partition}:bedrock:${Region}:${Account}:async-invoke/${ResourceId}", + "conditionKeys": [ + "aws:ResourceTag/${TagKey}" + ] + }, { "name": "inference-profile", "referenceHref": "https://docs.aws.amazon.com/bedrock/latest/APIReference/welcome.html", "arnPattern": "arn:${Partition}:bedrock:${Region}:${Account}:inference-profile/${ResourceId}", "conditionKeys": [] }, + { + "name": "default-prompt-router", + "referenceHref": "https://docs.aws.amazon.com/bedrock/latest/APIReference/welcome.html", + "arnPattern": "arn:${Partition}:bedrock:${Region}:${Account}:default-prompt-router/${ResourceId}", + "conditionKeys": [] + }, { "name": "application-inference-profile", "referenceHref": "https://docs.aws.amazon.com/bedrock/latest/APIReference/welcome.html", @@ -26701,6 +27999,30 @@ "conditionKeys": [ "aws:ResourceTag/${TagKey}" ] + }, + { + "name": "bedrock-marketplace-model-endpoint", + "referenceHref": "https://docs.aws.amazon.com/bedrock/latest/APIReference/welcome.html", + "arnPattern": "arn:${Partition}:bedrock:${Region}:${Account}:marketplace/model-endpoint/all-access", + "conditionKeys": [] + }, + { + "name": "data-automation-project", + "referenceHref": "https://docs.aws.amazon.com/bedrock/latest/APIReference/welcome.html", + "arnPattern": "arn:${Partition}:bedrock:${Region}:${Account}:data-automation-project/${ProjectId}", + "conditionKeys": [] + }, + { + "name": "blueprint", + "referenceHref": "https://docs.aws.amazon.com/bedrock/latest/APIReference/welcome.html", + "arnPattern": "arn:${Partition}:bedrock:${Region}:${Account}:blueprint/${BlueprintId}", + "conditionKeys": [] + }, + { + "name": "data-automation-invocation-job", + "referenceHref": "https://docs.aws.amazon.com/bedrock/latest/APIReference/welcome.html", + "arnPattern": "arn:${Partition}:bedrock:${Region}:${Account}:data-automation-invocation/${JobId}", + "conditionKeys": [] } ], "conditionKeys": [ @@ -26728,6 +28050,12 @@ "description": "Filters access by the specified inference profile", "type": "ARN" }, + { + "name": "bedrock:PromptRouterArn", + "referenceHref": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-globally-available", + "description": "Filters access by the specified prompt router", + "type": "ARN" + }, { "name": "bedrock:ThirdPartyKnowledgeBaseCredentialsSecretArn", "referenceHref": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-globally-available", @@ -30191,6 +31519,15 @@ "resourceTypes": [], "conditionKeys": [] }, + { + "name": "AssociateVoiceConnectorConnect", + "permissionOnly": true, + "referenceHref": "https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonconnect.html#amazonconnect-actions-as-permissions", + "description": "Grants permission to associate the specified Amazon Connect instance with an Amazon Chime Voice Connector", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [] + }, { "name": "AuthorizeDirectory", "permissionOnly": false, @@ -30599,6 +31936,30 @@ ], "conditionKeys": [] }, + { + "name": "CreateConnectAnalyticsConnector", + "permissionOnly": true, + "referenceHref": "https://docs.aws.amazon.com/chime-sdk/latest/APIReference/API_voice-chime_CreateVoiceConnector.html", + "description": "Grants permission to create an Amazon Connect Analytics Connector in the AWS account (tag-based access controls are only supported on voice-chime.\u003cregion\u003e.amazonaws.com endpoints)", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ] + }, + { + "name": "CreateConnectCallTransferConnector", + "permissionOnly": true, + "referenceHref": "https://docs.aws.amazon.com/chime-sdk/latest/APIReference/API_voice-chime_CreateVoiceConnector.html", + "description": "Grants permission to create an Amazon Connect Call Transfer Connector in the AWS account (tag-based access controls are only supported on voice-chime.\u003cregion\u003e.amazonaws.com endpoints)", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ] + }, { "name": "CreateMediaCapturePipeline", "permissionOnly": false, @@ -30843,7 +32204,7 @@ { "name": "CreateVoiceConnector", "permissionOnly": false, - "referenceHref": "https://docs.aws.amazon.com/chime/latest/APIReference/API_CreateVoiceConnector.html", + "referenceHref": "https://docs.aws.amazon.com/chime-sdk/latest/APIReference/API_voice-chime_CreateVoiceConnector.html", "description": "Grants permission to create a Voice Connector in the AWS account (tag-based access controls are only supported on voice-chime.\u003cregion\u003e.amazonaws.com endpoints)", "accessLevel": "Write", "resourceTypes": [], @@ -31428,6 +32789,22 @@ ], "conditionKeys": [] }, + { + "name": "DeleteVoiceConnectorExternalSystemsConfiguration", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/chime-sdk/latest/APIReference/API_voice-chime_DeleteVoiceConnectorExternalSystemsConfiguration.html", + "description": "Grants permission to delete the configuration of the external system that is connected with the specified Amazon Chime Voice Connector", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "voice-connector", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "DeleteVoiceConnectorGroup", "permissionOnly": false, @@ -31918,6 +33295,15 @@ "resourceTypes": [], "conditionKeys": [] }, + { + "name": "DisassociateVoiceConnectorConnect", + "permissionOnly": true, + "referenceHref": "https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonconnect.html#amazonconnect-actions-as-permissions", + "description": "Grants permission to disassociate the Amazon Connect instance from the specified Amazon Chime Voice Connector", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [] + }, { "name": "DisconnectDirectory", "permissionOnly": false, @@ -32471,6 +33857,22 @@ ], "conditionKeys": [] }, + { + "name": "GetVoiceConnectorExternalSystemsConfiguration", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/chime-sdk/latest/APIReference/API_voice-chime_GetVoiceConnectorExternalSystemsConfiguration.html", + "description": "Grants permission to get the configuration of the external system that is connected with the specified Amazon Chime Voice Connector", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "voice-connector", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "GetVoiceConnectorGroup", "permissionOnly": false, @@ -33622,6 +35024,22 @@ ], "conditionKeys": [] }, + { + "name": "PutVoiceConnectorExternalSystemsConfiguration", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/chime-sdk/latest/APIReference/API_voice-chime_PutVoiceConnectorExternalSystemsConfiguration.html", + "description": "Grants permission to update the configuration of the external system that is connected with the specified Amazon Chime Voice Connector", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "voice-connector", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "PutVoiceConnectorLoggingConfiguration", "permissionOnly": false, @@ -35129,6 +36547,7 @@ "aws:TagKeys" ], "dependentActions": [ + "athena:GetTableMetadata", "glue:BatchGetPartition", "glue:GetDatabase", "glue:GetDatabases", @@ -48588,6 +50007,15 @@ "resourceTypes": [], "conditionKeys": [] }, + { + "name": "DeleteIntegration", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteIntegration.html", + "description": "Grants permission to delete the integration", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [] + }, { "name": "DeleteLogAnomalyDetector", "permissionOnly": false, @@ -49004,6 +50432,15 @@ ], "conditionKeys": [] }, + { + "name": "GetIntegration", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetIntegration.html", + "description": "Grants permission to retrieve a single integration", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [] + }, { "name": "GetLogAnomalyDetector", "permissionOnly": false, @@ -49143,6 +50580,15 @@ "resourceTypes": [], "conditionKeys": [] }, + { + "name": "ListIntegrations", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListIntegrations.html", + "description": "Grants permission to list all integrations associated with the AWS account making the request", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [] + }, { "name": "ListLogAnomalyDetectors", "permissionOnly": false, @@ -49375,6 +50821,15 @@ "resourceTypes": [], "conditionKeys": [] }, + { + "name": "PutIntegration", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutIntegration.html", + "description": "Grants permission to create integration between cloudwatch logs and opensearch", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [] + }, { "name": "PutLogEvents", "permissionOnly": false, @@ -50427,6 +51882,88 @@ } ] }, + { + "name": "Amazon CloudWatch Observability Admin Service", + "servicePrefix": "observabilityadmin", + "authReferenceHref": "https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoncloudwatchobservabilityadminservice.html", + "apiReferenceHref": "https://docs.aws.amazon.com/ObservabilityAdmin/latest/APIReference/", + "actions": [ + { + "name": "GetTelemetryEvaluationStatus", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/ObservabilityAdmin/latest/APIReference/API_GetTelemetryEvaluationStatus.html", + "description": "Grants permission to retrieve the Telemetry Config feature status for the account", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [] + }, + { + "name": "GetTelemetryEvaluationStatusForOrganization", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/ObservabilityAdmin/latest/APIReference/API_GetTelemetryEvaluationStatusForOrganization.html", + "description": "Grants permission to retrieve the Telemetry Config feature status for the organization", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [] + }, + { + "name": "ListResourceTelemetry", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/ObservabilityAdmin/latest/APIReference/API_ListResourceTelemetry.html", + "description": "Grants permission to retrieve telemetry configurations for resources associated with the account", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [] + }, + { + "name": "ListResourceTelemetryForOrganization", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/ObservabilityAdmin/latest/APIReference/API_ListResourceTelemetryForOrganization.html", + "description": "Grants permission to retrieve telemetry configurations for resources associated with accounts in the organization", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [] + }, + { + "name": "StartTelemetryEvaluation", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/ObservabilityAdmin/latest/APIReference/API_StartTelemetryEvaluation.html", + "description": "Grants permission to start the Telemetry Config feature for the account", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [] + }, + { + "name": "StartTelemetryEvaluationForOrganization", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/ObservabilityAdmin/latest/APIReference/API_StartTelemetryEvaluationForOrganization.html", + "description": "Grants permission to start the Telemetry Config feature for the organization", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [] + }, + { + "name": "StopTelemetryEvaluation", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/ObservabilityAdmin/latest/APIReference/API_StopTelemetryEvaluation.html", + "description": "Grants permission to stop the Telemetry Config feature for the account", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [] + }, + { + "name": "StopTelemetryEvaluationForOrganization", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/ObservabilityAdmin/latest/APIReference/API_StopTelemetryEvaluationForOrganization.html", + "description": "Grants permission to stop the Telemetry Config feature for the organization", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [] + } + ], + "resourceTypes": [], + "conditionKeys": [] + }, { "name": "AWS CloudWatch RUM", "servicePrefix": "rum", @@ -64537,6 +66074,22 @@ "authReferenceHref": "https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsconfig.html", "apiReferenceHref": "https://docs.aws.amazon.com/config/latest/APIReference/", "actions": [ + { + "name": "AssociateResourceTypes", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/config/latest/APIReference/API_AssociateResourceTypes.html", + "description": "Grants permission to add all specified resource types to the RecordingGroup of configuration recorder and includes those resource types when recording", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "ConfigurationRecorder", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "BatchGetAggregateResourceConfig", "permissionOnly": false, @@ -64614,9 +66167,16 @@ "name": "DeleteConfigurationRecorder", "permissionOnly": false, "referenceHref": "https://docs.aws.amazon.com/config/latest/APIReference/API_DeleteConfigurationRecorder.html", - "description": "Grants permission to delete the configuration recorder", + "description": "Grants permission to delete the customer managed configuration recorder", "accessLevel": "Write", - "resourceTypes": [], + "resourceTypes": [ + { + "resourceType": "ConfigurationRecorder", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], "conditionKeys": [] }, { @@ -64744,6 +66304,24 @@ "resourceTypes": [], "conditionKeys": [] }, + { + "name": "DeleteServiceLinkedConfigurationRecorder", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/config/latest/APIReference/API_DeleteServiceLinkedConfigurationRecorder.html", + "description": "Grants permission to delete the service-linked configuration recorder", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "ConfigurationRecorder", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "config:ConfigurationRecorderServicePrincipal" + ] + }, { "name": "DeleteStoredQuery", "permissionOnly": false, @@ -64877,17 +66455,35 @@ "referenceHref": "https://docs.aws.amazon.com/config/latest/APIReference/API_DescribeConfigurationRecorderStatus.html", "description": "Grants permission to return the current status of the specified configuration recorder", "accessLevel": "Read", - "resourceTypes": [], - "conditionKeys": [] + "resourceTypes": [ + { + "resourceType": "ConfigurationRecorder", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "config:ConfigurationRecorderServicePrincipal" + ] }, { "name": "DescribeConfigurationRecorders", "permissionOnly": false, "referenceHref": "https://docs.aws.amazon.com/config/latest/APIReference/API_DescribeConfigurationRecorders.html", "description": "Grants permission to return the names of one or more specified configuration recorders", - "accessLevel": "List", - "resourceTypes": [], - "conditionKeys": [] + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "ConfigurationRecorder", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "config:ConfigurationRecorderServicePrincipal" + ] }, { "name": "DescribeConformancePackCompliance", @@ -65036,6 +66632,22 @@ "resourceTypes": [], "conditionKeys": [] }, + { + "name": "DisassociateResourceTypes", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/config/latest/APIReference/API_DisassociateResourceTypes.html", + "description": "Grants permission to remove all specified resource types from the RecordingGroup of configuration recorder and excludes these resource types when recording", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "ConfigurationRecorder", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "GetAggregateComplianceDetailsByConfigRule", "permissionOnly": false, @@ -65314,6 +66926,15 @@ ], "conditionKeys": [] }, + { + "name": "ListConfigurationRecorders", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/config/latest/APIReference/API_ListConfigurationRecorders.html", + "description": "Grants permission to list the configuration recorder summaries for an AWS account in an AWS Region", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [] + }, { "name": "ListConformancePackComplianceScores", "permissionOnly": false, @@ -65375,6 +66996,12 @@ "conditionKeys": [], "dependentActions": [] }, + { + "resourceType": "ConfigurationRecorder", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, { "resourceType": "ConformancePack", "required": false, @@ -65467,10 +67094,13 @@ "name": "PutConfigurationRecorder", "permissionOnly": false, "referenceHref": "https://docs.aws.amazon.com/config/latest/APIReference/API_PutConfigurationRecorder.html", - "description": "Grants permission to create a new configuration recorder to record the selected resource configurations", + "description": "Grants permission to create or update a customer managed configuration recorder to record the selected resource configurations", "accessLevel": "Write", "resourceTypes": [], - "conditionKeys": [] + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ] }, { "name": "PutConformancePack", @@ -65616,6 +67246,19 @@ "resourceTypes": [], "conditionKeys": [] }, + { + "name": "PutServiceLinkedConfigurationRecorder", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/config/latest/APIReference/API_PutServiceLinkedConfigurationRecorder.html", + "description": "Grants permission to create a new service-linked configuration recorder to record the resource configurations in scope for the linked service", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "config:ConfigurationRecorderServicePrincipal" + ] + }, { "name": "PutStoredQuery", "permissionOnly": false, @@ -65680,9 +67323,16 @@ "name": "StartConfigurationRecorder", "permissionOnly": false, "referenceHref": "https://docs.aws.amazon.com/config/latest/APIReference/API_StartConfigurationRecorder.html", - "description": "Grants permission to start recording configurations of the AWS resources you have selected to record in your AWS account", + "description": "Grants permission to the customer managed configuration recorder to start recording configurations of the AWS resources you have selected to record in your AWS account", "accessLevel": "Write", - "resourceTypes": [], + "resourceTypes": [ + { + "resourceType": "ConfigurationRecorder", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], "conditionKeys": [] }, { @@ -65707,9 +67357,16 @@ "name": "StopConfigurationRecorder", "permissionOnly": false, "referenceHref": "https://docs.aws.amazon.com/config/latest/APIReference/API_StopConfigurationRecorder.html", - "description": "Grants permission to stop recording configurations of the AWS resources you have selected to record in your AWS account", + "description": "Grants permission to the customer managed configuration recorder to stop recording configurations of the AWS resources you have selected to record in your AWS account", "accessLevel": "Write", - "resourceTypes": [], + "resourceTypes": [ + { + "resourceType": "ConfigurationRecorder", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], "conditionKeys": [] }, { @@ -65737,6 +67394,12 @@ "conditionKeys": [], "dependentActions": [] }, + { + "resourceType": "ConfigurationRecorder", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, { "resourceType": "ConformancePack", "required": false, @@ -65792,6 +67455,12 @@ "conditionKeys": [], "dependentActions": [] }, + { + "resourceType": "ConfigurationRecorder", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, { "resourceType": "ConformancePack", "required": false, @@ -65884,6 +67553,14 @@ "conditionKeys": [ "aws:ResourceTag/${TagKey}" ] + }, + { + "name": "ConfigurationRecorder", + "referenceHref": "https://docs.aws.amazon.com/config/latest/APIReference/API_ConfigurationRecorder.html", + "arnPattern": "arn:${Partition}:config:${Region}:${Account}:configuration-recorder/${RecorderName}/${RecorderId}", + "conditionKeys": [ + "aws:ResourceTag/${TagKey}" + ] } ], "conditionKeys": [ @@ -65904,6 +67581,12 @@ "referenceHref": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys", "description": "Filters access by the presence of mandatory tags in the request", "type": "ArrayOfString" + }, + { + "name": "config:ConfigurationRecorderServicePrincipal", + "referenceHref": "https://docs.aws.amazon.com/config/latest/developerguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies-conditionkeys", + "description": "Filters access by service principal of the configuration recorder", + "type": "String" } ] }, @@ -66642,6 +68325,10 @@ "app-integrations:CreateEventIntegrationAssociation", "app-integrations:GetApplication", "cases:GetDomain", + "chime:AssociateVoiceConnectorConnect", + "chime:DisassociateVoiceConnectorConnect", + "chime:TagResource", + "chime:UntagResource", "connect:DescribeInstance", "ds:DescribeDirectories", "events:PutRule", @@ -68738,7 +70425,9 @@ "required": true, "conditionKeys": [], "dependentActions": [ - "sms-voice:DescribePhoneNumbers" + "sms-voice:DescribePhoneNumbers", + "social-messaging:GetLinkedWhatsAppBusinessAccountPhoneNumber", + "social-messaging:TagResource" ] }, { @@ -70280,6 +71969,15 @@ "resourceTypes": [], "conditionKeys": [] }, + { + "name": "SendIntegrationEvent", + "permissionOnly": true, + "referenceHref": "https://docs.aws.amazon.com/connect/latest/adminguide/whatsapp-integration.html", + "description": "Grants permission to send integration events using the Amazon Connect API", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [] + }, { "name": "SendOutboundEmail", "permissionOnly": false, @@ -70407,6 +72105,31 @@ ], "conditionKeys": [] }, + { + "name": "StartEmailContact", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/connect/latest/APIReference/API_StartEmailContact.html", + "description": "Grants permission to initiate an inbound email using the Amazon Connect API", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "instance", + "required": true, + "conditionKeys": [], + "dependentActions": [] + }, + { + "resourceType": "contact-flow", + "required": false, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ] + }, { "name": "StartForecastingPlanningSchedulingIntegration", "permissionOnly": true, @@ -75036,6 +76759,22 @@ ], "conditionKeys": [] }, + { + "name": "PutProfileOutboundRequestBatch", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/connect/latest/adminguide/enable-outbound-campaigns.html", + "description": "Grants permission to create profile outbound requests for the specified campaign", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "campaign", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "ResumeCampaign", "permissionOnly": false, @@ -83226,7 +84965,7 @@ }, { "name": "CreateProjectProfile", - "permissionOnly": true, + "permissionOnly": false, "referenceHref": "${APIReferenceDocPage}API_CreateProjectProfile.html", "description": "Grants permission to create a project profile", "accessLevel": "Write", @@ -83467,7 +85206,7 @@ }, { "name": "DeleteProjectProfile", - "permissionOnly": true, + "permissionOnly": false, "referenceHref": "${APIReferenceDocPage}API_DeleteProjectProfile.html", "description": "Grants permission to delete a project profile", "accessLevel": "Write", @@ -83798,7 +85537,7 @@ }, { "name": "GetProjectProfile", - "permissionOnly": true, + "permissionOnly": false, "referenceHref": "${APIReferenceDocPage}API_GetProjectProfile.html", "description": "Grants permission to get project profile details", "accessLevel": "Read", @@ -84120,7 +85859,7 @@ }, { "name": "ListProjectProfiles", - "permissionOnly": true, + "permissionOnly": false, "referenceHref": "${APIReferenceDocPage}API_ListProjectProfiles.html", "description": "Grants permission to list project profiles", "accessLevel": "List", @@ -84603,7 +86342,7 @@ }, { "name": "UpdateProjectProfile", - "permissionOnly": true, + "permissionOnly": false, "referenceHref": "${APIReferenceDocPage}API_UpdateProjectProfile.html", "description": "Grants permission to update a project profile", "accessLevel": "Write", @@ -118085,6 +119824,22 @@ ], "conditionKeys": [] }, + { + "name": "GetMarketplaceResource", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_GetMarketplaceResource.html", + "description": "Grants permission to retrieve Marketplace provided resource", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "component", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "GetWorkflow", "permissionOnly": false, @@ -125815,7 +127570,10 @@ "eks:bootstrapClusterCreatorAdminPermissions", "eks:bootstrapSelfManagedAddons", "eks:authenticationMode", - "eks:supportType" + "eks:supportType", + "eks:computeConfigEnabled", + "eks:elasticLoadBalancingEnabled", + "eks:blockStorageEnabled" ] }, { @@ -126663,7 +128421,10 @@ ], "conditionKeys": [ "eks:authenticationMode", - "eks:supportType" + "eks:supportType", + "eks:computeConfigEnabled", + "eks:elasticLoadBalancingEnabled", + "eks:blockStorageEnabled" ] }, { @@ -126861,6 +128622,12 @@ "description": "Filters access by the authenticationMode present in the create / update cluster request", "type": "String" }, + { + "name": "eks:blockStorageEnabled", + "referenceHref": "https://docs.aws.amazon.com/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies", + "description": "Filters access by the block storage enabled parameter in the create / update cluster request", + "type": "Bool" + }, { "name": "eks:bootstrapClusterCreatorAdminPermissions", "referenceHref": "https://docs.aws.amazon.com/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies", @@ -126885,6 +128652,18 @@ "description": "Filters access by the clusterName present in the access entry requests the user makes to the EKS service", "type": "String" }, + { + "name": "eks:computeConfigEnabled", + "referenceHref": "https://docs.aws.amazon.com/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies", + "description": "Filters access by the compute config enabled parameter in the create / update cluster request", + "type": "Bool" + }, + { + "name": "eks:elasticLoadBalancingEnabled", + "referenceHref": "https://docs.aws.amazon.com/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies", + "description": "Filters access by the elastic load balancing enabled parameter in the create / update cluster request", + "type": "Bool" + }, { "name": "eks:issuerUrl", "referenceHref": "https://docs.aws.amazon.com/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies", @@ -157634,6 +159413,22 @@ ], "conditionKeys": [] }, + { + "name": "GetJobUpgradeAnalysis", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/glue/latest/dg/aws-glue-api-upgrade-analysis.html#aws-glue-api-upgrade-analysis-GetJobUpgradeAnalysis", + "description": "Grants permission to retrieve an upgrade analysis for a job", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "job", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "GetJobs", "permissionOnly": false, @@ -158710,6 +160505,22 @@ ], "conditionKeys": [] }, + { + "name": "ListJobUpgradeAnalyses", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/glue/latest/dg/aws-glue-api-upgrade-analysis.html#aws-glue-api-upgrade-analysis-ListJobUpgradeAnalyses", + "description": "Grants permission to list upgrade analyses for a job", + "accessLevel": "List", + "resourceTypes": [ + { + "resourceType": "job", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "ListJobs", "permissionOnly": false, @@ -159420,6 +161231,22 @@ ], "conditionKeys": [] }, + { + "name": "StartJobUpgradeAnalysis", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/glue/latest/dg/aws-glue-api-upgrade-analysis.html#aws-glue-api-upgrade-analysis-StartJobUpgradeAnalysis", + "description": "Grants permission to start running upgrade analysis for a job", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "job", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "StartMLEvaluationTaskRun", "permissionOnly": false, @@ -159562,6 +161389,22 @@ "resourceTypes": [], "conditionKeys": [] }, + { + "name": "StopJobUpgradeAnalysis", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/glue/latest/dg/aws-glue-api-upgrade-analysis.html#aws-glue-api-upgrade-analysis-StopJobUpgradeAnalysis", + "description": "Grants permission to stop an on-going upgrade analysis for a job", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "job", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "StopSession", "permissionOnly": false, @@ -160419,6 +162262,22 @@ ], "conditionKeys": [] }, + { + "name": "UpgradeJob", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/glue/latest/dg/aws-glue-api-upgrade-analysis.html#aws-glue-api-upgrade-analysis-UpgradeJob", + "description": "Grants permission to upgrade a job to the latest version", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "job", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "UseGlueStudio", "permissionOnly": false, @@ -176604,12 +178463,51 @@ "name": "AWS Invoicing Service", "servicePrefix": "invoicing", "authReferenceHref": "https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsinvoicingservice.html", - "apiReferenceHref": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html", + "apiReferenceHref": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/security_iam_id-based-policy-examples.html#billing-permissions-ref", "actions": [ + { + "name": "BatchGetInvoiceProfile", + "permissionOnly": true, + "referenceHref": "API_BatchGetInvoiceProfile.html", + "description": "Grants permission to get invoice profile details for an account in your organization", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [] + }, + { + "name": "CreateInvoiceUnit", + "permissionOnly": true, + "referenceHref": "API_CreateInvoiceUnit.html", + "description": "Grants permission to create an invoice unit for your organization", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ] + }, + { + "name": "DeleteInvoiceUnit", + "permissionOnly": true, + "referenceHref": "API_DeleteInvoiceUnit.html", + "description": "Grants permission to update an invoice unit for your organization", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "invoice-unit", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "aws:ResourceTag/${TagKey}" + ] + }, { "name": "GetInvoiceEmailDeliveryPreferences", "permissionOnly": true, - "referenceHref": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", + "referenceHref": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/security_iam_id-based-policy-examples.html#billing-permissions-ref", "description": "Grants permission to get Invoice Email Delivery Preferences", "accessLevel": "Read", "resourceTypes": [], @@ -176618,33 +178516,161 @@ { "name": "GetInvoicePDF", "permissionOnly": true, - "referenceHref": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", + "referenceHref": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/security_iam_id-based-policy-examples.html#billing-permissions-ref", "description": "Grants permission to get Invoice PDF", "accessLevel": "Read", "resourceTypes": [], "conditionKeys": [] }, + { + "name": "GetInvoiceUnit", + "permissionOnly": true, + "referenceHref": "API_GetInvoiceUnit.html", + "description": "Grants permission to get invoice units for your organization", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "invoice-unit", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "ListInvoiceSummaries", "permissionOnly": true, - "referenceHref": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", + "referenceHref": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/security_iam_id-based-policy-examples.html#billing-permissions-ref", "description": "Grants permission to get Invoice summary information for your account or linked account", "accessLevel": "Read", "resourceTypes": [], "conditionKeys": [] }, + { + "name": "ListInvoiceUnits", + "permissionOnly": true, + "referenceHref": "API_ListInvoiceUnits.html", + "description": "Grants permission to list invoice units for your organization", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [] + }, + { + "name": "ListTagsForResource", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_ListTagsForResource.html", + "description": "Grants permission to list tags for a resource", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "invoice-unit", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "aws:ResourceTag/${TagKey}" + ] + }, { "name": "PutInvoiceEmailDeliveryPreferences", "permissionOnly": true, - "referenceHref": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", + "referenceHref": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/security_iam_id-based-policy-examples.html#billing-permissions-ref", "description": "Grants permission to put Invoice Email Delivery Preferences", "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [] + }, + { + "name": "TagResource", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_TagResource.html", + "description": "Grants permission to tag a resource", + "accessLevel": "Tagging", + "resourceTypes": [ + { + "resourceType": "invoice-unit", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" + ] + }, + { + "name": "UntagResource", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_UntagResource.html", + "description": "Grants permission to untag a resource", + "accessLevel": "Tagging", + "resourceTypes": [ + { + "resourceType": "invoice-unit", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "aws:TagKeys", + "aws:ResourceTag/${TagKey}" + ] + }, + { + "name": "UpdateInvoiceUnit", + "permissionOnly": true, + "referenceHref": "API_UpdateInvoiceUnit.html", + "description": "Grants permission to update an invoice unit for your organization", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "invoice-unit", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "aws:ResourceTag/${TagKey}" + ] } ], - "resourceTypes": [], - "conditionKeys": [] + "resourceTypes": [ + { + "name": "invoice-unit", + "referenceHref": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/API_invoicing_InvoiceUnit.html", + "arnPattern": "arn:${Partition}:invoicing::${Account}:invoice-unit/${Identifier}", + "conditionKeys": [ + "aws:ResourceTag/${TagKey}" + ] + } + ], + "conditionKeys": [ + { + "name": "aws:RequestTag/${TagKey}", + "referenceHref": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag", + "description": "Filters access by allowed set of values for each of the tags", + "type": "String" + }, + { + "name": "aws:ResourceTag/${TagKey}", + "referenceHref": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag", + "description": "Filters access by tag-value associated with the resource", + "type": "String" + }, + { + "name": "aws:TagKeys", + "referenceHref": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys", + "description": "Filters access by presence of mandatory tags in the request", + "type": "ArrayOfString" + } + ] }, { "name": "AWS IoT", @@ -219709,6 +221735,12 @@ "conditionKeys": [], "dependentActions": [] }, + { + "resourceType": "multiregioncluster", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, { "resourceType": "snapshot", "required": false, @@ -219723,6 +221755,29 @@ "memorydb:TLSEnabled" ] }, + { + "name": "CreateMultiRegionCluster", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/memorydb/latest/APIReference/API_CreateMultiRegionCluster.html", + "description": "Grants permissions to create a Multi-Region cluster", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "multiregionparametergroup", + "required": true, + "conditionKeys": [], + "dependentActions": [ + "memorydb:TagResource" + ] + } + ], + "conditionKeys": [ + "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "memorydb:TLSEnabled" + ] + }, { "name": "CreateParameterGroup", "permissionOnly": false, @@ -219822,6 +221877,12 @@ "ec2:DescribeVpcs" ] }, + { + "resourceType": "multiregioncluster", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, { "resourceType": "snapshot", "required": false, @@ -219833,6 +221894,24 @@ "aws:ResourceTag/${TagKey}" ] }, + { + "name": "DeleteMultiRegionCluster", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/memorydb/latest/APIReference/API_DeleteMultiRegionCluster.html", + "description": "Grants permissions to delete a Multi-Region cluster", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "multiregioncluster", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "aws:ResourceTag/${TagKey}" + ] + }, { "name": "DeleteParameterGroup", "permissionOnly": false, @@ -219965,6 +222044,56 @@ "resourceTypes": [], "conditionKeys": [] }, + { + "name": "DescribeMultiRegionClusters", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/memorydb/latest/APIReference/API_DescribeMultiRegionClusters.html", + "description": "Grants permissions to retrieve information about all Multi-Region clusters if no cluster identifier is specified, or about a specific Multi-Region cluster if a cluster identifier is supplied", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "multiregioncluster", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "aws:ResourceTag/${TagKey}" + ] + }, + { + "name": "DescribeMultiRegionParameterGroups", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/memorydb/latest/APIReference/API_DescribeMultiRegionParameterGroups.html", + "description": "Grants permissions to retrieve information about Multi-Region parameter groups", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "multiregionparametergroup", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "DescribeMultiRegionParameters", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/memorydb/latest/APIReference/API_DescribeMultiRegionParameters.html", + "description": "Grants permissions to retrieve a detailed parameter list for a particular Multi-Region parameter group", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "multiregionparametergroup", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "DescribeParameterGroups", "permissionOnly": false, @@ -220115,6 +222244,24 @@ "aws:ResourceTag/${TagKey}" ] }, + { + "name": "ListAllowedMultiRegionClusterUpdates", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/memorydb/latest/APIReference/API_ListAllowedMultiRegionClusterUpdates.html", + "description": "Grants permissions to list available Multi-Region cluster updates", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "multiregioncluster", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "aws:ResourceTag/${TagKey}" + ] + }, { "name": "ListAllowedNodeTypeUpdates", "permissionOnly": false, @@ -220152,6 +222299,12 @@ "conditionKeys": [], "dependentActions": [] }, + { + "resourceType": "multiregioncluster", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, { "resourceType": "parametergroup", "required": false, @@ -220240,6 +222393,12 @@ "conditionKeys": [], "dependentActions": [] }, + { + "resourceType": "multiregioncluster", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, { "resourceType": "parametergroup", "required": false, @@ -220296,6 +222455,12 @@ "conditionKeys": [], "dependentActions": [] }, + { + "resourceType": "multiregioncluster", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, { "resourceType": "parametergroup", "required": false, @@ -220386,6 +222551,36 @@ "aws:ResourceTag/${TagKey}" ] }, + { + "name": "UpdateMultiRegionCluster", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/memorydb/latest/APIReference/API_UpdateMultiRegionCluster.html", + "description": "Grants permissions to update the settings for a Multi-Region cluster", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "multiregioncluster", + "required": true, + "conditionKeys": [], + "dependentActions": [ + "ec2:CreateNetworkInterface", + "ec2:DeleteNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs" + ] + }, + { + "resourceType": "multiregionparametergroup", + "required": false, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "aws:ResourceTag/${TagKey}" + ] + }, { "name": "UpdateParameterGroup", "permissionOnly": false, @@ -220443,6 +222638,12 @@ } ], "resourceTypes": [ + { + "name": "multiregionparametergroup", + "referenceHref": "https://docs.aws.amazon.com/memorydb/latest/devguide/WhatIs.Components.html", + "arnPattern": "arn:${Partition}:memorydb::${Account}:multiregionparametergroup/${MultiRegionParameterGroupName}", + "conditionKeys": [] + }, { "name": "parametergroup", "referenceHref": "https://docs.aws.amazon.com/memorydb/latest/devguide/WhatIs.Components.html", @@ -220459,6 +222660,15 @@ "aws:ResourceTag/${TagKey}" ] }, + { + "name": "multiregioncluster", + "referenceHref": "https://docs.aws.amazon.com/memorydb/latest/devguide/WhatIs.Components.html", + "arnPattern": "arn:${Partition}:memorydb::${Account}:multiregioncluster/${ClusterName}", + "conditionKeys": [ + "aws:ResourceTag/${TagKey}", + "memorydb:TLSEnabled" + ] + }, { "name": "cluster", "referenceHref": "https://docs.aws.amazon.com/memorydb/latest/devguide/WhatIs.Components.html", @@ -225422,6 +227632,469 @@ } ] }, + { + "name": "Network Flow Monitor", + "servicePrefix": "networkflowmonitor", + "authReferenceHref": "https://docs.aws.amazon.com/service-authorization/latest/reference/list_networkflowmonitor.html", + "apiReferenceHref": "https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/Welcome.html", + "actions": [ + { + "name": "CreateMonitor", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_CreateMonitor.html", + "description": "Grants permission to create a monitor", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "monitor", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ] + }, + { + "name": "CreateScope", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_CreateScope.html", + "description": "Grants permission to create a scope", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ] + }, + { + "name": "DeleteMonitor", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_DeleteMonitor.html", + "description": "Grants permission to delete a monitor", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "monitor", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "DeleteScope", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_DeleteScope.html", + "description": "Grants permission to delete a scope", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "scope", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "GetMonitor", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_GetMonitor.html", + "description": "Grants permission to get information about a monitor", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "monitor", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "GetQueryResultsMonitorTopContributors", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_GetQueryResultsMonitorTopContributors.html", + "description": "Grants permission to get the results of a query that retrieves top contributors data for a monitor", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "monitor", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "GetQueryResultsWorkloadInsightsTopContributors", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_GetQueryResultsWorkloadInsightsTopContributors.html", + "description": "Grants permission to get the results of a query that retrieves top contributors for workload insights", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "scope", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "GetQueryResultsWorkloadInsightsTopContributorsData", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_GetQueryResultsWorkloadInsightsTopContributorsData.html", + "description": "Grants permission to get the results of a query that retrieves top contributors data points for workload insights", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "scope", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "GetQueryStatusMonitorTopContributors", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_GetQueryStatusMonitorTopContributors.html", + "description": "Grants permission to get the status of a query that retrieves top contributors data for a monitor", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "monitor", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "GetQueryStatusWorkloadInsightsTopContributors", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_GetQueryStatusWorkloadInsightsTopContributors.html", + "description": "Grants permission to get the status of a query that retrieves top contributors for workload insights", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "scope", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "GetQueryStatusWorkloadInsightsTopContributorsData", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_GetQueryStatusWorkloadInsightsTopContributorsData.html", + "description": "Grants permission to get the status of a query that retrieves top contributors data points for workload insights", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "scope", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "GetScope", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_GetScope.html", + "description": "Grants permission to get information about a scope", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "scope", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "ListMonitors", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_ListMonitors.html", + "description": "Grants permission to list all monitors in an account and their statuses", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [] + }, + { + "name": "ListScopes", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_ListScopes.html", + "description": "Grants permission to get all scopes for an account", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [] + }, + { + "name": "ListTagsForResource", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_ListTagsForResource.html", + "description": "Grants permission to list the tags for a resource", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "monitor", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, + { + "resourceType": "scope", + "required": false, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "Publish", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_Publish.html", + "description": "Grants permission to publish a report", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [] + }, + { + "name": "StartQueryMonitorTopContributors", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_StartQueryMonitorTopContributors.html", + "description": "Grants permission to start a query for retrieving top contributors data for a monitor", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "monitor", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "StartQueryWorkloadInsightsTopContributors", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_StartQueryWorkloadInsightsTopContributors.html", + "description": "Grants permission to start a query for retrieving top contributors data for workload insights", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "scope", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "StartQueryWorkloadInsightsTopContributorsData", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_StartQueryWorkloadInsightsTopContributorsData.html", + "description": "Grants permission to start a query for retrieving top contributors data points for workload insights", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "scope", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "StopQueryMonitorTopContributors", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_StopQueryMonitorTopContributors.html", + "description": "Grants permission to stop a query for retrieving top contributors data for a monitor", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "monitor", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "StopQueryWorkloadInsightsTopContributors", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_StopQueryWorkloadInsightsTopContributors.html", + "description": "Grants permission to stop a query for retrieving top contributors for workload insights", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "scope", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "StopQueryWorkloadInsightsTopContributorsData", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_StopQueryWorkloadInsightsTopContributorsData.html", + "description": "Grants permission to stop a query for retrieving top contributors data points for workload insights", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "scope", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "TagResource", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_TagResource.html", + "description": "Grants permission to add tags to a resource", + "accessLevel": "Tagging", + "resourceTypes": [ + { + "resourceType": "monitor", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, + { + "resourceType": "scope", + "required": false, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ] + }, + { + "name": "UntagResource", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_UntagResource.html", + "description": "Grants permission to remove tags from a resource", + "accessLevel": "Tagging", + "resourceTypes": [ + { + "resourceType": "monitor", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, + { + "resourceType": "scope", + "required": false, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "aws:TagKeys" + ] + }, + { + "name": "UpdateMonitor", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_UpdateMonitor.html", + "description": "Grants permission to update a monitor", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "monitor", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "UpdateScope", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/networkflowmonitor/2.0/APIReference/API_UpdateScope.html", + "description": "Grants permission to update a scope", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "scope", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + } + ], + "resourceTypes": [ + { + "name": "monitor", + "referenceHref": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-NetworkFlowMonitor-configure-monitors.html", + "arnPattern": "arn:${Partition}:networkflowmonitor:${Region}:${Account}:monitor/${MonitorName}", + "conditionKeys": [ + "aws:ResourceTag/${TagKey}" + ] + }, + { + "name": "scope", + "referenceHref": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-NetworkFlowMonitor-organizations.html", + "arnPattern": "arn:${Partition}:networkflowmonitor:${Region}:${Account}:scope/${ScopeId}", + "conditionKeys": [ + "aws:ResourceTag/${TagKey}" + ] + } + ], + "conditionKeys": [ + { + "name": "aws:RequestTag/${TagKey}", + "referenceHref": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag", + "description": "Filters access by the tag key-value pairs in the request", + "type": "String" + }, + { + "name": "aws:ResourceTag/${TagKey}", + "referenceHref": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag", + "description": "Filters access by the tag key-value pairs attached to the resource", + "type": "String" + }, + { + "name": "aws:TagKeys", + "referenceHref": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys", + "description": "Filters access by the tag keys in the request", + "type": "ArrayOfString" + } + ] + }, { "name": "AWS Network Manager", "servicePrefix": "networkmanager", @@ -229151,6 +231824,70 @@ } ], "conditionKeys": [] + }, + { + "name": "CancelDirectQuery", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/opensearch-service/latest/APIReference/API_CancelDirectQuery.html", + "description": "Grants permission to cancel the query that is submitted on the OpenSearch DataSource resource", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "datasource", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "GetDirectQuery", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/opensearch-service/latest/APIReference/API_GetDirectQuery.html", + "description": "Grants permission to get the query status that are performed on the OpenSearch DataSource resource", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "datasource", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "GetDirectQueryResult", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/opensearch-service/latest/APIReference/API_GetDirectQueryResult.html", + "description": "Grants permission to get the results of a query that is performed on the OpenSearch DataSource resource", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "datasource", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "StartDirectQuery", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/opensearch-service/latest/APIReference/API_StartDirectQuery.html", + "description": "Grants permission to start a direct query on the provided OpenSearch DataSource arns", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "datasource", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] } ], "resourceTypes": [ @@ -229159,6 +231896,12 @@ "referenceHref": "https://docs.aws.amazon.com/opensearch-service/latest/developerguide/ac.html", "arnPattern": "arn:${Partition}:opensearch:${Region}:${Account}:application/${AppId}", "conditionKeys": [] + }, + { + "name": "datasource", + "referenceHref": "https://docs.aws.amazon.com/opensearch-service/latest/developerguide/datasource.html", + "arnPattern": "arn:${Partition}:opensearch:${Region}:${Account}:datasource/${DataSourceName}", + "conditionKeys": [] } ], "conditionKeys": [] @@ -229773,6 +232516,7 @@ "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [ + "aws:ResourceTag/${TagKey}", "aws:RequestTag/${TagKey}", "aws:TagKeys" ] @@ -229962,11 +232706,30 @@ ], "conditionKeys": [] }, + { + "name": "AddDirectQueryDataSource", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/opensearch-service/latest/APIReference/API_AddDirectQueryDataSource.html", + "description": "Grants permission to add the data source for the provided OpenSearch arns", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "datasource", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ] + }, { "name": "AddTags", "permissionOnly": false, "referenceHref": "https://docs.aws.amazon.com/opensearch-service/latest/APIReference/API_AddTags.html", - "description": "Grants permission to attach resource tags to an OpenSearch Service domain", + "description": "Grants permission to attach resource tags to an OpenSearch Service domain, data source, or application", "accessLevel": "Tagging", "resourceTypes": [ { @@ -229975,6 +232738,12 @@ "conditionKeys": [], "dependentActions": [] }, + { + "resourceType": "datasource", + "required": true, + "conditionKeys": [], + "dependentActions": [] + }, { "resourceType": "domain", "required": true, @@ -230226,6 +232995,22 @@ ], "conditionKeys": [] }, + { + "name": "DeleteDirectQueryDataSource", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/opensearch-service/latest/APIReference/API_DeleteDirectQueryDataSource.html", + "description": "Grants permission to delete the data source for the provided OpenSearch arns", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "datasource", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "DeleteDomain", "permissionOnly": false, @@ -230813,6 +233598,22 @@ ], "conditionKeys": [] }, + { + "name": "GetDirectQueryDataSource", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/opensearch-service/latest/APIReference/API_GetDirectQueryDataSource.html", + "description": "Grants permission to get the data source for the provided OpenSearch arns", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "datasource", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "GetDomainMaintenanceStatus", "permissionOnly": false, @@ -230902,6 +233703,22 @@ ], "conditionKeys": [] }, + { + "name": "ListDirectQueryDataSources", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/opensearch-service/latest/APIReference/API_ListDirectQueryDataSources.html", + "description": "Grants permission to retrieve a list of data source for the provided OpenSearch arns", + "accessLevel": "List", + "resourceTypes": [ + { + "resourceType": "datasource", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "ListDomainMaintenances", "permissionOnly": false, @@ -231008,7 +233825,7 @@ "name": "ListTags", "permissionOnly": false, "referenceHref": "https://docs.aws.amazon.com/opensearch-service/latest/APIReference/API_ListTags.html", - "description": "Grants permission to display all resource tags for an OpenSearch Service domain", + "description": "Grants permission to display all resource tags for an OpenSearch Service domain, data source, or application", "accessLevel": "Read", "resourceTypes": [ { @@ -231017,6 +233834,12 @@ "conditionKeys": [], "dependentActions": [] }, + { + "resourceType": "datasource", + "required": true, + "conditionKeys": [], + "dependentActions": [] + }, { "resourceType": "domain", "required": true, @@ -231102,7 +233925,7 @@ "name": "RemoveTags", "permissionOnly": false, "referenceHref": "https://docs.aws.amazon.com/opensearch-service/latest/APIReference/API_RemoveTags.html", - "description": "Grants permission to remove resource tags from an OpenSearch Service domain", + "description": "Grants permission to remove resource tags from an OpenSearch Service domain, data source, or application", "accessLevel": "Tagging", "resourceTypes": [ { @@ -231111,6 +233934,12 @@ "conditionKeys": [], "dependentActions": [] }, + { + "resourceType": "datasource", + "required": true, + "conditionKeys": [], + "dependentActions": [] + }, { "resourceType": "domain", "required": true, @@ -231211,6 +234040,22 @@ ], "conditionKeys": [] }, + { + "name": "UpdateDirectQueryDataSource", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/opensearch-service/latest/APIReference/API_UpdateDirectQueryDataSource.html", + "description": "Grants permission to update the data source for the provided OpenSearch arns", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "datasource", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "UpdateDomainConfig", "permissionOnly": false, @@ -231351,6 +234196,14 @@ "conditionKeys": [ "aws:ResourceTag/${TagKey}" ] + }, + { + "name": "datasource", + "referenceHref": "https://docs.aws.amazon.com/opensearch-service/latest/developerguide/datasource.html", + "arnPattern": "arn:${Partition}:opensearch:${Region}:${Account}:datasource/${DataSourceName}", + "conditionKeys": [ + "aws:ResourceTag/${TagKey}" + ] } ], "conditionKeys": [ @@ -235415,6 +238268,28 @@ "partnercentral:RelatedEntityType" ] }, + { + "name": "CreateEngagement", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/partner-central/latest/APIReference/API_CreateEngagement.html", + "description": "Grants permission to create engagements on AWS Partner Central", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [ + "partnercentral:Catalog" + ] + }, + { + "name": "CreateEngagementInvitation", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/partner-central/latest/APIReference/API_CreateEngagementInvitation.html", + "description": "Grants permission to create engagement invitations on AWS Partner Central", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [ + "partnercentral:Catalog" + ] + }, { "name": "CreateOpportunity", "permissionOnly": false, @@ -235426,6 +238301,49 @@ "partnercentral:Catalog" ] }, + { + "name": "CreateResourceSnapshot", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/partner-central/latest/APIReference/API_CreateResourceSnapshot.html", + "description": "Grants permission to create resource snapshots on AWS Partner Central", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "ResourceSnapshot", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "partnercentral:Catalog" + ] + }, + { + "name": "CreateResourceSnapshotJob", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/partner-central/latest/APIReference/API_CreateResourceSnapshotJob.html", + "description": "Grants permission to create resource snapshot jobs on AWS Partner Central", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [] + }, + { + "name": "DeleteResourceSnapshotJob", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/partner-central/latest/APIReference/API_DeleteResourceSnapshotJob.html", + "description": "Grants permission to delete resource snapshot jobs on AWS Partner Central", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "resource-snapshot-job", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "DisassociateOpportunity", "permissionOnly": false, @@ -235463,6 +238381,24 @@ "partnercentral:Catalog" ] }, + { + "name": "GetEngagement", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/partner-central/latest/APIReference/API_GetEngagement.html", + "description": "Grants permission to retrieve engagement details on AWS Partner Central", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "Engagement", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "partnercentral:Catalog" + ] + }, { "name": "GetEngagementInvitation", "permissionOnly": false, @@ -235499,6 +238435,75 @@ "partnercentral:Catalog" ] }, + { + "name": "GetResourceSnapshot", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/partner-central/latest/APIReference/API_GetResourceSnapshot.html", + "description": "Grants permission to retrieve resource snapshot details on AWS Partner Central", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "ResourceSnapshot", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "partnercentral:Catalog" + ] + }, + { + "name": "GetResourceSnapshotJob", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/partner-central/latest/APIReference/API_GetResourceSnapshotJob.html", + "description": "Grants permission to retrieve resource snapshot job details on AWS Partner Central", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "resource-snapshot-job", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "partnercentral:Catalog" + ] + }, + { + "name": "GetSellingSystemSettings", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/partner-central/latest/APIReference/API_GetSellingSystemSettings.html", + "description": "Grants permission to retrieve system settings settings on AWS Partner Central", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [ + "partnercentral:Catalog" + ] + }, + { + "name": "ListEngagementByAcceptingInvitationTasks", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/partner-central/latest/APIReference/API_ListEngagementByAcceptingInvitationTasks.html", + "description": "Grants permission to list engagements by accepting invitation tasks on AWS Partner Central", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [ + "partnercentral:Catalog" + ] + }, + { + "name": "ListEngagementFromOpportunityTasks", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/partner-central/latest/APIReference/API_ListEngagementFromOpportunityTasks.html", + "description": "Grants permission to list engagements from opportunity tasks on AWS Partner Central", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [ + "partnercentral:Catalog" + ] + }, { "name": "ListEngagementInvitations", "permissionOnly": false, @@ -235510,6 +238515,53 @@ "partnercentral:Catalog" ] }, + { + "name": "ListEngagementMembers", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/partner-central/latest/APIReference/API_ListEngagementMembers.html", + "description": "Grants permission to list engagement members on AWS Partner Central", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "Engagement", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "partnercentral:Catalog" + ] + }, + { + "name": "ListEngagementResourceAssociations", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/partner-central/latest/APIReference/API_ListEngagementResourceAssociations.html", + "description": "Grants permission to list engagement resource associations on AWS Partner Central", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "ResourceSnapshot", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "partnercentral:Catalog" + ] + }, + { + "name": "ListEngagements", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/partner-central/latest/APIReference/API_ListEngagements.html", + "description": "Grants permission to list engagements on AWS Partner Central", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [ + "partnercentral:Catalog" + ] + }, { "name": "ListOpportunities", "permissionOnly": false, @@ -235521,6 +238573,35 @@ "partnercentral:Catalog" ] }, + { + "name": "ListResourceSnapshotJobs", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/partner-central/latest/APIReference/API_ListResourceSnapshotJobs.html", + "description": "Grants permission to list resource snapshot jobs on AWS Partner Central", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [ + "partnercentral:Catalog" + ] + }, + { + "name": "ListResourceSnapshots", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/partner-central/latest/APIReference/API_ListResourceSnapshots.html", + "description": "Grants permission to list resource snapshots on AWS Partner Central", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "ResourceSnapshot", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "partnercentral:Catalog" + ] + }, { "name": "ListSolutions", "permissionOnly": false, @@ -235532,6 +238613,15 @@ "partnercentral:Catalog" ] }, + { + "name": "PutSellingSystemSettings", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/partner-central/latest/APIReference/API_PutSellingSystemSettings.html", + "description": "Grants permission to put system settings settings on AWS Partner Central", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [] + }, { "name": "RejectEngagementInvitation", "permissionOnly": false, @@ -235572,6 +238662,38 @@ "partnercentral:Catalog" ] }, + { + "name": "StartResourceSnapshotJob", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/partner-central/latest/APIReference/API_StartResourceSnapshotJob.html", + "description": "Grants permission to start resource snapshot jobs on AWS Partner Central", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "resource-snapshot-job", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "StopResourceSnapshotJob", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/partner-central/latest/APIReference/API_StopResourceSnapshotJob.html", + "description": "Grants permission to stop resource snapshot jobs on AWS Partner Central", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "resource-snapshot-job", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "SubmitOpportunity", "permissionOnly": false, @@ -235610,6 +238732,12 @@ } ], "resourceTypes": [ + { + "name": "Engagement", + "referenceHref": "https://docs.aws.amazon.com/partner-central/latest/APIReference/working-with-engagements.html", + "arnPattern": "arn:${Partition}:partnercentral:${Region}::catalog/${Catalog}/engagement/${Identifier}", + "conditionKeys": [] + }, { "name": "engagement-by-accepting-invitation-task", "referenceHref": "https://docs.aws.amazon.com/partner-central/latest/APIReference/working-with-tasks.html", @@ -235634,6 +238762,18 @@ "arnPattern": "arn:${Partition}:partnercentral:${Region}:${Account}:catalog/${Catalog}/opportunity/${Identifier}", "conditionKeys": [] }, + { + "name": "resource-snapshot-job", + "referenceHref": "https://docs.aws.amazon.com/partner-central/latest/APIReference/working-with-multi-partner-opportunities.html", + "arnPattern": "arn:${Partition}:partnercentral:${Region}:${Account}:catalog/${Catalog}/resource-snapshot-job/${Identifier}", + "conditionKeys": [] + }, + { + "name": "ResourceSnapshot", + "referenceHref": "https://docs.aws.amazon.com/partner-central/latest/APIReference/working-with-multi-partner-opportunities.html", + "arnPattern": "arn:${Partition}:partnercentral:${Region}:${Account}:catalog/${Catalog}/engagement/${EngagementIdentifier}/resource/${ResourceType}/${ResourceIdentifier}/template/${TemplateIdentifier}/resource-snapshot/${SnapshotRevision}", + "conditionKeys": [] + }, { "name": "Solution", "referenceHref": "https://docs.aws.amazon.com/partner-central/latest/APIReference/working-with-solutions.html", @@ -237934,7 +241074,7 @@ { "name": "featureTransformation", "referenceHref": "https://docs.aws.amazon.com/personalize/latest/dg/API_FeatureTransformation.html", - "arnPattern": "arn:${Partition}:personalize:${Region}:${Account}:feature-transformation/${ResourceId}", + "arnPattern": "arn:${Partition}:personalize:::feature-transformation/${ResourceId}", "conditionKeys": [] }, { @@ -237994,13 +241134,13 @@ { "name": "recipe", "referenceHref": "https://docs.aws.amazon.com/personalize/latest/dg/API_Recipe.html", - "arnPattern": "arn:${Partition}:personalize:${Region}:${Account}:recipe/${ResourceId}", + "arnPattern": "arn:${Partition}:personalize:::recipe/${ResourceId}", "conditionKeys": [] }, { "name": "algorithm", "referenceHref": "https://docs.aws.amazon.com/personalize/latest/dg/API_Algorithm.html", - "arnPattern": "arn:${Partition}:personalize:${Region}:${Account}:algorithm/${ResourceId}", + "arnPattern": "arn:${Partition}:personalize:::algorithm/${ResourceId}", "conditionKeys": [] }, { @@ -242562,6 +245702,25 @@ } ] }, + { + "name": "AWS PrivateLink", + "servicePrefix": "vpce", + "authReferenceHref": "https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsprivatelink.html", + "apiReferenceHref": "https://docs.aws.amazon.com/AWSEC2/latest/APIReference/", + "actions": [ + { + "name": "AllowMultiRegion", + "permissionOnly": true, + "referenceHref": "https://docs.aws.amazon.com/vpc/latest/privatelink/vpc/latest/privatelink/security_iam_service-with-iam.html", + "description": "Grants permission to manage multi-region VPC endpoints and VPC endpoint service configurations", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [] + } + ], + "resourceTypes": [], + "conditionKeys": [] + }, { "name": "AWS Proton", "servicePrefix": "proton", @@ -245309,6 +248468,24 @@ "aws:ResourceTag/${TagKey}" ] }, + { + "name": "AssociatePermission", + "permissionOnly": false, + "referenceHref": "${APIReferenceDocPage}API_AssociatePermission.html", + "description": "Associate resource based policy statement to the application", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "application", + "required": true, + "conditionKeys": [], + "dependentActions": [ + "qbusiness:PutResourcePolicy" + ] + } + ], + "conditionKeys": [] + }, { "name": "BatchDeleteDocument", "permissionOnly": false, @@ -245419,6 +248596,22 @@ "aws:TagKeys" ] }, + { + "name": "CreateDataAccessor", + "permissionOnly": false, + "referenceHref": "${APIReferenceDocPage}API_CreateDataAccessor.html", + "description": "Create DataAccessor to the application", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "application", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "CreateDataSource", "permissionOnly": false, @@ -245463,6 +248656,25 @@ "aws:TagKeys" ] }, + { + "name": "CreateIntegration", + "permissionOnly": false, + "referenceHref": "${APIReferenceDocPage}API_CreateIntegration.html", + "description": "Grants permission to create a new integration for a Q Business application", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "application", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ] + }, { "name": "CreateLicense", "permissionOnly": false, @@ -245612,6 +248824,28 @@ ], "conditionKeys": [] }, + { + "name": "DeleteDataAccessor", + "permissionOnly": false, + "referenceHref": "${APIReferenceDocPage}API_DeleteDataAccessor.html", + "description": "Delete DataAccessor", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "application", + "required": true, + "conditionKeys": [], + "dependentActions": [] + }, + { + "resourceType": "data-accessor", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "DeleteDataSource", "permissionOnly": false, @@ -245684,6 +248918,28 @@ ], "conditionKeys": [] }, + { + "name": "DeleteIntegration", + "permissionOnly": false, + "referenceHref": "${APIReferenceDocPage}API_DeleteIntegration.html", + "description": "Grants permission to delete an integration for a Q Business application", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "application", + "required": true, + "conditionKeys": [], + "dependentActions": [] + }, + { + "resourceType": "integration", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "DeletePlugin", "permissionOnly": false, @@ -245782,6 +249038,24 @@ ], "conditionKeys": [] }, + { + "name": "DisassociatePermission", + "permissionOnly": false, + "referenceHref": "${APIReferenceDocPage}API_DisassociatePermission.html", + "description": "Disassociate resource based policy statement to the application", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "application", + "required": true, + "conditionKeys": [], + "dependentActions": [ + "qbusiness:PutResourcePolicy" + ] + } + ], + "conditionKeys": [] + }, { "name": "GetApplication", "permissionOnly": false, @@ -245814,6 +249088,28 @@ ], "conditionKeys": [] }, + { + "name": "GetDataAccessor", + "permissionOnly": false, + "referenceHref": "${APIReferenceDocPage}API_GetDataAccessor.html", + "description": "Get DataAccessor", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "application", + "required": true, + "conditionKeys": [], + "dependentActions": [] + }, + { + "resourceType": "data-accessor", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "GetDataSource", "permissionOnly": false, @@ -245886,6 +249182,28 @@ ], "conditionKeys": [] }, + { + "name": "GetIntegration", + "permissionOnly": false, + "referenceHref": "${APIReferenceDocPage}API_GetIntegration.html", + "description": "Grants permission to get an integration for a Q Business application", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "application", + "required": true, + "conditionKeys": [], + "dependentActions": [] + }, + { + "resourceType": "integration", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "GetLicense", "permissionOnly": false, @@ -245902,6 +249220,22 @@ ], "conditionKeys": [] }, + { + "name": "GetMedia", + "permissionOnly": false, + "referenceHref": "${APIReferenceDocPage}API_GetMedia.html", + "description": "Grants permission to get the media associated to a system message", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "application", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "GetPlugin", "permissionOnly": false, @@ -245924,6 +249258,22 @@ ], "conditionKeys": [] }, + { + "name": "GetPolicy", + "permissionOnly": false, + "referenceHref": "${APIReferenceDocPage}API_GetPolicy.html", + "description": "Get resource based policy of the application", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "application", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "GetRetriever", "permissionOnly": false, @@ -246025,6 +249375,22 @@ ], "conditionKeys": [] }, + { + "name": "ListDataAccessors", + "permissionOnly": false, + "referenceHref": "${APIReferenceDocPage}API_ListDataAccessors.html", + "description": "List DataAccessor for the application", + "accessLevel": "List", + "resourceTypes": [ + { + "resourceType": "application", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "ListDataSourceSyncJobs", "permissionOnly": false, @@ -246135,6 +249501,22 @@ ], "conditionKeys": [] }, + { + "name": "ListIntegrations", + "permissionOnly": false, + "referenceHref": "${APIReferenceDocPage}API_ListIntegrations.html", + "description": "Grants permission to list all integrations for a Q Business application", + "accessLevel": "List", + "resourceTypes": [ + { + "resourceType": "application", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "ListMessages", "permissionOnly": false, @@ -246151,6 +249533,46 @@ ], "conditionKeys": [] }, + { + "name": "ListPluginActions", + "permissionOnly": false, + "referenceHref": "${APIReferenceDocPage}API_ListPluginActions.html", + "description": "Grants permission to list the plugins actions of a plugin within application", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "application", + "required": true, + "conditionKeys": [], + "dependentActions": [] + }, + { + "resourceType": "plugin", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "ListPluginTypeActions", + "permissionOnly": false, + "referenceHref": "${APIReferenceDocPage}API_ListPluginTypeActions.html", + "description": "Grants permission to list all the actions for a plugin type", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [] + }, + { + "name": "ListPluginTypeMetadata", + "permissionOnly": false, + "referenceHref": "${APIReferenceDocPage}API_ListPluginTypeMetadata.html", + "description": "Grants permission to list all the plugin type metadata", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [] + }, { "name": "ListPlugins", "permissionOnly": false, @@ -246212,6 +249634,12 @@ "conditionKeys": [], "dependentActions": [] }, + { + "resourceType": "data-accessor", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, { "resourceType": "data-source", "required": false, @@ -246224,6 +249652,12 @@ "conditionKeys": [], "dependentActions": [] }, + { + "resourceType": "integration", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, { "resourceType": "plugin", "required": false, @@ -246308,6 +249742,22 @@ ], "conditionKeys": [] }, + { + "name": "PutResourcePolicy", + "permissionOnly": false, + "referenceHref": "${APIReferenceDocPage}API_AssociatePermission.html", + "description": "Put resource based policy statement to the application", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "application", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "RemoveUserLicenses", "permissionOnly": false, @@ -246317,6 +249767,22 @@ "resourceTypes": [], "conditionKeys": [] }, + { + "name": "SearchRelevantContent", + "permissionOnly": false, + "referenceHref": "${APIReferenceDocPage}API_SearchRelevantContent.html", + "description": "Search relevant content from the Amazon Q Business Application", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "application", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "StartDataSourceSyncJob", "permissionOnly": false, @@ -246345,6 +249811,28 @@ ], "conditionKeys": [] }, + { + "name": "StartDeployment", + "permissionOnly": false, + "referenceHref": "${APIReferenceDocPage}API_StartDeployment.html", + "description": "Grants permission to start deployment for an integration", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "application", + "required": true, + "conditionKeys": [], + "dependentActions": [] + }, + { + "resourceType": "integration", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "StopDataSourceSyncJob", "permissionOnly": false, @@ -246386,6 +249874,12 @@ "conditionKeys": [], "dependentActions": [] }, + { + "resourceType": "data-accessor", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, { "resourceType": "data-source", "required": false, @@ -246398,6 +249892,12 @@ "conditionKeys": [], "dependentActions": [] }, + { + "resourceType": "integration", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, { "resourceType": "plugin", "required": false, @@ -246435,6 +249935,12 @@ "conditionKeys": [], "dependentActions": [] }, + { + "resourceType": "data-accessor", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, { "resourceType": "data-source", "required": false, @@ -246447,6 +249953,12 @@ "conditionKeys": [], "dependentActions": [] }, + { + "resourceType": "integration", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, { "resourceType": "plugin", "required": false, @@ -246502,6 +250014,28 @@ ], "conditionKeys": [] }, + { + "name": "UpdateDataAccessor", + "permissionOnly": false, + "referenceHref": "${APIReferenceDocPage}API_UpdateDataAccessor.html", + "description": "Update DataAccessor", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "application", + "required": true, + "conditionKeys": [], + "dependentActions": [] + }, + { + "resourceType": "data-accessor", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "UpdateDataSource", "permissionOnly": false, @@ -246552,6 +250086,28 @@ ], "conditionKeys": [] }, + { + "name": "UpdateIntegration", + "permissionOnly": false, + "referenceHref": "${APIReferenceDocPage}API_UpdateIntegration.html", + "description": "Grants permission to update an integration for a Q Business application", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "application", + "required": true, + "conditionKeys": [], + "dependentActions": [] + }, + { + "resourceType": "integration", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "UpdatePlugin", "permissionOnly": false, @@ -246666,6 +250222,14 @@ "aws:ResourceTag/${TagKey}" ] }, + { + "name": "integration", + "referenceHref": "${UserGuideDocPage}create-integration.html", + "arnPattern": "arn:${Partition}:qbusiness:${Region}:${Account}:application/${ApplicationId}/integration/${IntegrationId}", + "conditionKeys": [ + "aws:ResourceTag/${TagKey}" + ] + }, { "name": "retriever", "referenceHref": "${UserGuideDocPage}select-retriever.html", @@ -246717,6 +250281,14 @@ "referenceHref": "${UserGuideDocPage}subscriptions.html", "arnPattern": "arn:${Partition}:qbusiness:${Region}:${Account}:application/${ApplicationId}/subscription/${SubscriptionId}", "conditionKeys": [] + }, + { + "name": "data-accessor", + "referenceHref": "${UserGuideDocPage}data-accessors.html", + "arnPattern": "arn:${Partition}:qbusiness:${Region}:${Account}:application/${ApplicationId}/data-accessor/${DataAccessorId}", + "conditionKeys": [ + "aws:ResourceTag/${TagKey}" + ] } ], "conditionKeys": [ @@ -246837,7 +250409,7 @@ { "name": "BatchUpdateCategory", "permissionOnly": false, - "referenceHref": "https://docs.aws.amazon.com/amazonq/latest/api-reference/API_BatchUpdateCategory.html", + "referenceHref": "https://docs.aws.amazon.com/amazonq/latest/api-reference/API_qapps_BatchUpdateCategory.html", "description": "Grants permission to update the categories of a library in the Q Business application environment", "accessLevel": "Write", "resourceTypes": [ @@ -247108,7 +250680,7 @@ }, { "name": "ExportQAppSessionData", - "permissionOnly": true, + "permissionOnly": false, "referenceHref": "https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/purpose-built-qapps.html", "description": "Grants permission to export Q App session data in the Q Business application environment", "accessLevel": "Write", @@ -247195,7 +250767,7 @@ }, { "name": "GetQAppSessionMetadata", - "permissionOnly": true, + "permissionOnly": false, "referenceHref": "https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/purpose-built-qapps.html", "description": "Grants permission to get Q App session metadata in the Q Business application environment", "accessLevel": "Read", @@ -247322,7 +250894,7 @@ }, { "name": "ListQAppSessionData", - "permissionOnly": true, + "permissionOnly": false, "referenceHref": "https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/purpose-built-qapps.html", "description": "Grants permission to get Q App session data in the Q Business application environment", "accessLevel": "Read", @@ -247641,7 +251213,7 @@ }, { "name": "UpdateQAppSessionMetadata", - "permissionOnly": true, + "permissionOnly": false, "referenceHref": "https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/purpose-built-qapps.html", "description": "Grants permission to update Q App session metadata in the Q Business application environment", "accessLevel": "Write", @@ -251158,6 +254730,15 @@ "aws:TagKeys" ] }, + { + "name": "DeleteDefaultQBusinessApplication", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/quicksight/latest/APIReference/API_DeleteDefaultQBusinessApplication.html", + "description": "Grants permission to delete linked QBusiness application for QuickSight account", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [] + }, { "name": "DeleteEmailCustomizationTemplate", "permissionOnly": true, @@ -251831,6 +255412,15 @@ "aws:TagKeys" ] }, + { + "name": "DescribeDefaultQBusinessApplication", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/quicksight/latest/APIReference/API_DescribeDefaultQBusinessApplication.html", + "description": "Grants permission to describe linked QBusiness application Id for QuickSight account", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [] + }, { "name": "DescribeEmailCustomizationTemplate", "permissionOnly": true, @@ -252007,6 +255597,15 @@ "resourceTypes": [], "conditionKeys": [] }, + { + "name": "DescribeQuickSightQSearchConfiguration", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/quicksight/latest/APIReference/API_DescribeQuickSightQSearchConfiguration.html", + "description": "Grants permission to describe QuickSight Q Search configuration", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [] + }, { "name": "DescribeRefreshSchedule", "permissionOnly": false, @@ -252292,6 +255891,17 @@ "quicksight:AllowedEmbeddingDomains" ] }, + { + "name": "GenerateEmbedUrlForRegisteredUserWithIdentity", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/quicksight/latest/APIReference/API_GenerateEmbedUrlForRegisteredUserWithIdentity.html", + "description": "Grants permission to generate a URL used to embed a QuickSight Experience for a user registered with QuickSight using Identity-enhanced role session", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [ + "quicksight:AllowedEmbeddingDomains" + ] + }, { "name": "GetAnonymousUserEmbedUrl", "permissionOnly": true, @@ -252932,6 +256542,28 @@ "aws:TagKeys" ] }, + { + "name": "PredictQAResults", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/quicksight/latest/APIReference/API_PredictQAResults.html", + "description": "Grants permission to predict QA results", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "dashboard", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, + { + "resourceType": "topic", + "required": false, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "PutDataSetRefreshProperties", "permissionOnly": false, @@ -253472,6 +257104,15 @@ ], "conditionKeys": [] }, + { + "name": "UpdateApplicationWithTokenExchangeGrant", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/quicksight/latest/APIReference/API_UpdateApplicationWithTokenExchangeGrant.html", + "description": "Grants permission to update QuickSight IAM Identity Center application with Token Exchange grant", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [] + }, { "name": "UpdateBrand", "permissionOnly": false, @@ -253688,6 +257329,15 @@ "aws:TagKeys" ] }, + { + "name": "UpdateDefaultQBusinessApplication", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/quicksight/latest/APIReference/API_UpdateDefaultQBusinessApplication.html", + "description": "Grants permission to update linked QBusiness application Id for QuickSight account", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [] + }, { "name": "UpdateEmailCustomizationTemplate", "permissionOnly": true, @@ -253813,6 +257463,15 @@ "resourceTypes": [], "conditionKeys": [] }, + { + "name": "UpdateQuickSightQSearchConfiguration", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/quicksight/latest/APIReference/API_UpdateQuickSightQSearchConfiguration.html", + "description": "Grants permission to update QuickSight Q Search configuration", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [] + }, { "name": "UpdateRefreshSchedule", "permissionOnly": false, @@ -259965,6 +263624,15 @@ ], "conditionKeys": [] }, + { + "name": "DeregisterNamespace", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeregisterNamespace.html", + "description": "Grants permission to deregister the specified namespace from a consumer", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [] + }, { "name": "DescribeAccountAttributes", "permissionOnly": false, @@ -261149,6 +264817,15 @@ ], "conditionKeys": [] }, + { + "name": "RegisterNamespace", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/redshift/latest/APIReference/API_RegisterNamespace.html", + "description": "Grants permission to register the specified namespace to a consumer", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [] + }, { "name": "RejectDataShare", "permissionOnly": false, @@ -262349,6 +266026,15 @@ ], "conditionKeys": [] }, + { + "name": "ListManagedWorkgroups", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/redshift-serverless/latest/APIReference/API_ListManagedWorkgroups.html", + "description": "Grants permission to list managed workgroups in Amazon Redshift Serverless", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [] + }, { "name": "ListNamespaces", "permissionOnly": false, @@ -262932,14 +266618,7 @@ "referenceHref": "https://docs.aws.amazon.com/rekognition/latest/APIReference/API_CreateCollection.html", "description": "Grants permission to create a collection in an AWS Region", "accessLevel": "Write", - "resourceTypes": [ - { - "resourceType": "collection", - "required": true, - "conditionKeys": [], - "dependentActions": [] - } - ], + "resourceTypes": [], "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys" @@ -262959,7 +266638,10 @@ "dependentActions": [] } ], - "conditionKeys": [] + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ] }, { "name": "CreateFaceLivenessSession", @@ -262984,7 +266666,10 @@ "dependentActions": [] } ], - "conditionKeys": [] + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ] }, { "name": "CreateProjectVersion", @@ -263561,9 +267246,33 @@ "description": "Grants permission to return a list of tags associated with a resource", "accessLevel": "Read", "resourceTypes": [ + { + "resourceType": "collection", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, + { + "resourceType": "dataset", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, + { + "resourceType": "project", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, { "resourceType": "projectversion", - "required": true, + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, + { + "resourceType": "streamprocessor", + "required": false, "conditionKeys": [], "dependentActions": [] } @@ -263856,6 +267565,18 @@ "conditionKeys": [], "dependentActions": [] }, + { + "resourceType": "dataset", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, + { + "resourceType": "project", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, { "resourceType": "projectversion", "required": false, @@ -263887,6 +267608,18 @@ "conditionKeys": [], "dependentActions": [] }, + { + "resourceType": "dataset", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, + { + "resourceType": "project", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, { "resourceType": "projectversion", "required": false, @@ -263958,7 +267691,9 @@ "name": "project", "referenceHref": "https://docs.aws.amazon.com/rekognition/latest/customlabels-dg/mp-create-project.html", "arnPattern": "arn:${Partition}:rekognition:${Region}:${Account}:project/${ProjectName}/${CreationTimestamp}", - "conditionKeys": [] + "conditionKeys": [ + "aws:ResourceTag/${TagKey}" + ] }, { "name": "projectversion", @@ -263972,7 +267707,9 @@ "name": "dataset", "referenceHref": "https://docs.aws.amazon.com/rekognition/latest/customlabels-dg/creating-datasets.html", "arnPattern": "arn:${Partition}:rekognition:${Region}:${Account}:project/${ProjectName}/dataset/${DatasetType}/${CreationTimestamp}", - "conditionKeys": [] + "conditionKeys": [ + "aws:ResourceTag/${TagKey}" + ] } ], "conditionKeys": [ @@ -272603,6 +276340,34 @@ "s3:x-amz-object-ownership" ] }, + { + "name": "CreateBucketMetadataTableConfiguration", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucketMetadataTableConfiguration.html", + "description": "Grants permission to create a new S3 Metadata configuration for a specified bucket", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "bucket", + "required": true, + "conditionKeys": [], + "dependentActions": [ + "s3tables:CreateNamespace", + "s3tables:CreateTable", + "s3tables:GetTable", + "s3tables:PutTablePolicy" + ] + } + ], + "conditionKeys": [ + "s3:authType", + "s3:ResourceAccount", + "s3:signatureAge", + "s3:signatureversion", + "s3:TlsVersion", + "s3:x-amz-content-sha256" + ] + }, { "name": "CreateJob", "permissionOnly": false, @@ -272889,6 +276654,29 @@ "s3:x-amz-content-sha256" ] }, + { + "name": "DeleteBucketMetadataTableConfiguration", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketMetadataTableConfiguration.html", + "description": "Grants permission to delete the S3 Metadata configuration for a specified bucket", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "bucket", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "s3:authType", + "s3:ResourceAccount", + "s3:signatureAge", + "s3:signatureversion", + "s3:TlsVersion", + "s3:x-amz-content-sha256" + ] + }, { "name": "DeleteBucketPolicy", "permissionOnly": false, @@ -273682,6 +277470,29 @@ "s3:x-amz-content-sha256" ] }, + { + "name": "GetBucketMetadataTableConfiguration", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketMetadataTableConfiguration.html", + "description": "Grants permission to return the S3 Metadata configuration for a specified bucket", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "bucket", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "s3:authType", + "s3:ResourceAccount", + "s3:signatureAge", + "s3:signatureversion", + "s3:TlsVersion", + "s3:x-amz-content-sha256" + ] + }, { "name": "GetBucketNotification", "permissionOnly": false, @@ -276508,7 +280319,7 @@ }, { "name": "s3:TlsVersion", - "referenceHref": "#example-object-tls-version", + "referenceHref": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/amazon-s3-policy-keys.html#example-object-tls-version", "description": "Filters access by the TLS version used by the client", "type": "Numeric" }, @@ -276956,6 +280767,12 @@ } ], "conditionKeys": [ + { + "name": "s3express:AllAccessRestrictedToLocalZoneGroup", + "referenceHref": "#example-all-access-restricted-to-localzone-group", + "description": "Filters all access to the bucket unless the request originates from the AWS Local Zone network border group(s) provided in this condition key", + "type": "String" + }, { "name": "s3express:LocationName", "referenceHref": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/amazon-s3-express-zonal-policy-keys.html#example-location-name", @@ -279336,6 +283153,532 @@ } ] }, + { + "name": "Amazon S3 Tables", + "servicePrefix": "s3tables", + "authReferenceHref": "https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazons3tables.html", + "apiReferenceHref": "https://docs.aws.amazon.com/AmazonS3/latest/API/", + "actions": [ + { + "name": "CreateNamespace", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonS3/latest/API/API_s3TableBuckets_CreateNamespace.html", + "description": "Grants permission to create a namespace", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "TableBucket", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "CreateTable", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonS3/latest/API/API_s3TableBuckets_CreateTable.html", + "description": "Grants permission to create a table", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "TableBucket", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "s3tables:namespace" + ] + }, + { + "name": "CreateTableBucket", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonS3/latest/API/API_s3TableBuckets_CreateTableBucket.html", + "description": "Grants permission to create a table bucket", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "TableBucket", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "DeleteNamespace", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonS3/latest/API/API_s3TableBuckets_DeleteNamespace.html", + "description": "Grants permission to delete a namespace", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "TableBucket", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "s3tables:namespace" + ] + }, + { + "name": "DeleteTable", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonS3/latest/API/API_s3TableBuckets_DeleteTable.html", + "description": "Grants permission to delete a table", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "Table", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "s3tables:namespace", + "s3tables:tableName" + ] + }, + { + "name": "DeleteTableBucket", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonS3/latest/API/API_s3TableBuckets_DeleteTableBucket.html", + "description": "Grants permission to delete a table bucket", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "TableBucket", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "DeleteTableBucketPolicy", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonS3/latest/API/API_s3TableBuckets_DeleteTableBucketPolicy.html", + "description": "Grants permission to delete a policy on a table bucket", + "accessLevel": "Permissions management", + "resourceTypes": [ + { + "resourceType": "TableBucket", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "DeleteTablePolicy", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonS3/latest/API/API_s3TableBuckets_DeleteTablePolicy.html", + "description": "Grants permission to delete a policy on a table", + "accessLevel": "Permissions management", + "resourceTypes": [ + { + "resourceType": "Table", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "s3tables:namespace", + "s3tables:tableName" + ] + }, + { + "name": "GetNamespace", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonS3/latest/API/API_s3TableBuckets_GetNamespace.html", + "description": "Grants permission to get a namespace", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "TableBucket", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "s3tables:namespace" + ] + }, + { + "name": "GetTable", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonS3/latest/API/API_s3TableBuckets_GetTable.html", + "description": "Grants permission to retrieve a table", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "Table", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "s3tables:namespace", + "s3tables:tableName" + ] + }, + { + "name": "GetTableBucket", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonS3/latest/API/API_s3TableBuckets_GetTableBucket.html", + "description": "Grants permission to retrieve a table bucket", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "TableBucket", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "GetTableBucketMaintenanceConfiguration", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonS3/latest/API/API_s3TableBuckets_GetTableBucketMaintenanceConfiguration.html", + "description": "Grants permission to retrieve a maintenance configuration on a table bucket", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "TableBucket", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "GetTableBucketPolicy", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonS3/latest/API/API_s3TableBuckets_GetTableBucketPolicy.html", + "description": "Grants permission to retrieve a policy on a table bucket", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "TableBucket", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "GetTableData", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-tables-setting-up.html#s3-tables-actions", + "description": "Grants permission to read metadata and data objects from a table storage endpoint using S3 APIs", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "Table", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "s3tables:namespace", + "s3tables:tableName" + ] + }, + { + "name": "GetTableMaintenanceConfiguration", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonS3/latest/API/API_s3TableBuckets_GetTableMaintenanceConfiguration.html", + "description": "Grants permission to retrieve a maintenance configuration on a table", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "Table", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "s3tables:namespace", + "s3tables:tableName" + ] + }, + { + "name": "GetTableMaintenanceJobStatus", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonS3/latest/API/API_s3TableBuckets_GetTableMaintenanceJobStatus.html", + "description": "Grants permission to retrieve the status of maintenance jobs on a table", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "Table", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "s3tables:namespace", + "s3tables:tableName" + ] + }, + { + "name": "GetTableMetadataLocation", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonS3/latest/API/API_s3TableBuckets_GetTableMetadataLocation.html", + "description": "Grants permission to retrieve the metadata location of a table", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "Table", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "s3tables:namespace", + "s3tables:tableName" + ] + }, + { + "name": "GetTablePolicy", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonS3/latest/API/API_s3TableBuckets_GetTablePolicy.html", + "description": "Grants permission to retrieve a policy on a table", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "Table", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "s3tables:namespace", + "s3tables:tableName" + ] + }, + { + "name": "ListNamespaces", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonS3/latest/API/API_s3TableBuckets_ListNamespaces.html", + "description": "Grants permission to list namespaces", + "accessLevel": "List", + "resourceTypes": [ + { + "resourceType": "TableBucket", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "ListTableBuckets", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonS3/latest/API/API_s3TableBuckets_ListTableBuckets.html", + "description": "Grants permission to list table buckets", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [] + }, + { + "name": "ListTables", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonS3/latest/API/API_s3TableBuckets_ListTables.html", + "description": "Grants permission to list tables", + "accessLevel": "List", + "resourceTypes": [ + { + "resourceType": "TableBucket", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "s3tables:namespace" + ] + }, + { + "name": "PutTableBucketMaintenanceConfiguration", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonS3/latest/API/API_s3TableBuckets_PutTableBucketMaintenanceConfiguration.html", + "description": "Grants permission to put a maintenance configuration on a table bucket", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "TableBucket", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "PutTableBucketPolicy", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonS3/latest/API/API_s3TableBuckets_PutTableBucketPolicy.html", + "description": "Grants permission to create or overwrite a policy on a table bucket", + "accessLevel": "Permissions management", + "resourceTypes": [ + { + "resourceType": "TableBucket", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "PutTableData", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-tables-setting-up.html#s3-tables-actions", + "description": "Grants permission to write metadata and data objects to a table storage endpoint using S3 APIs", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "Table", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "s3tables:namespace", + "s3tables:tableName" + ] + }, + { + "name": "PutTableMaintenanceConfiguration", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonS3/latest/API/API_s3TableBuckets_PutTableMaintenanceConfiguration.html", + "description": "Grants permission to put a maintenance configuration on a table", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "Table", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "s3tables:namespace", + "s3tables:tableName" + ] + }, + { + "name": "PutTablePolicy", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonS3/latest/API/API_s3TableBuckets_PutTablePolicy.html", + "description": "Grants permission to create or overwrite a policy on a table", + "accessLevel": "Permissions management", + "resourceTypes": [ + { + "resourceType": "Table", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "s3tables:namespace", + "s3tables:tableName" + ] + }, + { + "name": "RenameTable", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonS3/latest/API/API_s3TableBuckets_RenameTable.html", + "description": "Grants permission to rename a table or move a table across namespaces", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "Table", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "s3tables:namespace" + ] + }, + { + "name": "UpdateTableMetadataLocation", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/AmazonS3/latest/API/API_s3TableBuckets_UpdateTableMetadataLocation.html", + "description": "Grants permission to update the metadata location of a table", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "Table", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "s3tables:namespace", + "s3tables:tableName" + ] + } + ], + "resourceTypes": [ + { + "name": "TableBucket", + "referenceHref": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-tables-buckets.html", + "arnPattern": "arn:${Partition}:s3tables:${Region}:${Account}:bucket/${TableBucketName}", + "conditionKeys": [] + }, + { + "name": "Table", + "referenceHref": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-tables-tables.html", + "arnPattern": "arn:${Partition}:s3tables:${Region}:${Account}:bucket/${TableBucketName}/table/${TableID}", + "conditionKeys": [ + "s3tables:namespace", + "s3tables:tableName" + ] + } + ], + "conditionKeys": [ + { + "name": "s3tables:namespace", + "referenceHref": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-tables-setting-up.htmls3-tables-setting-up.html", + "description": "Filters access by the namespaces created in the table bucket", + "type": "String" + }, + { + "name": "s3tables:tableName", + "referenceHref": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-tables-setting-up.htmls3-tables-setting-up.html", + "description": "Filters access by the name of the tables in the table bucket", + "type": "String" + } + ] + }, { "name": "Amazon SageMaker", "servicePrefix": "sagemaker", @@ -279431,6 +283774,12 @@ "conditionKeys": [], "dependentActions": [] }, + { + "resourceType": "cluster-scheduler-config", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, { "resourceType": "code-repository", "required": false, @@ -279443,6 +283792,12 @@ "conditionKeys": [], "dependentActions": [] }, + { + "resourceType": "compute-quota", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, { "resourceType": "context", "required": false, @@ -279665,6 +284020,12 @@ "conditionKeys": [], "dependentActions": [] }, + { + "resourceType": "reserved-capacity", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, { "resourceType": "space", "required": false, @@ -279683,6 +284044,12 @@ "conditionKeys": [], "dependentActions": [] }, + { + "resourceType": "training-plan", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, { "resourceType": "transform-job", "required": false, @@ -279824,6 +284191,22 @@ ], "conditionKeys": [] }, + { + "name": "CallPartnerAppApi", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/sagemaker/latest/dg/partner-apps-onboard.html", + "description": "Grants permission for Partner App SDK to access the Partner App for reading or writing data use cases", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "partner-app", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "CreateAction", "permissionOnly": false, @@ -280009,6 +284392,49 @@ "iam:PassRole", "sagemaker:AddTags" ] + }, + { + "resourceType": "reserved-capacity", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, + { + "resourceType": "training-plan", + "required": false, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ] + }, + { + "name": "CreateClusterSchedulerConfig", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateClusterSchedulerConfig.html", + "description": "Grants permission to create a cluster scheduler config", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "cluster", + "required": true, + "conditionKeys": [], + "dependentActions": [ + "eks:AssociateAccessPolicy", + "eks:DescribeCluster", + "eks:ListAssociatedAccessPolicies", + "sagemaker:AddTags", + "sagemaker:DescribeCluster" + ] + }, + { + "resourceType": "cluster-scheduler-config", + "required": true, + "conditionKeys": [], + "dependentActions": [] } ], "conditionKeys": [ @@ -280059,6 +284485,37 @@ "aws:TagKeys" ] }, + { + "name": "CreateComputeQuota", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateComputeQuota.html", + "description": "Grants permission to create a compute quota", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "cluster", + "required": true, + "conditionKeys": [], + "dependentActions": [ + "eks:AssociateAccessPolicy", + "eks:DescribeCluster", + "eks:ListAssociatedAccessPolicies", + "sagemaker:AddTags", + "sagemaker:DescribeCluster" + ] + }, + { + "resourceType": "compute-quota", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ] + }, { "name": "CreateContext", "permissionOnly": false, @@ -281088,6 +285545,27 @@ "aws:TagKeys" ] }, + { + "name": "CreateReservedCapacity", + "permissionOnly": true, + "referenceHref": "https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateReservedCapacity.html", + "description": "Grants permission to create a reserved capacity", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "reserved-capacity", + "required": true, + "conditionKeys": [], + "dependentActions": [ + "sagemaker:AddTags" + ] + } + ], + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ] + }, { "name": "CreateSharedModel", "permissionOnly": true, @@ -281166,6 +285644,18 @@ "iam:PassRole", "sagemaker:AddTags" ] + }, + { + "resourceType": "reserved-capacity", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, + { + "resourceType": "training-plan", + "required": false, + "conditionKeys": [], + "dependentActions": [] } ], "conditionKeys": [ @@ -281187,6 +285677,28 @@ "sagemaker:EnableRemoteDebug" ] }, + { + "name": "CreateTrainingPlan", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateTrainingPlan.html", + "description": "Grants permission to create a training plan that allocates resources for scheduling workloads within a specified time range", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "training-plan", + "required": true, + "conditionKeys": [], + "dependentActions": [ + "sagemaker:AddTags", + "sagemaker:CreateReservedCapacity" + ] + } + ], + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ] + }, { "name": "CreateTransformJob", "permissionOnly": false, @@ -281470,6 +285982,22 @@ ], "conditionKeys": [] }, + { + "name": "DeleteClusterSchedulerConfig", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteClusterSchedulerConfig.html", + "description": "Grants permission to delete a cluster scheduler config", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "cluster-scheduler-config", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "DeleteCodeRepository", "permissionOnly": false, @@ -281502,6 +286030,22 @@ ], "conditionKeys": [] }, + { + "name": "DeleteComputeQuota", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteComputeQuota.html", + "description": "Grants permission to delete a compute quota", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "compute-quota", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "DeleteContext", "permissionOnly": false, @@ -282226,6 +286770,12 @@ "conditionKeys": [], "dependentActions": [] }, + { + "resourceType": "cluster-scheduler-config", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, { "resourceType": "code-repository", "required": false, @@ -282238,6 +286788,12 @@ "conditionKeys": [], "dependentActions": [] }, + { + "resourceType": "compute-quota", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, { "resourceType": "context", "required": false, @@ -282460,6 +287016,12 @@ "conditionKeys": [], "dependentActions": [] }, + { + "resourceType": "reserved-capacity", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, { "resourceType": "space", "required": false, @@ -282478,6 +287040,12 @@ "conditionKeys": [], "dependentActions": [] }, + { + "resourceType": "training-plan", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, { "resourceType": "transform-job", "required": false, @@ -282763,6 +287331,22 @@ ], "conditionKeys": [] }, + { + "name": "DescribeClusterSchedulerConfig", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeClusterSchedulerConfig.html", + "description": "Grants permission to get information about a cluster scheduler config", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "cluster-scheduler-config", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "DescribeCodeRepository", "permissionOnly": false, @@ -282795,6 +287379,22 @@ ], "conditionKeys": [] }, + { + "name": "DescribeComputeQuota", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeComputeQuota.html", + "description": "Grants permission to get information about a compute quota", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "compute-quota", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "DescribeContext", "permissionOnly": false, @@ -283578,6 +288178,22 @@ ], "conditionKeys": [] }, + { + "name": "DescribeTrainingPlan", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeTrainingPlan.html", + "description": "Grants permission to return information about a specified training plan", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "training-plan", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "DescribeTransformJob", "permissionOnly": false, @@ -284051,6 +288667,15 @@ ], "conditionKeys": [] }, + { + "name": "ListClusterSchedulerConfigs", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListClusterSchedulerConfigs.html", + "description": "Grants permission to list cluster scheduler configs", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [] + }, { "name": "ListClusters", "permissionOnly": false, @@ -284078,6 +288703,15 @@ "resourceTypes": [], "conditionKeys": [] }, + { + "name": "ListComputeQuotas", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListComputeQuotas.html", + "description": "Grants permission to list compute quotas", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [] + }, { "name": "ListContexts", "permissionOnly": false, @@ -284750,6 +289384,12 @@ "conditionKeys": [], "dependentActions": [] }, + { + "resourceType": "cluster-scheduler-config", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, { "resourceType": "code-repository", "required": false, @@ -284762,6 +289402,12 @@ "conditionKeys": [], "dependentActions": [] }, + { + "resourceType": "compute-quota", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, { "resourceType": "context", "required": false, @@ -284984,6 +289630,12 @@ "conditionKeys": [], "dependentActions": [] }, + { + "resourceType": "reserved-capacity", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, { "resourceType": "space", "required": false, @@ -285002,6 +289654,12 @@ "conditionKeys": [], "dependentActions": [] }, + { + "resourceType": "training-plan", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, { "resourceType": "transform-job", "required": false, @@ -285048,6 +289706,15 @@ ], "conditionKeys": [] }, + { + "name": "ListTrainingPlans", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListTrainingPlans.html", + "description": "Grants permission to list all the training plans that have been created in a specified account", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [] + }, { "name": "ListTransformJobs", "permissionOnly": false, @@ -285216,6 +289883,15 @@ "sagemaker:SearchVisibilityCondition/${FilterKey}" ] }, + { + "name": "SearchTrainingPlanOfferings", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_SearchTrainingPlanOfferings.html", + "description": "Grants permissions to search for the available training plan offerings that best match specified capacity requirements", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [] + }, { "name": "SendHeartbeat", "permissionOnly": false, @@ -285732,6 +290408,34 @@ "iam:PassRole", "sagemaker:BatchDeleteClusterNodes" ] + }, + { + "resourceType": "reserved-capacity", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, + { + "resourceType": "training-plan", + "required": false, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "UpdateClusterSchedulerConfig", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateClusterSchedulerConfig.html", + "description": "Grants permission to update a cluster scheduler config", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "cluster-scheduler-config", + "required": true, + "conditionKeys": [], + "dependentActions": [] } ], "conditionKeys": [] @@ -285770,6 +290474,22 @@ ], "conditionKeys": [] }, + { + "name": "UpdateComputeQuota", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateComputeQuota.html", + "description": "Grants permission to update a compute quota", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "compute-quota", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "UpdateContext", "permissionOnly": false, @@ -286643,6 +291363,24 @@ "sagemaker:ResourceTag/${TagKey}" ] }, + { + "name": "training-plan", + "referenceHref": "https://docs.aws.amazon.com/sagemaker/latest/dg/reserve-capacity-with-training-plans.html", + "arnPattern": "arn:${Partition}:sagemaker:${Region}:${Account}:training-plan/${TrainingPlanName}", + "conditionKeys": [ + "aws:ResourceTag/${TagKey}", + "sagemaker:ResourceTag/${TagKey}" + ] + }, + { + "name": "reserved-capacity", + "referenceHref": "https://docs.aws.amazon.com/sagemaker/latest/dg/reserve-capacity-with-training-plans.html", + "arnPattern": "arn:${Partition}:sagemaker:${Region}:${Account}:reserved-capacity/${RandomString}", + "conditionKeys": [ + "aws:ResourceTag/${TagKey}", + "sagemaker:ResourceTag/${TagKey}" + ] + }, { "name": "project", "referenceHref": "https://docs.aws.amazon.com/sagemaker/latest/dg/sagemaker-projects-whatis.html", @@ -286925,6 +291663,24 @@ "sagemaker:ResourceTag/${TagKey}" ] }, + { + "name": "compute-quota", + "referenceHref": "https://docs.aws.amazon.com/sagemaker/latest/dg/sagemaker-hyperpod-eks-operate-console-ui-governance.html", + "arnPattern": "arn:${Partition}:sagemaker:${Region}:${Account}:compute-quota/${ComputeQuotaId}", + "conditionKeys": [ + "aws:ResourceTag/${TagKey}", + "sagemaker:ResourceTag/${TagKey}" + ] + }, + { + "name": "cluster-scheduler-config", + "referenceHref": "https://docs.aws.amazon.com/sagemaker/latest/dg/sagemaker-hyperpod-eks-operate-console-ui-governance.html", + "arnPattern": "arn:${Partition}:sagemaker:${Region}:${Account}:cluster-scheduler-config/${ClusterSchedulerConfigId}", + "conditionKeys": [ + "aws:ResourceTag/${TagKey}", + "sagemaker:ResourceTag/${TagKey}" + ] + }, { "name": "partner-app", "referenceHref": "https://docs.aws.amazon.com/sagemaker/latest/dg/partner-apps.html", @@ -287232,6 +291988,25 @@ } ] }, + { + "name": "Amazon SageMaker data science assistant", + "servicePrefix": "sagemaker-data-science-assistant", + "authReferenceHref": "https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonsagemakerdatascienceassistant.html", + "apiReferenceHref": "https://docs.aws.amazon.com/sagemaker-dsa/security-iam-service-with-iam.html", + "actions": [ + { + "name": "SendConversation", + "permissionOnly": true, + "referenceHref": "https://docs.aws.amazon.com/sagemaker-dsa/APIReference/", + "description": "Grants permission to start a conversation with SageMaker data science assistant", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [] + } + ], + "resourceTypes": [], + "conditionKeys": [] + }, { "name": "Amazon SageMaker geospatial capabilities", "servicePrefix": "sagemaker-geospatial", @@ -290885,6 +295660,412 @@ } ] }, + { + "name": "AWS Security Incident Response", + "servicePrefix": "security-ir", + "authReferenceHref": "https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecurityincidentresponse.html", + "apiReferenceHref": "https://docs.aws.amazon.com/security-ir/latest/APIReference/", + "actions": [ + { + "name": "BatchGetMemberAccountDetails", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/security-ir/latest/APIReference/API_BatchGetMemberAccountDetails.html", + "description": "Grants permission to get member account details in batch", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "membership", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "CancelMembership", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/security-ir/latest/APIReference/API_CancelMembership.html", + "description": "Grants permission to cancel a membership", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "membership", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "CloseCase", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/security-ir/latest/APIReference/API_CloseCase.html", + "description": "Grants permission to close a case", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "case", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "CreateCase", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/security-ir/latest/APIReference/API_CreateCase.html", + "description": "Grants permission to create a case", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ] + }, + { + "name": "CreateCaseComment", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/security-ir/latest/APIReference/API_CreateCaseComment.html", + "description": "Grants permission to create a case comment", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "case", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "CreateMembership", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/security-ir/latest/APIReference/API_CreateMembership.html", + "description": "Grants permission to create a membership", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ] + }, + { + "name": "GetCase", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/security-ir/latest/APIReference/API_GetCase.html", + "description": "Grants permission to get a case", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "case", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "GetCaseAttachmentDownloadUrl", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/security-ir/latest/APIReference/API_GetCaseAttachmentDownloadUrl.html", + "description": "Grants permission to get a case attachment download URL", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "case", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "GetCaseAttachmentUploadUrl", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/security-ir/latest/APIReference/API_GetCaseAttachmentUploadUrl.html", + "description": "Grants permission to get a case attachment upload URL", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "case", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "GetMembership", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/security-ir/latest/APIReference/API_GetMembership.html", + "description": "Grants permission to get a membership", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "membership", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "ListCaseEdits", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/security-ir/latest/APIReference/API_ListCaseEdits.html", + "description": "Grants permission to list case edits", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "case", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "ListCases", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/security-ir/latest/APIReference/API_ListCases.html", + "description": "Grants permission to list cases", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [] + }, + { + "name": "ListComments", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/security-ir/latest/APIReference/API_ListComments.html", + "description": "Grants permission to list case comments", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "case", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "ListMemberships", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/security-ir/latest/APIReference/API_ListMemberships.html", + "description": "Grants permission to list memberships", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [] + }, + { + "name": "ListTagsForResource", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/security-ir/latest/APIReference/API_ListTagsForResource.html", + "description": "Grants permission to list the tags attached to the specified resource", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "case", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, + { + "resourceType": "membership", + "required": false, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + { + "name": "TagResource", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/security-ir/latest/APIReference/API_TagResource.html", + "description": "Grants permission to add tags to the specified resource", + "accessLevel": "Tagging", + "resourceTypes": [ + { + "resourceType": "case", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, + { + "resourceType": "membership", + "required": false, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + { + "name": "UntagResource", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/security-ir/latest/APIReference/API_UntagResource.html", + "description": "Grants permission to remove tags from the specified resource", + "accessLevel": "Tagging", + "resourceTypes": [ + { + "resourceType": "case", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, + { + "resourceType": "membership", + "required": false, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + { + "name": "UpdateCase", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/security-ir/latest/APIReference/API_UpdateCase.html", + "description": "Grants permission to update a case", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "case", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "UpdateCaseComment", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/security-ir/latest/APIReference/API_UpdateCaseComment.html", + "description": "Grants permission to update a case comment", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "case", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "UpdateCaseStatus", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/security-ir/latest/APIReference/API_UpdateCaseStatus.html", + "description": "Grants permission to update a case status", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "case", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "UpdateMembership", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/security-ir/latest/APIReference/API_UpdateMembership.html", + "description": "Grants permission to update memberships", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "membership", + "required": true, + "conditionKeys": [], + "dependentActions": [ + "iam:CreateServiceLinkedRole" + ] + } + ], + "conditionKeys": [] + }, + { + "name": "UpdateResolverType", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/security-ir/latest/APIReference/API_UpdateResolverType.html", + "description": "Grants permission to update case resolver type", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "case", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + } + ], + "resourceTypes": [ + { + "name": "case", + "referenceHref": "https://docs.aws.amazon.com/security-ir/latest/userguide/case.html", + "arnPattern": "arn:${Partition}:security-ir:${Region}:${Account}:case/${CaseId}", + "conditionKeys": [ + "aws:ResourceTag/${TagKey}" + ] + }, + { + "name": "membership", + "referenceHref": "https://docs.aws.amazon.com/security-ir/latest/userguide/select-a-membership-account.html", + "arnPattern": "arn:${Partition}:security-ir:${Region}:${Account}:membership/${MembershipId}", + "conditionKeys": [ + "aws:ResourceTag/${TagKey}" + ] + } + ], + "conditionKeys": [ + { + "name": "aws:RequestTag/${TagKey}", + "referenceHref": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag", + "description": "Filters access by the tags that are passed in the request", + "type": "String" + }, + { + "name": "aws:ResourceTag/${TagKey}", + "referenceHref": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag", + "description": "Filters access by the tags associated with the resource", + "type": "String" + }, + { + "name": "aws:TagKeys", + "referenceHref": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + } + ] + }, { "name": "Amazon Security Lake", "servicePrefix": "securitylake", @@ -315042,6 +320223,18 @@ "aws:RequestTag/${TagKey}" ] }, + { + "name": "CreateWebApp", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/transfer/latest/userguide/API_CreateWebApp.html", + "description": "Grants permission to create a webapp", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ] + }, { "name": "CreateWorkflow", "permissionOnly": false, @@ -315198,6 +320391,38 @@ ], "conditionKeys": [] }, + { + "name": "DeleteWebApp", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/transfer/latest/userguide/API_DeleteWebApp.html", + "description": "Grants permission to delete webapp", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "webapp", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "DeleteWebAppCustomization", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/transfer/latest/userguide/API_DeleteWebAppCustomization.html", + "description": "Grants permission to delete webapp customization", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "webapp", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "DeleteWorkflow", "permissionOnly": false, @@ -315367,6 +320592,38 @@ ], "conditionKeys": [] }, + { + "name": "DescribeWebApp", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/transfer/latest/userguide/API_DescribeWebApp.html", + "description": "Grants permission to describe a webapp", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "webapp", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, + { + "name": "DescribeWebAppCustomization", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/transfer/latest/userguide/API_DescribeWebAppCustomization.html", + "description": "Grants permission to describe a webapp customization", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "webapp", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [] + }, { "name": "DescribeWorkflow", "permissionOnly": false, @@ -315629,6 +320886,15 @@ ], "conditionKeys": [] }, + { + "name": "ListWebApps", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/transfer/latest/userguide/API_ListWebApps.html", + "description": "Grants permission to list webapps", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [] + }, { "name": "ListWorkflows", "permissionOnly": false, @@ -315767,6 +321033,12 @@ "conditionKeys": [], "dependentActions": [] }, + { + "resourceType": "webapp", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, { "resourceType": "workflow", "required": false, @@ -315860,6 +321132,12 @@ "conditionKeys": [], "dependentActions": [] }, + { + "resourceType": "webapp", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, { "resourceType": "workflow", "required": false, @@ -315999,6 +321277,42 @@ } ], "conditionKeys": [] + }, + { + "name": "UpdateWebApp", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/transfer/latest/userguide/API_UpdateWebApp.html", + "description": "Grants permission to update the configuration of a webapp", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "webapp", + "required": true, + "conditionKeys": [], + "dependentActions": [ + "iam:PassRole" + ] + } + ], + "conditionKeys": [] + }, + { + "name": "UpdateWebAppCustomization", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/transfer/latest/userguide/API_UpdateWebAppCustomization.html", + "description": "Grants permission to update the configuration of a webapp cutomization", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "webapp", + "required": true, + "conditionKeys": [], + "dependentActions": [ + "iam:PassRole" + ] + } + ], + "conditionKeys": [] } ], "resourceTypes": [ @@ -316065,6 +321379,14 @@ "conditionKeys": [ "aws:ResourceTag/${TagKey}" ] + }, + { + "name": "webapp", + "referenceHref": "https://docs.aws.amazon.com/transfer/latest/userguide/web-app.html", + "arnPattern": "arn:${Partition}:transfer:${Region}:${Account}:webapp/${WebAppId}", + "conditionKeys": [ + "aws:ResourceTag/${TagKey}" + ] } ], "conditionKeys": [ @@ -317934,6 +323256,15 @@ "authReferenceHref": "https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonvpclattice.html", "apiReferenceHref": "https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/", "actions": [ + { + "name": "AssociateViaAWSService-EventsAndStates", + "permissionOnly": true, + "referenceHref": "service-network-associations.html#service-network-resource-configuration", + "description": "Grants permission to associate a resource configuration through Amazon EventBridge and AWS Step Functions service networks", + "accessLevel": "Permissions management", + "resourceTypes": [], + "conditionKeys": [] + }, { "name": "CreateAccessLogSubscription", "permissionOnly": false, @@ -317949,11 +323280,29 @@ "logs:CreateLogDelivery", "logs:GetLogDelivery" ] + }, + { + "resourceType": "ResourceConfiguration", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, + { + "resourceType": "Service", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, + { + "resourceType": "ServiceNetwork", + "required": false, + "conditionKeys": [], + "dependentActions": [] } ], "conditionKeys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ] }, { @@ -317971,10 +323320,59 @@ } ], "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", "vpc-lattice:Protocol", - "vpc-lattice:TargetGroupArns", + "vpc-lattice:TargetGroupArns" + ] + }, + { + "name": "CreateResourceConfiguration", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_CreateResourceConfiguration.html", + "description": "Grants permission to create a resource configuration", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "ResourceConfiguration", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, + { + "resourceType": "ResourceGateway", + "required": false, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ] + }, + { + "name": "CreateResourceGateway", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_CreateResourceGateway.html", + "description": "Grants permission to create a resource gateway", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "ResourceGateway", + "required": true, + "conditionKeys": [], + "dependentActions": [ + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs" + ] + } + ], + "conditionKeys": [ + "aws:RequestTag/${TagKey}", "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "vpc-lattice:VpcId" ] }, { @@ -317992,9 +323390,9 @@ } ], "conditionKeys": [ - "vpc-lattice:TargetGroupArns", + "aws:RequestTag/${TagKey}", "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "vpc-lattice:TargetGroupArns" ] }, { @@ -318014,9 +323412,9 @@ } ], "conditionKeys": [ - "vpc-lattice:AuthType", + "aws:RequestTag/${TagKey}", "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "vpc-lattice:AuthType" ] }, { @@ -318036,9 +323434,42 @@ } ], "conditionKeys": [ - "vpc-lattice:AuthType", + "aws:RequestTag/${TagKey}", "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "vpc-lattice:AuthType" + ] + }, + { + "name": "CreateServiceNetworkResourceAssociation", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_CreateServiceNetworkResourceAssociation.html", + "description": "Grants permission to create an association between a service network and a resource", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "ResourceConfiguration", + "required": true, + "conditionKeys": [], + "dependentActions": [] + }, + { + "resourceType": "ServiceNetwork", + "required": true, + "conditionKeys": [], + "dependentActions": [] + }, + { + "resourceType": "ServiceNetworkResourceAssociation", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "vpc-lattice:ResourceConfigurationArn", + "vpc-lattice:ServiceNetworkArn" ] }, { @@ -318068,10 +323499,10 @@ } ], "conditionKeys": [ - "vpc-lattice:ServiceNetworkArn", - "vpc-lattice:ServiceArn", + "aws:RequestTag/${TagKey}", "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "vpc-lattice:ServiceArn", + "vpc-lattice:ServiceNetworkArn" ] }, { @@ -318097,13 +323528,22 @@ } ], "conditionKeys": [ - "vpc-lattice:VpcId", - "vpc-lattice:ServiceNetworkArn", - "vpc-lattice:SecurityGroupIds", + "aws:RequestTag/${TagKey}", "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "vpc-lattice:SecurityGroupIds", + "vpc-lattice:ServiceNetworkArn", + "vpc-lattice:VpcId" ] }, + { + "name": "CreateServiceNetworkVpcEndpointAssociation", + "permissionOnly": true, + "referenceHref": "service-network-associations.html#service-network-vpc-endpoint", + "description": "Grants permission to create an association between a service network and VPC endpoint", + "accessLevel": "Permissions management", + "resourceTypes": [], + "conditionKeys": [] + }, { "name": "CreateTargetGroup", "permissionOnly": false, @@ -318121,9 +323561,9 @@ } ], "conditionKeys": [ - "vpc-lattice:VpcId", + "aws:RequestTag/${TagKey}", "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "vpc-lattice:VpcId" ] }, { @@ -318187,6 +323627,60 @@ "aws:ResourceTag/${TagKey}" ] }, + { + "name": "DeleteResourceConfiguration", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_DeleteResourceConfiguration.html", + "description": "Grants permission to delete a resource configuration", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "ResourceConfiguration", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "aws:ResourceTag/${TagKey}" + ] + }, + { + "name": "DeleteResourceEndpointAssociation", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_DeleteResourceEndpointAssociation.html", + "description": "Grants permission to delete a resource endpoint association", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "ResourceEndpointAssociation", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "aws:ResourceTag/${TagKey}" + ] + }, + { + "name": "DeleteResourceGateway", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_DeleteResourceGateway.html", + "description": "Grants permission to delete a resource gateway", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "ResourceGateway", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "aws:ResourceTag/${TagKey}" + ] + }, { "name": "DeleteResourcePolicy", "permissionOnly": false, @@ -318194,6 +323688,12 @@ "description": "Grants permission to delete a resource policy", "accessLevel": "Write", "resourceTypes": [ + { + "resourceType": "ResourceConfiguration", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, { "resourceType": "Service", "required": false, @@ -318263,6 +323763,24 @@ "aws:ResourceTag/${TagKey}" ] }, + { + "name": "DeleteServiceNetworkResourceAssociation", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_DeleteServiceNetworkResourceAssociation.html", + "description": "Grants permission to delete the association between a service network and resource", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "ServiceNetworkResourceAssociation", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "aws:ResourceTag/${TagKey}" + ] + }, { "name": "DeleteServiceNetworkServiceAssociation", "permissionOnly": false, @@ -318278,9 +323796,9 @@ } ], "conditionKeys": [ - "vpc-lattice:ServiceNetworkArn", + "aws:ResourceTag/${TagKey}", "vpc-lattice:ServiceArn", - "aws:ResourceTag/${TagKey}" + "vpc-lattice:ServiceNetworkArn" ] }, { @@ -318298,9 +323816,9 @@ } ], "conditionKeys": [ - "vpc-lattice:VpcId", + "aws:ResourceTag/${TagKey}", "vpc-lattice:ServiceNetworkArn", - "aws:ResourceTag/${TagKey}" + "vpc-lattice:VpcId" ] }, { @@ -318397,6 +323915,42 @@ "aws:ResourceTag/${TagKey}" ] }, + { + "name": "GetResourceConfiguration", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_GetResourceConfiguration.html", + "description": "Grants permission to get information about a resource configuration", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "ResourceConfiguration", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "aws:ResourceTag/${TagKey}" + ] + }, + { + "name": "GetResourceGateway", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_GetResourceGateway.html", + "description": "Grants permission to get information about a resource gateway", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "ResourceGateway", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "aws:ResourceTag/${TagKey}" + ] + }, { "name": "GetResourcePolicy", "permissionOnly": false, @@ -318404,6 +323958,12 @@ "description": "Grants permission to get information about a resource policy", "accessLevel": "Read", "resourceTypes": [ + { + "resourceType": "ResourceConfiguration", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, { "resourceType": "Service", "required": false, @@ -318473,6 +324033,24 @@ "aws:ResourceTag/${TagKey}" ] }, + { + "name": "GetServiceNetworkResourceAssociation", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_GetServiceNetworkResourceAssociation.html", + "description": "Grants permission to get information about an association between a service network and resource configuration", + "accessLevel": "Read", + "resourceTypes": [ + { + "resourceType": "ServiceNetworkResourceAssociation", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "aws:ResourceTag/${TagKey}" + ] + }, { "name": "GetServiceNetworkServiceAssociation", "permissionOnly": false, @@ -318488,9 +324066,9 @@ } ], "conditionKeys": [ - "vpc-lattice:ServiceNetworkArn", + "aws:ResourceTag/${TagKey}", "vpc-lattice:ServiceArn", - "aws:ResourceTag/${TagKey}" + "vpc-lattice:ServiceNetworkArn" ] }, { @@ -318508,9 +324086,9 @@ } ], "conditionKeys": [ - "vpc-lattice:VpcId", + "aws:ResourceTag/${TagKey}", "vpc-lattice:ServiceNetworkArn", - "aws:ResourceTag/${TagKey}" + "vpc-lattice:VpcId" ] }, { @@ -318549,6 +324127,36 @@ "resourceTypes": [], "conditionKeys": [] }, + { + "name": "ListResourceConfigurations", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_ListResourceConfigurations.html", + "description": "Grants permission to list some or all resource configurations", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [] + }, + { + "name": "ListResourceEndpointAssociations", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_ListResourceEndpointAssociations.html", + "description": "Grants permission to list some or all associations between a resource configuration and VPC endpoint", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [ + "vpc-lattice:ResourceConfigurationArn", + "vpc-lattice:VpcEndpointId" + ] + }, + { + "name": "ListResourceGateways", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_ListResourceGateways.html", + "description": "Grants permission to list some or all resource gateways", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [] + }, { "name": "ListRules", "permissionOnly": false, @@ -318558,6 +324166,15 @@ "resourceTypes": [], "conditionKeys": [] }, + { + "name": "ListServiceNetworkResourceAssociations", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_ListServiceNetworkResourceAssociations.html", + "description": "Grants permission to list some or all associations between a service network and resource configuration", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [] + }, { "name": "ListServiceNetworkServiceAssociations", "permissionOnly": false, @@ -318566,8 +324183,8 @@ "accessLevel": "List", "resourceTypes": [], "conditionKeys": [ - "vpc-lattice:ServiceNetworkArn", - "vpc-lattice:ServiceArn" + "vpc-lattice:ServiceArn", + "vpc-lattice:ServiceNetworkArn" ] }, { @@ -318578,10 +324195,19 @@ "accessLevel": "List", "resourceTypes": [], "conditionKeys": [ - "vpc-lattice:VpcId", - "vpc-lattice:ServiceNetworkArn" + "vpc-lattice:ServiceNetworkArn", + "vpc-lattice:VpcId" ] }, + { + "name": "ListServiceNetworkVpcEndpointAssociations", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_ListServiceNetworkVpcEndpointAssociations.html", + "description": "Grants permission to list some or all associations between a service network and VPC endpoint", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [] + }, { "name": "ListServiceNetworks", "permissionOnly": false, @@ -318660,9 +324286,15 @@ "name": "PutResourcePolicy", "permissionOnly": false, "referenceHref": "https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_PutResourcePolicy.html", - "description": "Grants permission to create a resource policy for a service network or a service", + "description": "Grants permission to create a resource policy for a resource configuration, service, or service network", "accessLevel": "Write", "resourceTypes": [ + { + "resourceType": "ResourceConfiguration", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, { "resourceType": "Service", "required": false, @@ -318713,6 +324345,24 @@ "conditionKeys": [], "dependentActions": [] }, + { + "resourceType": "ResourceConfiguration", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, + { + "resourceType": "ResourceEndpointAssociation", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, + { + "resourceType": "ResourceGateway", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, { "resourceType": "Rule", "required": false, @@ -318731,6 +324381,12 @@ "conditionKeys": [], "dependentActions": [] }, + { + "resourceType": "ServiceNetworkResourceAssociation", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, { "resourceType": "ServiceNetworkServiceAssociation", "required": false, @@ -318751,9 +324407,9 @@ } ], "conditionKeys": [ - "aws:TagKeys", "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" ] }, { @@ -318775,6 +324431,24 @@ "conditionKeys": [], "dependentActions": [] }, + { + "resourceType": "ResourceConfiguration", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, + { + "resourceType": "ResourceEndpointAssociation", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, + { + "resourceType": "ResourceGateway", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, { "resourceType": "Rule", "required": false, @@ -318793,6 +324467,12 @@ "conditionKeys": [], "dependentActions": [] }, + { + "resourceType": "ServiceNetworkResourceAssociation", + "required": false, + "conditionKeys": [], + "dependentActions": [] + }, { "resourceType": "ServiceNetworkServiceAssociation", "required": false, @@ -318852,10 +324532,47 @@ } ], "conditionKeys": [ - "vpc-lattice:TargetGroupArns", + "aws:ResourceTag/${TagKey}", + "vpc-lattice:TargetGroupArns" + ] + }, + { + "name": "UpdateResourceConfiguration", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_UpdateResourceConfiguration.html", + "description": "Grants permission to update a resource configuration", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "ResourceConfiguration", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ "aws:ResourceTag/${TagKey}" ] }, + { + "name": "UpdateResourceGateway", + "permissionOnly": false, + "referenceHref": "https://docs.aws.amazon.com/vpc-lattice/latest/APIReference/API_UpdateResourceGateway.html", + "description": "Grants permission to update a resource gateway", + "accessLevel": "Write", + "resourceTypes": [ + { + "resourceType": "ResourceGateway", + "required": true, + "conditionKeys": [], + "dependentActions": [] + } + ], + "conditionKeys": [ + "aws:ResourceTag/${TagKey}", + "vpc-lattice:SecurityGroupIds" + ] + }, { "name": "UpdateRule", "permissionOnly": false, @@ -318871,8 +324588,8 @@ } ], "conditionKeys": [ - "vpc-lattice:TargetGroupArns", - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "vpc-lattice:TargetGroupArns" ] }, { @@ -318890,8 +324607,8 @@ } ], "conditionKeys": [ - "vpc-lattice:AuthType", - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "vpc-lattice:AuthType" ] }, { @@ -318909,8 +324626,8 @@ } ], "conditionKeys": [ - "vpc-lattice:AuthType", - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "vpc-lattice:AuthType" ] }, { @@ -318931,10 +324648,11 @@ } ], "conditionKeys": [ - "vpc-lattice:VpcId", - "vpc-lattice:ServiceNetworkArn", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", "vpc-lattice:SecurityGroupIds", - "aws:ResourceTag/${TagKey}" + "vpc-lattice:ServiceNetworkArn", + "vpc-lattice:VpcId" ] }, { @@ -318958,94 +324676,139 @@ ], "resourceTypes": [ { - "name": "ServiceNetwork", - "referenceHref": "https://docs.aws.amazon.com/vpc-lattice/latest/ug/service-networks.html", - "arnPattern": "arn:${Partition}:vpc-lattice:${Region}:${Account}:servicenetwork/${ServiceNetworkId}", + "name": "AccessLogSubscription", + "referenceHref": "https://docs.aws.amazon.com/vpc-lattice/latest/ug/monitoring-access-logs.html", + "arnPattern": "arn:${Partition}:vpc-lattice:${Region}:${Account}:accesslogsubscription/${AccessLogSubscriptionId}", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + { + "name": "Listener", + "referenceHref": "https://docs.aws.amazon.com/vpc-lattice/latest/ug/listeners.html", + "arnPattern": "arn:${Partition}:vpc-lattice:${Region}:${Account}:service/${ServiceId}/listener/${ListenerId}", "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", - "vpc-lattice:AuthType" + "vpc-lattice:Protocol", + "vpc-lattice:TargetGroupArns" ] }, { - "name": "Service", - "referenceHref": "https://docs.aws.amazon.com/vpc-lattice/latest/ug/services.html", - "arnPattern": "arn:${Partition}:vpc-lattice:${Region}:${Account}:service/${ServiceId}", + "name": "ResourceConfiguration", + "referenceHref": "https://docs.aws.amazon.com/vpc-lattice/latest/ug/resource-configurations.html", + "arnPattern": "arn:${Partition}:vpc-lattice:${Region}:${Account}:resourceconfiguration/${ResourceConfigurationId}", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + { + "name": "ResourceEndpointAssociation", + "referenceHref": "https://docs.aws.amazon.com/vpc-lattice/latest/ug/resource-endpoint-associations.html", + "arnPattern": "arn:${Partition}:vpc-lattice:${Region}:${Account}:resourceendpointassociation/${ResourceEndpointAssociationId}", "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", - "vpc-lattice:AuthType" + "vpc-lattice:ResourceConfigurationArn", + "vpc-lattice:VpcEndpointId" ] }, { - "name": "ServiceNetworkVpcAssociation", - "referenceHref": "https://docs.aws.amazon.com/vpc-lattice/latest/ug/service-network-associations.html#service-network-vpc-associations", - "arnPattern": "arn:${Partition}:vpc-lattice:${Region}:${Account}:servicenetworkvpcassociation/${ServiceNetworkVpcAssociationId}", + "name": "ResourceGateway", + "referenceHref": "https://docs.aws.amazon.com/vpc-lattice/latest/ug/resource-gateways.html", + "arnPattern": "arn:${Partition}:vpc-lattice:${Region}:${Account}:resourcegateway/${ResourceGatewayId}", "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", - "vpc-lattice:SecurityGroupIds", - "vpc-lattice:ServiceNetworkArn", "vpc-lattice:VpcId" ] }, { - "name": "ServiceNetworkServiceAssociation", - "referenceHref": "https://docs.aws.amazon.com/vpc-lattice/latest/ug/service-network-associations.html#service-network-service-associations", - "arnPattern": "arn:${Partition}:vpc-lattice:${Region}:${Account}:servicenetworkserviceassociation/${ServiceNetworkServiceAssociationId}", + "name": "Rule", + "referenceHref": "https://docs.aws.amazon.com/vpc-lattice/latest/ug/listeners.html#listener-rules", + "arnPattern": "arn:${Partition}:vpc-lattice:${Region}:${Account}:service/${ServiceId}/listener/${ListenerId}/rule/${RuleId}", "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", - "vpc-lattice:ServiceArn", - "vpc-lattice:ServiceNetworkArn" + "vpc-lattice:TargetGroupArns" ] }, { - "name": "TargetGroup", - "referenceHref": "https://docs.aws.amazon.com/vpc-lattice/latest/ug/target-groups.html", - "arnPattern": "arn:${Partition}:vpc-lattice:${Region}:${Account}:targetgroup/${TargetGroupId}", + "name": "Service", + "referenceHref": "https://docs.aws.amazon.com/vpc-lattice/latest/ug/services.html", + "arnPattern": "arn:${Partition}:vpc-lattice:${Region}:${Account}:service/${ServiceId}", "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", - "vpc-lattice:VpcId" + "vpc-lattice:AuthType" ] }, { - "name": "Listener", - "referenceHref": "https://docs.aws.amazon.com/vpc-lattice/latest/ug/listeners.html", - "arnPattern": "arn:${Partition}:vpc-lattice:${Region}:${Account}:service/${ServiceId}/listener/${ListenerId}", + "name": "ServiceNetwork", + "referenceHref": "https://docs.aws.amazon.com/vpc-lattice/latest/ug/service-networks.html", + "arnPattern": "arn:${Partition}:vpc-lattice:${Region}:${Account}:servicenetwork/${ServiceNetworkId}", "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", - "vpc-lattice:Protocol", - "vpc-lattice:TargetGroupArns" + "vpc-lattice:AuthType" ] }, { - "name": "Rule", - "referenceHref": "https://docs.aws.amazon.com/vpc-lattice/latest/ug/listeners.html#listener-rules", - "arnPattern": "arn:${Partition}:vpc-lattice:${Region}:${Account}:service/${ServiceId}/listener/${ListenerId}/rule/${RuleId}", + "name": "ServiceNetworkResourceAssociation", + "referenceHref": "https://docs.aws.amazon.com/vpc-lattice/latest/ug/service-network-associations.html#service-network-resource-configuration", + "arnPattern": "arn:${Partition}:vpc-lattice:${Region}:${Account}:servicenetworkresourceassociation/${ServiceNetworkResourceAssociationId}", "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", - "vpc-lattice:TargetGroupArns" + "vpc-lattice:ResourceConfigurationArn", + "vpc-lattice:ServiceNetworkArn" ] }, { - "name": "AccessLogSubscription", - "referenceHref": "https://docs.aws.amazon.com/vpc-lattice/latest/ug/monitoring-access-logs.html", - "arnPattern": "arn:${Partition}:vpc-lattice:${Region}:${Account}:accesslogsubscription/${AccessLogSubscriptionId}", + "name": "ServiceNetworkServiceAssociation", + "referenceHref": "https://docs.aws.amazon.com/vpc-lattice/latest/ug/service-network-associations.html#service-network-service-associations", + "arnPattern": "arn:${Partition}:vpc-lattice:${Region}:${Account}:servicenetworkserviceassociation/${ServiceNetworkServiceAssociationId}", "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "vpc-lattice:ServiceArn", + "vpc-lattice:ServiceNetworkArn" + ] + }, + { + "name": "ServiceNetworkVpcAssociation", + "referenceHref": "https://docs.aws.amazon.com/vpc-lattice/latest/ug/service-network-associations.html#service-network-vpc-associations", + "arnPattern": "arn:${Partition}:vpc-lattice:${Region}:${Account}:servicenetworkvpcassociation/${ServiceNetworkVpcAssociationId}", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "vpc-lattice:SecurityGroupIds", + "vpc-lattice:ServiceNetworkArn", + "vpc-lattice:VpcId" + ] + }, + { + "name": "TargetGroup", + "referenceHref": "https://docs.aws.amazon.com/vpc-lattice/latest/ug/target-groups.html", + "arnPattern": "arn:${Partition}:vpc-lattice:${Region}:${Account}:targetgroup/${TargetGroupId}", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "vpc-lattice:VpcId" ] } ], @@ -319080,6 +324843,12 @@ "description": "Filters access by the protocol specified in the request", "type": "String" }, + { + "name": "vpc-lattice:ResourceConfigurationArn", + "referenceHref": "https://docs.aws.amazon.com/vpc-lattice/latest/ug/", + "description": "Filters access by the ARN of a resource configuration", + "type": "ARN" + }, { "name": "vpc-lattice:SecurityGroupIds", "referenceHref": "https://docs.aws.amazon.com/vpc-lattice/latest/ug/", @@ -319104,6 +324873,12 @@ "description": "Filters access by the ARNs of target groups", "type": "ArrayOfARN" }, + { + "name": "vpc-lattice:VpcEndpointId", + "referenceHref": "https://docs.aws.amazon.com/vpc-lattice/latest/ug/", + "description": "Filters access by the ID of a VPC endpoint", + "type": "String" + }, { "name": "vpc-lattice:VpcId", "referenceHref": "https://docs.aws.amazon.com/vpc-lattice/latest/ug/",